Opportunities and Challenges in Deep Learning Adversarial Robustness: A Survey

Silva, Samuel Henrique; Najafirad, Peyman

doi:10.48550/arxiv.2007.00753

Cited by 17 publications

(22 citation statements)

References 71 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Theorem 4.1: Consider a multi-layer NN Ψ : R nx → R ny described by (2), with nonlinear activation function sector bounded as in (12). Consider the matrix inequality…”

Section: Multi-layer Neural Networkmentioning

confidence: 99%

“…Up till now, verification of NN has been primarily focused on adversarial robustness, and can be divided into exact and inexact approaches. Exact approaches calculate the NN output set without any approximation, whereas inexact methods seek to approximate the output set for computational tractability [12]. Moreover, deriving guarantees for nonlinear, large-scale, complex policies such as an NN is a significant technical challenge, and there have been increasing efforts towards this direction [14]- [16].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Learning Neural Networks under Input-Output Specifications

Abdeen¹,

Yin²,

Kekatos³

et al. 2022

Preprint

View full text Add to dashboard Cite

In this paper, we examine an important problem of learning neural networks that certifiably meet certain specifications on input-output behaviors. Our strategy is to find an inner approximation of the set of admissible policy parameters, which is convex in a transformed space. To this end, we address the key technical challenge of convexifying the verification condition for neural networks, which is derived by abstracting the nonlinear specifications and activation functions with quadratic constraints. In particular, we propose a reparametrization scheme of the original neural network based on loop transformation, which leads to a convex condition that can be enforced during learning. This theoretical construction is validated in an experiment that specifies reachable sets for different regions of inputs.

show abstract

“…Theorem 4.1: Consider a multi-layer NN Ψ : R nx → R ny described by (2), with nonlinear activation function sector bounded as in (12). Consider the matrix inequality…”

Section: Multi-layer Neural Networkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Learning Neural Networks under Input-Output Specifications

Abdeen¹,

Yin²,

Kekatos³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Defense on HAR presents several challenges. First, most existing AT methods seek to resist attacks by sampling the most aggressive adversarial sample [44], but ignore the overall distribution of adversarial samples. There are a few exceptions [14,66], but they are solely designed for static data and therefore assume a simple structure of the adversarial distribution.…”

Section: Introductionmentioning

confidence: 99%

Defending Black-box Skeleton-based Human Activity Classifiers

Wang¹,

Diao²,

Tan³

et al. 2022

Preprint

View full text Add to dashboard Cite

Deep learning has been regarded as the 'go to' solution for many tasks today, but its intrinsic vulnerability to malicious attacks has become a major concern. The vulnerability is affected by a variety of factors including models, tasks, data, and attackers. Consequently, methods such as Adversarial Training and Randomized Smoothing have been proposed to tackle the problem in a wide range of applications. In this paper, we investigate skeleton-based Human Activity Recognition, which is an important type of time-series data but under-explored in defense against attacks. Our method is featured by ( 1) a new Bayesian Energy-based formulation of robust discriminative classifiers, (2) a new parameterization of the adversarial sample manifold of actions, and (3) a new post-train Bayesian treatment on both the adversarial samples and the classifier. We name our framework Bayesian Energy-based Adversarial Training or BEAT. BEAT is straightforward but elegant, which turns vulnerable black-box classifiers into robust ones without sacrificing accuracy. It demonstrates surprising and universal effectiveness across a wide range of action classifiers and datasets, under various attacks.

show abstract

“…Two of the most common applications of deep learning models are: computer vision (CV), where the goal is to teach machines how to see and perceive things like humans do; Natural Language Processing (NLP) and Natural Language Understanding (NLU), where the goal is to analyze and comprehend large amounts of natural language data. These deep learning models have achieved tremendous success in image recognition [6], [7], [8], speech recognition [9], [10], [11], [12], [13], natural language processing and understanding [14], [15], [16], [17], [18], video analytics [19], [20], [21], [22], [23], cyber security [24], [25], [26], [27], [28], [29], [30]. The most common approach towards machine and/or deep learning is supervised learning, where large number of data samples, towards a particular application, are collected along with their respective labels and formed as a dataset.…”

Section: Introductionmentioning

confidence: 99%

Learning from Few Samples: A Survey

Bendre,

Marín,

Najafirad

2020

Preprint

Self Cite

View full text Add to dashboard Cite

Deep neural networks have been able to outperform humans in some cases like image recognition and image classification. However, with the emergence of various novel categories, the ability to continuously widen the learning capability of such networks from limited samples, still remains a challenge. Techniques like Meta-Learning and/or few-shot learning showed promising results, where they can learn or generalize to a novel category/task based on prior knowledge. In this paper, we perform a study of the existing few-shot meta-learning techniques in the computer vision domain based on their method and evaluation metrics. We provide a taxonomy for the techniques and categorize them as data-augmentation, embedding, optimization and semantics based learning for few-shot, one-shot and zero-shot settings. We then describe the seminal work done in each category and discuss their approach towards solving the predicament of learning from few samples. Lastly we provide a comparison of these techniques on the commonly used benchmark datasets: Omniglot, and MiniImagenet, along with a discussion towards the future direction of improving the performance of these techniques towards the final goal of outperforming humans.

show abstract

Opportunities and Challenges in Deep Learning Adversarial Robustness: A Survey

Cited by 17 publications

References 71 publications

Learning Neural Networks under Input-Output Specifications

Learning Neural Networks under Input-Output Specifications

Defending Black-box Skeleton-based Human Activity Classifiers

Learning from Few Samples: A Survey

Contact Info

Product

Resources

About