Search Results for author:
Found 47 papers, 34 papers with code
Statistical Bias in Dataset Replication
Dataset replication is a useful tool for assessing whether models have overfit to a specific validation set or the exact circumstances under which it was generated.
Rethinking Backdoor Attacks
In a backdoor attack, an adversary inserts maliciously constructed backdoor examples into a training set to make the resulting model vulnerable to manipulation.
FFCV: Accelerating Training by Removing Data Bottlenecks
For example, we are able to train an ImageNet ResNet-50 model to 75\% in only 20 mins on a single machine.
A User-Driven Framework for Regulating and Auditing Social Media
In particular, we introduce the notion of a baseline feed: the content that a user would see without filtering (e. g., on Twitter, this could be the chronological timeline).
TRAK: Attributing Model Behavior at Scale
That is, computationally tractable methods can struggle with accurately attributing model predictions in non-convex settings (e. g., in the context of deep neural networks), while methods that are effective in such regimes require training thousands of models, which makes them impractical for large models or datasets.
Dataset Interfaces: Diagnosing Model Failures Using Controllable Counterfactual Generation
In this work, we introduce the notion of a dataset interface: a framework that, given an input dataset and a user-specified shift, returns instances from that input distribution that exhibit the desired shift.
Raising the Cost of Malicious AI-Powered Image Editing
We present an approach to mitigating the risks of malicious image editing posed by large diffusion models.
ModelDiff: A Framework for Comparing Learning Algorithms
We study the problem of (learning) algorithm comparison, where the goal is to find differences between models trained with two different learning algorithms.
A Data-Based Perspective on Transfer Learning
It is commonly believed that in transfer learning including more pre-training data translates into better performance.
When does Bias Transfer in Transfer Learning?
Using transfer learning to adapt a pre-trained "source model" to a downstream "target task" can dramatically increase performance with seemingly no downside.
Distilling Model Failures as Directions in Latent Space
Moreover, by combining our framework with off-the-shelf diffusion models, we can generate images that are especially challenging for the analyzed model, and thus can be used to perform synthetic data augmentation that helps remedy the model's failure modes.
Adversarially trained neural representations may already be as robust as corresponding biological neural representations
Visual systems of primates are the gold standard of robust perception.
Missingness Bias in Model Debugging
Missingness, or the absence of features from an input, is a concept fundamental to many model debugging tools.
Datamodels: Predicting Predictions from Training Data
We present a conceptual framework, datamodeling, for analyzing the behavior of a model class in terms of the training data.
On Distinctive Properties of Universal Perturbations
We identify properties of universal adversarial perturbations (UAPs) that distinguish them from standard adversarial perturbations.
Editing a classifier by rewriting its prediction rules
We present a methodology for modifying the behavior of a classifier by directly rewriting its prediction rules.
Combining Diverse Feature Priors
To improve model generalization, model designers often restrict the features that their models use, either implicitly or explicitly.
3DB: A Framework for Debugging Computer Vision Models
We introduce 3DB: an extendable, unified framework for testing and debugging vision models using photorealistic simulation.
Non-robust Features through the Lens of Universal Perturbations
We study universal adversarial perturbations and demonstrate that the above picture is more nuanced.
Unadversarial Examples: Designing Objects for Robust Vision
We study a class of realistic computer vision settings wherein one can influence the design of the objects being recognized.
Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses
As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance.
BREEDS: Benchmarks for Subpopulation Shift
We develop a methodology for assessing the robustness of models to subpopulation shift---specifically, their ability to generalize to novel data subpopulations that were not observed during training.
Do Adversarially Robust ImageNet Models Transfer Better?
Typically, better pre-trained models yield better transfer results, suggesting that initial accuracy is a key aspect of transfer learning performance.
Noise or Signal: The Role of Image Backgrounds in Object Recognition
We assess the tendency of state-of-the-art object recognition models to depend on signals from image backgrounds.
