Steven Van Vaerenbergh
Abstract: The recent push to adopt machine learning solutions in real-world settings gives rise to a major challenge: can we develop ML solutions that, instead of merely working “most of the time”, are truly reliable and robust? This tutorial will survey some of the key challenges in this context and then focus on the topic of adversarial robustness: the widespread vulnerability of state-of-the-art deep learning models to adversarial misclassification (aka adversarial examples). We will discuss the practical as well as theoretical aspects of this phenomenon, with an emphasis on recent verification-based approaches to establishing formal robustness guarantees. Our treatment will go beyond viewing adversarial robustness solely as a security question. In particular, we will touch on the role it plays as a regularizer and its relation to generalization.
Speakers: J. Zico Kolter and Aleksander Madry
Slides: https://media.neurips.cc/Conferences/NIPS2018/Slides/adversarial_ml_slides_parts_1_4.pdf
Source
https://adversarial-ml-tutorial.org/introduction/
Very nice, thank you for uploading!
What happens if you, instead of trying for a fixed delta, use a different delta randomly drawn at each step for optimization size? Maybe that would keep scores near 0 noise intact while still being reasonably robust, and possibly even robust against larger perturbations
This is amazing.
So what would happen if you, say, repeated the Deep Dreaming experiment with a robust network like that?
What I found particularly interesting about the Primate->Bird example is, that it didn't just draw in a bird anywhere into the picture. It mostly actually focused on painting out the Primate and only used that as its canvas to change stuff. The rest of the picture was relatively unaffected (as far as I could tell at least)