Search Results for author: J. Zico Kolter

Found 71 papers, 48 papers with code

Monte Carlo Tree Search With Iteratively Refining State Abstractions

no code implementations NeurIPS 2021 Samuel Sokota, Caleb Ho, Zaheen Ahmad, J. Zico Kolter

In this work, we present a method, called abstraction refining, for extending MCTS to stochastic environments which, unlike progressive widening, leverages the geometry of the state space.

Robustness between the worst and average case

no code implementations NeurIPS 2021 Leslie Rice, Anna Bair, huan zhang, J. Zico Kolter

Several recent works in machine learning have focused on evaluating the test-time robustness of a classifier: how well the classifier performs not just on the target domain it was trained upon, but upon perturbed examples.

Adversarial Robustness

$(\textrm{Implicit})^2$: Implicit Layers for Implicit Representations

no code implementations NeurIPS 2021 Zhichun Huang, Shaojie Bai, J. Zico Kolter

Recent research in deep learning has investigated two very different forms of ''implicitness'': implicit representations model high-frequency data such as images or 3D shapes directly via a low-dimensional neural network (often using e. g., sinusoidal bases or nonlinearities); implicit layers, in contrast, refer to techniques where the forward pass of a network is computed via non-linear dynamical systems, such as fixed-point or differential equation solutions, with the backward pass computed via the implicit function theorem.

Joint inference and input optimization in equilibrium networks

1 code implementation NeurIPS 2021 Swaminathan Gurumurthy, Shaojie Bai, Zachary Manchester, J. Zico Kolter

Many tasks in deep learning involve optimizing over the \emph{inputs} to a network to minimize or maximize some objective; examples include optimization over latent spaces in a generative model to match a target image, or adversarially perturbing an input to worsen classifier performance.

Denoising Meta-Learning

Adversarially Robust Learning for Security-Constrained Optimal Power Flow

no code implementations NeurIPS 2021 Priya L. Donti, Aayushya Agarwal, Neeraj Vijay Bedmutha, Larry Pileggi, J. Zico Kolter

In recent years, the ML community has seen surges of interest in both adversarially robust learning and implicit layers, but connections between these two areas have seldom been explored.

Stabilizing Equilibrium Models by Jacobian Regularization

1 code implementation28 Jun 2021 Shaojie Bai, Vladlen Koltun, J. Zico Kolter

Deep equilibrium networks (DEQs) are a new class of models that eschews traditional depth in favor of finding the fixed point of a single nonlinear layer.

Language Modelling

Assessing Generalization of SGD via Disagreement

no code implementations25 Jun 2021 Yiding Jiang, Vaishnavh Nagarajan, Christina Baek, J. Zico Kolter

We empirically show that the test error of deep networks can be estimated by simply training the same architecture on the same training set but with a different run of Stochastic Gradient Descent (SGD), and measuring the disagreement rate between the two networks on unlabeled test data.

DeepSplit: Scalable Verification of Deep Neural Networks via Operator Splitting

no code implementations16 Jun 2021 Shaoru Chen, Eric Wong, J. Zico Kolter, Mahyar Fazlyab

Analyzing the worst-case performance of deep neural networks against input perturbations amounts to solving a large-scale non-convex optimization problem, for which several past works have proposed convex relaxations as a promising alternative.

Image Classification

DORO: Distributional and Outlier Robust Optimization

1 code implementation11 Jun 2021 Runtian Zhai, Chen Dan, J. Zico Kolter, Pradeep Ravikumar

Many machine learning tasks involve subpopulation shift where the testing data distribution is a subpopulation of the training distribution.

Enforcing Policy Feasibility Constraints through Differentiable Projection for Energy Optimization

1 code implementation19 May 2021 Bingqing Chen, Priya Donti, Kyri Baker, J. Zico Kolter, Mario Berges

Specifically, we incorporate a differentiable projection layer within a neural network-based policy to enforce that all learned actions are feasible.

