Search Results for author:
Found 57 papers, 39 papers with code
Enabling certification of verification-agnostic networks via memory-efficient semidefinite programming
In this work, we propose a first-order dual SDP algorithm that (1) requires memory only linear in the total number of network activations, (2) only requires a fixed number of forward/backward passes through the network per iteration.
Creating High Resolution Images with a Latent Adversarial Generator
That is to say, instead of generating an arbitrary image as a sample from the manifold of natural images, we propose to sample images from a particular "subspace" of natural images, directed by a low-resolution image from the same subspace.
MixMatch: A Holistic Approach to Semi-Supervised Learning
Semi-supervised learning has proven to be a powerful paradigm for leveraging unlabeled data to mitigate the reliance on large labeled datasets.
Evaluation Methodology for Attacks Against Confidence Thresholding Models
Current machine learning algorithms can be easily fooled by adversarial examples.
Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition
Adversarial examples are inputs to machine learning models designed by an adversary to cause an incorrect output.
Automatic Speech Recognition
Automatic Speech Recognition (ASR)
+1
A Research Agenda: Dynamic Models to Defend Against Correlated Attacks
When machine learning is used in contexts where security is a concern, it is desirable to design models that perform well even when the input is designed by a malicious adversary.
On Evaluating Adversarial Robustness
Correctly evaluating defenses against adversarial examples has proven to be extremely difficult.
A domain agnostic measure for monitoring and evaluating GANs
Evaluations are essential for: (i) relative assessment of different models and (ii) monitoring the progress of a single model throughout training.
New CleverHans Feature: Better Adversarial Robustness Evaluations with Attack Bundling
This technical report describes a new feature of the CleverHans library called "attack bundling".
Discriminator Rejection Sampling
We propose a rejection sampling scheme using the discriminator of a GAN to approximately correct errors in the GAN generator distribution.
Sanity Checks for Saliency Maps
We find that reliance, solely, on visual assessment can be misleading.
Local Explanation Methods for Deep Neural Networks Lack Sensitivity to Parameter Values
Explaining the output of a complicated machine learning model like a deep neural network (DNN) is a central challenge in machine learning.
Unrestricted Adversarial Examples
We introduce a two-player contest for evaluating the safety and robustness of machine learning systems, with a large prize pool.
Skill Rating for Generative Models
We explore a new way to evaluate generative models using insights from evaluation of competitive games between human players.
TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing
We then discuss the application of CGF to the following goals: finding numerical errors in trained neural networks, generating disagreements between neural networks and quantized versions of those networks, and surfacing undesirable behavior in character level language models.
Understanding and Improving Interpolation in Autoencoders via an Adversarial Regularizer
Autoencoders provide a powerful framework for learning compressed representations by encoding all of the information needed to reconstruct a data point in a latent code.
Motivating the Rules of the Game for Adversarial Example Research
Advances in machine learning have led to broad deployment of systems with impressive performance on important problems.
Adversarial Reprogramming of Neural Networks
Previous adversarial attacks have been designed to degrade performance of models or cause machine learning models to produce specific outputs chosen ahead of time by the attacker.
Defense Against the Dark Arts: An overview of adversarial example security research and future research directions
This article presents a summary of a keynote lecture at the Deep Learning Security workshop at IEEE Security and Privacy 2018.
Self-Attention Generative Adversarial Networks
In this paper, we propose the Self-Attention Generative Adversarial Network (SAGAN) which allows attention-driven, long-range dependency modeling for image generation tasks.
Ranked #17 on
Conditional Image Generation
on ImageNet 128x128
Gradient Masking Causes CLEVER to Overestimate Adversarial Perturbation Size
In other words, the attack-based methodology provides an upper-bound on the size of a perturbation that will fool the model, but security guarantees require a lower bound.
Adversarial Attacks and Defences Competition
To accelerate research on adversarial examples and robustness of machine learning classifiers, Google Brain organized a NIPS 2017 competition that encouraged researchers to develop new methods to generate adversarial examples as well as to develop new ways to defend against them.
Adversarial Logit Pairing
In this paper, we develop improved techniques for defending against adversarial examples at scale.
Is Generator Conditioning Causally Related to GAN Performance?
Motivated by this, we study the distribution of singular values of the Jacobian of the generator in Generative Adversarial Networks (GANs).
Adversarial Examples that Fool both Computer Vision and Time-Limited Humans
Machine learning models are vulnerable to adversarial examples: small changes to images can cause computer vision models to make mistakes such as identifying a school bus as an ostrich.
MaskGAN: Better Text Generation via Filling in the______
Additionally, these models are typically trained via maxi- mum likelihood and teacher forcing.
Adversarial Spheres
We hypothesize that this counter intuitive behavior is a naturally occurring result of the high dimensional geometry of the data manifold.
MaskGAN: Better Text Generation via Filling in the _______
Neural autoregressive and seq2seq models that generate text by sampling words sequentially, with each word conditioned on the previous model, are state-of-the-art for several machine translation and summarization benchmarks.
Ranked #4 on
Multivariate Time Series Imputation
on PEMS-SF
Thermometer Encoding: One Hot Way To Resist Adversarial Examples
It is well known that it is possible to construct "adversarial examples" for neural networks: inputs which are misclassified by the network yet indistinguishable from true data.
