Adversarial attacks against neural networks and their surprisingly deep implications

May 31, 2019 - 9:30 am to 10:30 am
Location

SLAC, Kavli 3rd Floor Conf. Room

Speaker
Sean McLaughlin

Join us tomorrow, May 31st at 9:30 am on the Kavli third floor at SLAC (and on zoom <https://stanford.zoom.us/j/2038764923> !) for the KIPAC Stats & ML Journal Club. I will be leading a discussion on a series of papers I've been working off of the last few weeks on adversarial attacks against neural networks and their surprisingly deep implications. See my abstract below!

 

Sean

 

Explaining and Harnessing Adversarial Examples (https://arxiv.org/pdf/1412.6572.pdf)

Adversarial Examples are Not Bugs, They are Features (http://gradientscience.org/adv/) Robustness May Be at Odds with Accuracy (https://arxiv.org/pdf/1805.12152.pdf)

 

It was discovered, with the advent of neural networks, that they are susceptible to bizarre "adversarial attacks." An adversary with access to the networks weights can seemingly find a small perturbation to the input image that forces the network to confidently make a wrong classification.  The initial understanding at the time was that it was a result of over-training. However, recent results have changed the common thinking to something more subtle. They imply something fundamental about the geometry of high-dimensional input spaces, and defending against such attacks yields networks that appear to "understand" basic features better and align more with our intuitions.