semantically equivalent adversarial rules for debugging
play

Semantically Equivalent Adversarial Rules for Debugging NLP Models - PowerPoint PPT Presentation

Nov 22, 2023 •31 likes •501 views

Semantically Equivalent Adversarial Rules for Debugging NLP Models Marco Tulio Ribeiro Carlos Guestrin Sameer Singh (UC Irvine) 1 NLP / ML models are getting smarter: VQA What type of road sign is shown? > STOP . Visual7A [Zhu et al

  1. Semantically Equivalent Adversarial Rules for Debugging NLP Models Marco Tulio Ribeiro Carlos Guestrin Sameer Singh (UC Irvine) 1

  2. NLP / ML models are getting smarter: VQA What type of road sign is shown? > STOP . Visual7A [Zhu et al 2016] 2

  3. NLP / ML models are getting smarter: MC (SQuAD) The biggest city on the river Rhine is How long is the Rhine? Cologne, Germany with a population of more than 1,050,000 people. 1230km It is the second-longest river in Central and Western Europe (after BiDAF [Seo et al 2017] the Danube), at about 1,230 km (760 mi) Question: are they prone to oversensitivity? 3

  4. Oversensitivity in images “panda” “gibbon” 57.7% confidence 99.3% confidence Adversaries are indistinguishable to humans… But unlikely in the real world (except for attacks) 4

  5. Adversarial examples Find closest example with different prediction 5

  6. What about text? What type of road sign is shown? > STOP . What type of road sign is What type of road sign is shown? sho wn? Perceptible by humans, unlikely in real world 6

  7. What about text? What type of road sign is shown? > STOP . What type of road sign is shown? A single word changes too much! 7

  8. Semantics matter What type of road sign is shown? > STOP . What type of road sign is shown? > Do not Enter. Bug, and likely in the real world 8

  9. Semantics matter How long is the Rhine? > 1230km The biggest city on the river Rhine is Cologne, Germany with a population of more than 1,050,000 people. It is the second-longest river in How long is the Rhine? Central and Western Europe (after the Danube), at about 1,230 km (760 mi) > More than 1,050,000 Not all changes are the same: semantics matter 9

  10. Adversarial Rules Find rule that generates many adversaries 10

  11. Generalizing adversaries What type of road sign is shown? > STOP . What type of road sign is shown? > Do not Enter. - flips 3.9% of examples Rule What NOUN Which NOUN 11

  12. Semantics matter What color is the sky? > Blue. What color is the sky? > Gray. - flips 3.9% of examples Rule What NOUN Which NOUN 12

  13. Semantics matter How long is the Rhine? > 1230km The biggest city on the river Rhine is Cologne, Germany with a population of more than 1,050,000 people. It is the second-longest river in Central and Western Europe (after How long is the Rhine? the Danube), at about 1,230 km (760 mi) > More than 1,050,000 - flips 3% of examples Rule ? ?? 13

  14. Semantics matter What is the oncorhynchus also called? > chum salmon Detailed investigation of chum salmon, Oncorhynchus keta, showed that these fish digest ctenophores 20 times as fast as an equal weight of shrimps. What is the oncorhynchus also called? > Oncorhynchus keta - flips 3% of examples Rule ? ?? 14

  15. Adversarial Rules Rules are global and actionable, more interesting than individual adversaries 15

  16. Semantically Equivalent Adversary (SEA) 16

  17. Ingredients Semantic score function A black box model Different Semantically prediction Equivalent 17

  18. Revisiting adversaries Find closest example with different prediction 18

  19. Semantic Similarity: Paraphrasing [Mallinson et al, 2017] Portuguese pt - en en - pt Bom filme! Translation Good movie! Sentence X fr - en en - fr French Bon film! Score Translation Translators Back translators Good movie Good film Great movie Language … Movie good model 0.35 0.34 comes for free 0.1 … 19 0.001

  20. Finding an adversary What color is the tray? Pink What colour is the tray? Green Which color is the tray? Green What color is it? Green What color is tray? Pink How color is the tray? Green 20

  21. Semantically Equivalent Adversarial Rules (SEARs) 21

  22. From SEAs to Rules Select Propose Small Find SEAs Candidate Rules Rule Set 22

  23. Proposing Candidate Rules What type of road What type of road sign is shown? sign is shown? Candidate Rules: Exact Match (What → Which) (What type → Which type) What Which type of road sign is shown? (What NOUN → Which NOUN) What Which is the person looking at? Context (WP type → Which type) What Which was I thinking? (WP NOUN → Which NOUN) … Must not change semantics POS Tags 23

  24. From SEAs to Rules Select Propose Small Find SEAs Candidate Rules Rule Set 24

  25. Semantically Equivalent Adversarial Rules (SEARS) High Adversary Count Non-Redundancy What type → Which type color → colour Selected Rules What NOUN → Which NOUN Induces many flipped predictions Flips different predictions 25