Many Paths to Equilibrium: GANs Do Not Need to Decrease a Divergence At Every Step
Unlike other generative models, the data distribution is learned via a game between a generator (the generative model) and a discriminator (a teacher providing training signal) that each minimize their own cost.
On the Protection of Private Information in Machine Learning Systems: Two Recent Approaches
The recent, remarkable growth of machine learning has led to intense interest in the privacy of the data on which machine learning relies, and to new techniques for preserving privacy.
Ensemble Adversarial Training: Attacks and Defenses
We show that this form of adversarial training converges to a degenerate global minimum, wherein small curvature artifacts near the data points obfuscate a linear approximation of the loss.
The Space of Transferable Adversarial Examples
Adversarial examples are maliciously perturbed inputs designed to mislead machine learning (ML) models at test-time.
Adversarial Attacks on Neural Network Policies
Machine learning classifiers are known to be vulnerable to inputs maliciously constructed by adversaries to force misclassification.
NIPS 2016 Tutorial: Generative Adversarial Networks
This report summarizes the tutorial presented by the author at NIPS 2016 on generative adversarial networks (GANs).
Adversarial Machine Learning at Scale
Adversarial examples are malicious inputs designed to fool machine learning models.
Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data
The approach combines, in a black-box fashion, multiple models trained with disjoint datasets, such as records from different subsets of users.
Technical Report on the CleverHans v2.1.0 Adversarial Examples Library
An adversarial example library for constructing attacks, building defenses, and benchmarking both
Adversarial examples in the physical world
Up to now, all previous work have assumed a threat model in which the adversary can feed data directly into the machine learning classifier.
Deep Learning with Differential Privacy
Machine learning techniques based on neural networks are achieving remarkable results in a wide variety of domains.
Improved Techniques for Training GANs
We present a variety of new architectural features and training procedures that we apply to the generative adversarial networks (GANs) framework.
Ranked #14 on
Conditional Image Generation
on CIFAR-10
(Inception score metric)
Conditional Image Generation
Semi-Supervised Image Classification
Adversarial Training Methods for Semi-Supervised Text Classification
We extend adversarial and virtual adversarial training to the text domain by applying perturbations to the word embeddings in a recurrent neural network rather than to the original input itself.
Ranked #16 on
Sentiment Analysis
on IMDb
General Classification
Semi-Supervised Text Classification
+2
Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
We demonstrate our attacks on two commercial machine learning classification systems from Amazon (96. 19% misclassification rate) and Google (88. 94%) using only 800 queries of the victim model, thereby showing that existing machine learning approaches are in general vulnerable to systematic black-box attacks regardless of their structure.
Unsupervised Learning for Physical Interaction through Video Prediction
A core challenge for an agent learning to interact with the world is to predict how its actions affect objects in its environment.
Ranked #26 on
Video Generation
on BAIR Robot Pushing
Theano: A Python framework for fast computation of mathematical expressions
Since its introduction, it has been one of the most used CPU and GPU mathematical compilers - especially in the machine learning community - and has shown steady performance improvements.
Improving the Robustness of Deep Neural Networks via Stability Training
In this paper we address the issue of output instability of deep neural networks: small perturbations in the visual input can significantly distort the feature embeddings and output of a neural network.
TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems
TensorFlow is an interface for expressing machine learning algorithms, and an implementation for executing such algorithms.
Practical Black-Box Attacks against Machine Learning
Our attack strategy consists in training a local model to substitute for the target DNN, using inputs synthetically generated by an adversary and labeled by the target DNN.
Adversarial Autoencoders
In this paper, we propose the "adversarial autoencoder" (AAE), which is a probabilistic autoencoder that uses the recently proposed generative adversarial networks (GAN) to perform variational inference by matching the aggregated posterior of the hidden code vector of the autoencoder with an arbitrary prior distribution.
Ranked #5 on
Unsupervised Image Classification
on MNIST
Net2Net: Accelerating Learning via Knowledge Transfer
Our Net2Net technique accelerates the experimentation process by instantaneously transferring the knowledge from a previous network to each new deeper or wider network.
Efficient Per-Example Gradient Computations
This technical report describes an efficient technique for computing the norm of the gradient of the loss function for a neural network with respect to its parameters.
Generative Adversarial Nets
We propose a new framework for estimating generative models via adversarial nets, in which we simultaneously train two models: a generative model G that captures the data distribution, and a discriminative model D that estimates the probability that a sample came from the training data rather than G. The training procedure for G is to maximize the probability of D making a mistake.
Intriguing properties of neural networks
Deep neural networks are highly expressive models that have recently achieved state of the art performance on speech and visual recognition tasks.
Multi-Prediction Deep Boltzmann Machines
We introduce the Multi-Prediction Deep Boltzmann Machine (MP-DBM).
Theano: new features and speed improvements
Theano is a linear algebra compiler that optimizes a user's symbolically-specified mathematical computations to produce efficient low-level implementations.
Large-Scale Feature Learning With Spike-and-Slab Sparse Coding
We consider the problem of object recognition with a large number of classes.
Measuring Invariances in Deep Networks
Our evaluation metrics can also be used to evaluate future work in unsupervised deep learning, and thus help the development of future algorithms.