Implementation Matters in Deep Policy Gradients: A Case Study on PPO and TRPO
We study the roots of algorithmic progress in deep policy gradient algorithms through a case study on two popular algorithms: Proximal Policy Optimization (PPO) and Trust Region Policy Optimization (TRPO).
From ImageNet to Image Classification: Contextualizing Progress on Benchmarks
Building rich machine learning datasets in a scalable manner often necessitates a crowd-sourced data collection pipeline.
Identifying Statistical Bias in Dataset Replication
We study ImageNet-v2, a replication of the ImageNet dataset on which models exhibit a significant (11-14%) drop in accuracy, even after controlling for a standard human-in-the-loop measure of data quality.
Implementation Matters in Deep RL: A Case Study on PPO and TRPO
We study the roots of algorithmic progress in deep policy gradient algorithms through a case study on two popular algorithms, Proximal Policy Optimization and Trust Region Policy Optimization.
The Two Regimes of Deep Network Training
Learning rate schedule has a major impact on the performance of deep learning models.
On Adaptive Attacks to Adversarial Example Defenses
Adaptive attacks have (rightfully) become the de facto standard for evaluating defenses to adversarial examples.
Label-Consistent Backdoor Attacks
While such attacks are very effective, they crucially rely on the adversary injecting arbitrary inputs that are---often blatantly---mislabeled.
Image Synthesis with a Single (Robust) Classifier
We show that the basic classification framework alone can be used to tackle some of the most challenging tasks in image synthesis.
Ranked #56 on
Image Generation
on CIFAR-10
(Inception score metric)
Adversarial Robustness as a Prior for Learned Representations
In this work, we show that robust optimization can be re-cast as a tool for enforcing priors on the features learned by deep neural networks.
Adversarial Examples Are Not Bugs, They Are Features
Adversarial examples have attracted significant attention in machine learning, but the reasons for their existence and pervasiveness remain unclear.
Clean-Label Backdoor Attacks
Deep neural networks have been recently demonstrated to be vulnerable to backdoor attacks.
On Evaluating Adversarial Robustness
Correctly evaluating defenses against adversarial examples has proven to be extremely difficult.
A Closer Look at Deep Policy Gradients
We study how the behavior of deep policy gradient algorithms reflects the conceptual framework motivating their development.
Spectral Signatures in Backdoor Attacks
In this paper, we identify a new property of all known backdoor attacks, which we call \emph{spectral signatures}.
Training for Faster Adversarial Robustness Verification via Inducing ReLU Stability
We explore the concept of co-design in the context of neural network verification.
Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors
We study the problem of generating adversarial examples in a black-box setting in which only loss-oracle access to a model is available.
Robustness May Be at Odds with Accuracy
We show that there may exist an inherent tension between the goal of adversarial robustness and that of standard generalization.
How Does Batch Normalization Help Optimization?
Batch Normalization (BatchNorm) is a widely adopted technique that enables faster and more stable training of deep neural networks (DNNs).
On the limitations of first order approximation in GAN dynamics
This suggests that such usage of the first order approximation of the discriminator, which is a de-facto standard in all the existing GAN dynamics, might be one of the factors that makes GAN training so challenging in practice.
A Classification-Based Perspective on GAN Distributions
A fundamental, and still largely unanswered, question in the context of Generative Adversarial Networks (GANs) is whether GANs are actually able to capture the key characteristics of the datasets they are trained on.
Exploring the Landscape of Spatial Robustness
The study of adversarial robustness has so far largely focused on perturbations bound in p-norms.
On the Limitations of First-Order Approximation in GAN Dynamics
While Generative Adversarial Networks (GANs) have demonstrated promising performance on multiple vision tasks, their learning dynamics are not yet well understood, both in theory and in practice.
Towards Deep Learning Models Resistant to Adversarial Attacks
Its principled nature also enables us to identify methods for both training and attacking neural networks that are reliable and, in a certain sense, universal.