  26. Examples: VQA Visual7a-Telling [Zhu et al 2016] 26

  27. Examples: Machine Comprehension BiDAF [Seo et al 2017] 27

  28. Examples: Movie Review Sentiment Analysis FastText [Joulin et al 2016] 28

  29. Experiments 29

  30. 1. SEAs vs Humans 30

  31. Set up SEA (top 5) + Human Humans Top scored SEA Evaluate adversaries for semantic equivalence 31

  32. How often can SEAs be produced? Sentiment Analysis Visual Question Answering 45 60 46 SEAs + Humans better than Humans SEAs find equivalent adversaries as often as Humans 36 33.6 51.3 34.5 42.5 23 33 33.8 11.5 26 25.3 25 0 Human SEA Human + SEA Human SEA Human + SEA Human SEA Human + SEA Human SEA Human + SEA 32

  33. Humans produce different adversaries: Humans did not produce these: What kind of meat is on the boy’s plate? They are so easy to love… But they did produce these: How many suitcases? Also great directing and photography 33

  34. 2. SEARs vs Experts 34

  35. Part 1: experts come up with rules Objective: maximize mistakes with good rules 35

  36. Part 2: experts evaluate our SEARs Experts only accept good rules 36

  37. Results Time (minutes) % correct predictions flipped 20 16 14.2 16.9 15 12 10.9 12.9 10.1 10 8 5.4 5 4 3.3 3 0 0 Visual QA Sentiment Visual QA Sentiment Finding Rules Evaluating SEARs Experts SEARs 37

  38. 3. Fixing bugs 38

  39. Closing the loop (color → colour) (WP VBZ → WP’s) … Filter out bad rules Retrain model Data Augment training 39

  40. Results Fix bugs, no loss in accuracy 14 % of flips due to bugs 12.6 12.6 10.5 7 3.4 3.5 1.4 0 Visual QA Sentiment Original Augmented 40

  41. Conclusion SEARS SEA Semantics matter Models are prone to these bugs SEAs and SEARs help find and fix them 41

  42. Semantically Equivalent Adversarial Rules for Debugging NLP Models Marco Tulio Ribeiro Carlos Guestrin Sameer Singh (UC Irvine) 42

  43. Semantic scoring is still a research problem… Also: inaccurate for long texts 43

  44. Problem: not comparable across instances good movie good good Good movie great Good film excellent 1 1 Great movie … 0.97 0.29 … 0.29 0.07 … … 0.35 0.7 0.34 0.2 0.1 0.05 … … 44

  45. Examples: VQA 45

  46. Examples: Movie Review Sentiment Analysis FastText [Joulin et al 2016] 46

  47. 47

Recommend

Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically)

Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically)

Propositional Logic Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically) equivalent if A ( F ) = A ( G ) for every assignment A that is suitable for both F and G . We write F G to denote that F and G

276 views • 12 slides
Adversarial Connective-exploiting Networks for Implicit Discourse Relation Classification Lianhui

Adversarial Connective-exploiting Networks for Implicit Discourse Relation Classification Lianhui

Adversarial Connective-exploiting Networks for Implicit Discourse Relation Classification Lianhui Qin, Zhisong Zhang, Hai Zhao, Zhiting Hu , Eric P. Xing Shubham Jain Discourse Relations Connect linguistic units (like sentences) semantically

576 views • 19 slides
Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Chapter 15 Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and set values in memory Execute portions of program Stop execution when (and where) desired Want debugging tools to operate on

274 views • 9 slides
ASL-English Semantically Mismatched Code Blends An Analysis of Motivations for Nonequivalent

ASL-English Semantically Mismatched Code Blends An Analysis of Motivations for Nonequivalent

ASL-English Semantically Mismatched Code Blends ASL-English Semantically Mismatched Code Blends An Analysis of Motivations for Nonequivalent Blending Erika Shane; Ling 4780 The Ohio State University 30th November 2017 ASL-English Semantically

554 views • 30 slides
NLP William Wang Sameer Singh Slides: http://tiny.cc/adversarial With contributions from Jiwei

NLP William Wang Sameer Singh Slides: http://tiny.cc/adversarial With contributions from Jiwei

Deep Adversarial Learning for NLP William Wang Sameer Singh Slides: http://tiny.cc/adversarial With contributions from Jiwei Li. 1 Agenda Introduction, Background, and GANs (William, 90 mins) Adversarial Examples and Rules (Sameer, 75

903 views • 61 slides
Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Welcome to Advanced .NET Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production Challenges in debugging Production issues Production Environment Debugging Timeline Tools for .NET Debugging Review 3

622 views • 47 slides
Equivalent Circuits: Voltage R eq Thevenin Theorem Thevenin Equivalent Circuit

Equivalent Circuits: Voltage R eq Thevenin Theorem Thevenin Equivalent Circuit

2/19/20 Overview Review concepts of Equivalent Circuits: Voltage R eq Thevenin Theorem Thevenin Equivalent Circuit Equivalent V s -with-series-R Equivalent V-I-R behavior to an actual power supply or driving

134 views • 10 slides
Logic As a Query Language If-then logical rules have been used in many systems. Datalog

Logic As a Query Language If-then logical rules have been used in many systems. Datalog

Logic As a Query Language If-then logical rules have been used in many systems. Datalog Most important today: EII (Enterprise Information Integration). Nonrecursive rules are equivalent to the Logical Rules core relational algebra.

