Loading...

Analytical Investigation and Evaluation of Vulnerability of Deep Networks to Adversarial Perturbations

Azizi, Shayan | 2023

47 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 56409 (05)
  4. University: Sharif University of Technology
  5. Department: Electrical Engineering
  6. Advisor(s): Ghaemmaghami, Shahrokh; Amini, Sajjad
  7. Abstract:
  8. One of the most important problems in machine learning is investigating the performance of the learning algorithms, and especially deep neural networks, on adversarial examples, which are generated by imperceptibly perturbing input images, so that cause the model make a wrong prediction. Not only this line of research is important for making deep neural networks dependable, but also can help with understanding the fundamental limitations of deep neural networks, and the nature of their operation, which can in turn provide researchers with valuable insights into artificial intelligence. In this research work, we have tried to approach the topic with a mainly theoretical mindset. The method we propose for training, which we call “gradual smoothing”, is inspired by the utilization of the Weierstrass transform in the literature of certified robustness, and also by the convexity property of the Kullback-Leibler divergence. Gradual smoothing involves the application of Weierstrass transform by appropriately updating the parameters of the model. In other words, before the end of each iteration during the training phase, and after the gradient descent-based update for reducing the cross-entropy loss, another update on the parameters takes place with the goal of realizing the Weierstrass transform. We observe that using gradual smoothing instead of vanilla training, when generating a base classifier for the Cohen, et al.’s 2019 randomized smoothing and certification framework can lead to an improvement. Additionally, we will show that the gradual smoothing method has an intrinsic capability to search the model’s parameter space for better regions in terms of the robustness-accuracy trade-off. We investigate the gap between the optimal loss value of the KL-based regularized cost function in robust machine learning and the optimal value of a lower bound for the main objective function of robustness. We also define the “robust Bayes risk” and derive an upper and a lower bound for it. We encourage studying robust machine learning using Bayesian learning glasses
  9. Keywords:
  10. Deep Learning ; Randomized Smoothing ; Adversarial Perturbations ; Weierstrass Transform ; Kullback-Leibler Divergence ; Certified Robustness

 Digital Object List

 Bookmark

...see more