wasserstein adversarial examples via projected sinkhorn
play

Wasserstein Adversarial Examples via Projected Sinkhorn Iterations - PowerPoint PPT Presentation

Oct 27, 2022 •34 likes •154 views

Wasserstein Adversarial Examples via Projected Sinkhorn Iterations ICML 19 Eric Wong 1 Frank R. Schmidt 2 J. Zico Kolter 1 1 Carnegie Mellon University 2 Bosch Center for Artificial Intelligence Presented by Kaiwen Wu August 2019 Kaiwen Wu

  1. Wasserstein Adversarial Examples via Projected Sinkhorn Iterations ICML 19 Eric Wong 1 Frank R. Schmidt 2 J. Zico Kolter 1 1 Carnegie Mellon University 2 Bosch Center for Artificial Intelligence Presented by Kaiwen Wu August 2019 Kaiwen Wu Wasserstein Adversarial Examples August 2019 1 / 11

  2. Contribution Propose Wasserstein adversarial examples Develop an algorithm for Wasserstein projection Kaiwen Wu Wasserstein Adversarial Examples August 2019 2 / 11

  3. Wasserstein Distance for Images Transportation between pixels: View an image x ∈ R n as a histogram Euclidean distance between indices as the ground cost Normalize the image ⇒ balanced transport Kaiwen Wu Wasserstein Adversarial Examples August 2019 3 / 11

  4. Motivation Wasserstein distance offers a different geometry Wasserstein v.s. ℓ ∞ Kaiwen Wu Wasserstein Adversarial Examples August 2019 4 / 11

  5. Adversarial Example Generation ℓ ( x ′ , y ) max x ′ s . t . x ′ ∈ B ( x , ǫ ) Projected (normalized) gradient descent: � � x t +1 = Proj B ( x ,ǫ ) x t + arg max v ⊤ ∇ ℓ ( x t , y ) � v �≤ α ℓ 2 ball: { z : � z − x � 2 ≤ ǫ } ⇒ closed form ℓ ∞ ball: { z : � z − x � ∞ ≤ ǫ } ⇒ closed form Wasserstein ball: { z : W ( z , x ) ≤ ǫ } ⇒ ??? Kaiwen Wu Wasserstein Adversarial Examples August 2019 5 / 11

  6. Wasserstein Projection Projecting w in to B ( x , ǫ ), � w − z � 2 min 2 z s . t . W ( x , z ) ≤ ǫ Kaiwen Wu Wasserstein Adversarial Examples August 2019 6 / 11

  7. Wasserstein Projection Projecting w in to B ( x , ǫ ), � w − z � 2 min 2 z s . t . W ( x , z ) ≤ ǫ Equivalently, z , Π � w − z � 2 min 2 s . t . Π1 = x , Π ⊤ 1 = z � Π , C � ≤ ǫ Kaiwen Wu Wasserstein Adversarial Examples August 2019 6 / 11

  8. Acceleration: Entropic Regularization Add an entropic regularization on Π 1 2 + 1 2 � w − z � 2 � min Π ij log Π ij λ z , Π ij s . t . Π1 = x , Π ⊤ 1 = z � Π , C � ≤ ǫ Dual form α ∈ R n ,β ∈ R n ,ψ ∈ R + − 1 2 λ � β � 2 2 − ψǫ + α ⊤ x + β ⊤ w + max � − exp ( α i ) exp ( − ψ C ij − 1) exp ( β j ) ij Kaiwen Wu Wasserstein Adversarial Examples August 2019 7 / 11

  9. Solving the Dual α ∈ R n ,β ∈ R n ,ψ ∈ R + − 1 2 λ � β � 2 2 − ψǫ + α ⊤ x + β ⊤ w + max � − exp ( α i ) exp ( − ψ C ij − 1) exp ( β j ) ij Idea: block coordinate ascent on dual variables ⇒ a Sinkhorn-like algorithm Maximize α : ∂ g ∂α = 0, closed form solution Maximize β : ∂ g ∂β = 0, closed form solution (using Lambert function) Maximize ψ : Newton step ∂ 2 g /∂ψ 2 · ∂ g 1 ψ = ψ − t · ∂ψ Kaiwen Wu Wasserstein Adversarial Examples August 2019 8 / 11

  10. Kaiwen Wu Wasserstein Adversarial Examples August 2019 9 / 11

  11. Acceleration: Local Transport Plans K ψ ∈ R n × n , where ( K ψ ) ij = exp( − ψ C ij − 1) Multiple matrix-vector multiplications in each iteration, O ( n 2 ) Set C ij = ∞ ⇒ force Π ij = 0 ⇒ K ψ is sparse α ∈ R n ,β ∈ R n ,ψ ∈ R + − 1 2 λ � β � 2 2 − ψǫ + α ⊤ x + β ⊤ w + max ❅ � n n � � � ❅ − exp ( α i ) exp ( − ψ C ij − 1) exp ( β j ) � ❅ � i =1 j =1 ❅ � C ij < ∞ Only allow moving mass in k × k region Use convolutional filter to implement it Kaiwen Wu Wasserstein Adversarial Examples August 2019 10 / 11

  12. Experiment Wasserstein adversarial training v.s. ℓ ∞ robust training Kaiwen Wu Wasserstein Adversarial Examples August 2019 11 / 11