176 views • 15 slides
Visual Debugging Software What is Debugging Visualization Visualizing

Visual Debugging Software What is Debugging Visualization Visualizing

Visual Debugging Software What is Debugging Visualization Visualizing Program State Incremental interactive unfolding (DDD) Visual Memory Abstract representations (traversal-based) Debugging Focusing: memory

433 views • 5 slides
Debugging Techniques for C Programs Debugging Basics Will focus on the gcc/gdb combination.

Debugging Techniques for C Programs Debugging Basics Will focus on the gcc/gdb combination.

Debugging Techniques for C Programs Debugging Basics Will focus on the gcc/gdb combination. Will also talk about the ddd gui for gdb (lots of value added to gdb). First, debugging in the abstract: Program state is a snapshot

475 views • 20 slides
The 2014 Amendments to the Uniform Fraudulent Transfer Act: Preparing for the New Rules

The 2014 Amendments to the Uniform Fraudulent Transfer Act: Preparing for the New Rules

Presenting a live 90-minute webinar with interactive Q&A The 2014 Amendments to the Uniform Fraudulent Transfer Act: Preparing for the New Rules Navigating New Rules for Choice of Law, Burdens of Proof, Reasonably Equivalent Value and More

891 views • 70 slides
1 Greedy Sequential Covering Example Greedy Sequential Covering Example Y Y + + + + + +

1 Greedy Sequential Covering Example Greedy Sequential Covering Example Y Y + + + + + +

Learning Rules If-then rules in logic are a standard representation of knowledge that have proven useful in expert-systems and other AI systems CS 391L: Machine Learning: In propositional logic a set of rules for a concept is equivalent

396 views • 14 slides
Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs

Deep Adversarial Learning for NLP 9:00 10:30 Introduction and Adversarial Training, GANs William Wang 10:30 11:00 Break - 11:00 12:15 Adversarial Examples Sameer Singh 12:15 12:30 Conclusions and Question Answering William

1.75k views • 105 slides
1 Crashes, interrupts, and backtrace Watchpoints GDB will automatically stop if the program

1 Crashes, interrupts, and backtrace Watchpoints GDB will automatically stop if the program

Debugging and debuggers Debugging in the development cycle You have probably already had the experience of making Edit a mistake in a program Speaking roughly, debugging is the process: After you know that your code is wrong

911 views • 3 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
Coroutines Update Seva Tolstopyatov @qwwdfsad October 13, 2020 Coroutines debugging Coroutines

Coroutines Update Seva Tolstopyatov @qwwdfsad October 13, 2020 Coroutines debugging Coroutines

Kotlin 1.4 Online Event Coroutines Update Seva Tolstopyatov @qwwdfsad October 13, 2020 Coroutines debugging Coroutines debugging Coroutines debugging Coroutines debugging Coroutines debugging IDEA 2020.1 Coroutines debugging Debugging

737 views • 41 slides
Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

740 views • 9 slides
y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic

y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic

Lesson 5.2: Logarithmic Functions and Their Graphs If y = a x , then the inverse is x = a y An equivalent equation for x = a y is y = log a x y ( y log x x a ) a is equivalent to f(x) = log a x Logarithmic Function

120 views • 7 slides
Scalable Post-Mortem Debugging Abel Mathew CEO - Backtrace amathew@backtrace.io @nullisnt0

Scalable Post-Mortem Debugging Abel Mathew CEO - Backtrace amathew@backtrace.io @nullisnt0

Scalable Post-Mortem Debugging Abel Mathew CEO - Backtrace amathew@backtrace.io @nullisnt0 Debugging or Sleeping? Debugging Debugging: examining (program state, design, code, output) to identify and remove errors from software.

464 views • 31 slides
? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

Todays Story: How I got my first Death Threat ? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr October 8 th 2019 Joint work with Pascal Dupr, Gili Rusak, Giancarlo Pellegrino and Dan Boneh The

415 views • 29 slides
Advanced Production Debugging About Me Co-founder Takipi, JVM Production Debugging. Director,

Advanced Production Debugging About Me Co-founder Takipi, JVM Production Debugging. Director,

Advanced Production Debugging About Me Co-founder Takipi, JVM Production Debugging. Director, AutoCAD Web & Mobile. Software Architect at IAI Aerospace. Coding for the past 16 years - C++, Delphi, .NET, Java. Focus on real-time,

460 views • 35 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML models that an attacker has intentionally designed to cause the model to make a mistake 1 Why this is interesting: Safety. Interpretability.

881 views • 22 slides
Embedded Software TI2726-B 8. Debugging techniques Koen Langendoen Embedded Software Group

Embedded Software TI2726-B 8. Debugging techniques Koen Langendoen Embedded Software Group

Embedded Software TI2726-B 8. Debugging techniques Koen Langendoen Embedded Software Group Grace Hopper 1947 2 Overview Debugging techniques Debugging a distributed system Preparation for the exam Debugging Write good code!

733 views • 45 slides

More recommend