A THEORETICAL FRAMEWORK FOR ROBUSTNESS OF ......A THEORETICAL FRAMEWORK FOR ROBUSTNESS OF (DEEP)...
Transcript of A THEORETICAL FRAMEWORK FOR ROBUSTNESS OF ......A THEORETICAL FRAMEWORK FOR ROBUSTNESS OF (DEEP)...
![Page 1: A THEORETICAL FRAMEWORK FOR ROBUSTNESS OF ......A THEORETICAL FRAMEWORK FOR ROBUSTNESS OF (DEEP) CLASSIFIERS UNDER ADVERSARIAL EXAMPLES Beilun Wang, Ji Gao and Yanjun Qi Department](https://reader036.fdocuments.net/reader036/viewer/2022071115/5ff2272e723ab22c7a3e7e63/html5/thumbnails/1.jpg)
ATHEORETICALFRAMEWORKFORROBUSTNESSOF(DEEP)CLASSIFIERSUNDERADVERSARIALEXAMPLES
BeilunWang,JiGaoandYanjun QiDepartmentofComputerScience,UniversityofVirginia
ProblemSetting:
DefineAdversarialExamples:
TowardsPrincipledSolutions(forDNNs):
OurtheoremssuggestalistofpossiblesolutionsthatmayimprovetherobustnessofDNNclassifiersagainstadversarialsamples.Optionsinclude,like(1)learningabetter12 ;(2)modifyingunnecessaryfeatures(SeePosterDeepMask-TuesdayMorningW18).
• For(1),thealternativemethodforhardeningtheDNNmodelsisminimizingsomelossfunctions345(7, 7′)sothatwhen:.(;. 7 , ;.(7′)) < =(approximatedby(>, ∥⋅∥)),thisloss345(7, 7′)issmall.Atableofcomparingexistinghardeningsolutionsusingthismethodisshownasfollowing:
ExperimentEvaluation
Define(AB, C)-Strong-robustness:
WhyDNNmodelisnotstrong-robust.
Whyaclassifierisvulnerabletoadversarialsamples.
SufficientConditionforStrong-robustness:
Strong-robustness forD.
ExperimentalEvaluation:
TowardsPrincipledUnderstanding