Recommend

Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work

Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work

Stronger and Faster Wasserstein Adversarial Attacks Kaiwen Wu kaiwen.wu@uwaterloo.ca Joint work with Allen Wang and Yaoliang Yu K.Wu, A.Wang and Y.Yu Wasserstein Adversarial Attacks July 29, 2020 1 / 18 Adversarial Examples Adversarial

1.04k views • 38 slides
Generative Adversarial Networks, Wasserstein Distance, and Adversarial Loss Zhiyu Min Alibaba

Generative Adversarial Networks, Wasserstein Distance, and Adversarial Loss Zhiyu Min Alibaba

Generative Adversarial Networks, Wasserstein Distance, and Adversarial Loss Zhiyu Min Alibaba AliMe X-Lab Outline GAN Definition and formulation Saddle point optimization Vanishing gradient Alternative objective for Generator

516 views • 25 slides
Bregman and Wasserstein, with Applications to Generative Adversarial Networks (GANs) and beyond

Bregman and Wasserstein, with Applications to Generative Adversarial Networks (GANs) and beyond

Bregman Divergence Function Generative Adversarial Networks (GANs) Wasserstein Divergence and GANs Relaxed Wasserstein Empirical Results Conclusions Bregman and Wasserstein, with Applications to Generative Adversarial Networks (GANs) and

1.62k views • 148 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Standard Adversarial Examples Given image x ; target class y Maximize with projected gradient descent: Standard Adversarial Examples Standard

560 views • 15 slides
Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML models that an attacker has intentionally designed to cause the model to make a mistake 1 Why this is interesting: Safety. Interpretability.

881 views • 22 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of California, San Diego Adversarial Examples Gibbon Panda Small perturbation to legitimate inputs causing misclassification Adversarial Examples Can

1.41k views • 42 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy* Colin Ra ff el Jacob Ian Buckman* Goodfellow *joint first author Adversarial Examples Adversarial Definitely Probably panda perturbation

607 views • 15 slides
Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Slides: http://tiny.cc/adversarial Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are Adversarial Examples? panda gibbon 57.7% confidence 99.3% confidence [Goodfellow et al, ICLR 2015 ]

1.56k views • 43 slides
? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

Todays Story: How I got my first Death Threat ? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr October 8 th 2019 Joint work with Pascal Dupr, Gili Rusak, Giancarlo Pellegrino and Dan Boneh The

415 views • 29 slides
Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &amp;

Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &amp;

Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &amp; Christian Szegedy Presented by - Kawin Ethayarajh and Abhishek Tiwari Introduction - adversarial examples : Inputs formed by applying small but

1.49k views • 103 slides
Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial examples? Standard ML setup: We have training data; try to do well on withheld testing data. Adversarial/robust ML setup: We have training

672 views • 27 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security Seminar, Stanford University, 2017-01-17 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

939 views • 44 slides
Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning Training Examples Hidden units / BICYCLE features CAR PEDESTRIA N Parameters Input ImageNet (Russakovsky et al 2015) Adversarial Examples: Images

369 views • 19 slides
On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac

On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac

On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac Fuentes 1 , Dalton Rosario 2 , Christopher Kiekintveld 1 1 Department of Computer Science, UTEP 2 US Army Research Laboratory Adversarial Examples on

460 views • 19 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest lecture for CS 294-131, UC Berkeley, 2016-10-05 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

660 views • 44 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Presentation at San Francisco AI Meetup, 2016-08-18 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

690 views • 32 slides
Adversarial Examples and Adversarial Training Innova&amp;ve Technology Leader program January 22

Adversarial Examples and Adversarial Training Innova&amp;ve Technology Leader program January 22

Adversarial Examples and Adversarial Training Innova&amp;ve Technology Leader program January 22 nd 2018 Florian Tramr Stanford Deep Learning is Super Smart! 2 Is it really? + . 007 = Im sure this Im certain this is a panda is

452 views • 12 slides
Transferable Adversarial Examples: Insights, A9acks &amp; Defenses June 12 th 2017 Florian

Transferable Adversarial Examples: Insights, A9acks &amp; Defenses June 12 th 2017 Florian

Transferable Adversarial Examples: Insights, A9acks &amp; Defenses June 12 th 2017 Florian Tramr Joint work with Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh &amp; Patrick McDaniel Adversarial Examples Threat Model: White-Box

480 views • 27 slides
Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of

Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of

Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of Computer Science The Czech Academy of Sciences Hora Informaticae 2016 Outline Introduction Works on adversarial examples Our work Genetic

855 views • 46 slides
The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop

The case for dynamic defenses against adversarial examples Ian Goodfellow SafeML ICLR Workshop 2019-05-06 New Orleans Based on https://arxiv.org/pdf/1903.06293.pdf Definition Adversarial examples are inputs to machine learning models that

411 views • 22 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Presentation at HORSE 2016 London, 2016-09-19 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013 Explaining

497 views • 22 slides
Towards Robust Detection of Adversarial Examples Tianyu Pang, Chao Du, Yinpeng Dong

Towards Robust Detection of Adversarial Examples Tianyu Pang, Chao Du, Yinpeng Dong

Towards Robust Detection of Adversarial Examples Tianyu Pang, Chao Du, Yinpeng Dong and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL NeurIPS | 2018 Adversarial Examples From

590 views • 10 slides

More recommend