RATT: Leveraging Unlabeled Data to Guarantee Generalization

1 code implementation1 May 2021 Saurabh Garg, Sivaraman Balakrishnan, J. Zico Kolter, Zachary C. Lipton

To assess generalization, machine learning scientists typically either (i) bound the generalization gap and then (after training) plug in the empirical risk to obtain a bound on the true risk; or (ii) validate empirically on holdout data.

Generalization Bounds

DC3: A learning method for optimization with hard constraints

1 code implementation ICLR 2021 Priya L. Donti, David Rolnick, J. Zico Kolter

Large optimization problems with hard constraints arise in many settings, yet classical solvers are often prohibitively slow, motivating the use of deep networks as cheap "approximate solvers."

Orthogonalizing Convolutional Layers with the Cayley Transform

1 code implementation ICLR 2021 Asher Trockman, J. Zico Kolter

Recent work has highlighted several advantages of enforcing orthogonality in the weight layers of deep networks, such as maintaining the stability of activations, preserving gradient norms, and enhancing adversarial robustness by enforcing low Lipschitz constants.

Adversarial Robustness

Beta-CROWN: Efficient Bound Propagation with Per-neuron Split Constraints for Complete and Incomplete Neural Network Robustness Verification

3 code implementations NeurIPS 2021 Shiqi Wang, huan zhang, Kaidi Xu, Xue Lin, Suman Jana, Cho-Jui Hsieh, J. Zico Kolter

Compared to the typically tightest but very costly semidefinite programming (SDP) based incomplete verifiers, we obtain higher verified accuracy with three orders of magnitudes less verification time.

Adversarial Attack

Gradient Descent on Neural Networks Typically Occurs at the Edge of Stability

1 code implementation ICLR 2021 Jeremy M. Cohen, Simran Kaur, Yuanzhi Li, J. Zico Kolter, Ameet Talwalkar

We empirically demonstrate that full-batch gradient descent on neural network training objectives typically operates in a regime we call the Edge of Stability.

On Proximal Policy Optimization's Heavy-tailed Gradients

no code implementations20 Feb 2021 Saurabh Garg, Joshua Zhanson, Emilio Parisotto, Adarsh Prasad, J. Zico Kolter, Zachary C. Lipton, Sivaraman Balakrishnan, Ruslan Salakhutdinov, Pradeep Ravikumar

In this paper, we present a detailed empirical study to characterize the heavy-tailed nature of the gradients of the PPO surrogate reward function.

Continuous Control

Deep Archimedean Copulas

1 code implementation NeurIPS 2020 Chun Kai Ling, Fei Fang, J. Zico Kolter

A central problem in machine learning and statistics is to model joint densities of random variables from data.

Challenging common interpretability assumptions in feature attribution explanations

1 code implementation4 Dec 2020 Jonathan Dinu, Jeffrey Bigham, J. Zico Kolter

As machine learning and algorithmic decision making systems are increasingly being leveraged in high-stakes human-in-the-loop settings, there is a pressing need to understand the rationale of their predictions.

Decision Making Interpretable Machine Learning

Efficient semidefinite-programming-based inference for binary and multi-class MRFs

1 code implementation NeurIPS 2020 Chirag Pabbaraju, Po-Wei Wang, J. Zico Kolter

Probabilistic inference in pairwise Markov Random Fields (MRFs), i. e. computing the partition function or computing a MAP estimate of the variables, is a foundational problem in probabilistic graphical models.

Community detection using fast low-cardinality semidefinite programming

1 code implementation NeurIPS 2020 Po-Wei Wang, J. Zico Kolter

Modularity maximization has been a fundamental tool for understanding the community structure of a network, but the underlying optimization problem is nonconvex and NP-hard to solve.

Community Detection

Enforcing robust control guarantees within neural network policies

1 code implementation ICLR 2021 Priya L. Donti, Melrose Roderick, Mahyar Fazlyab, J. Zico Kolter

When designing controllers for safety-critical systems, practitioners often face a challenging tradeoff between robustness and performance.

Poisoned classifiers are not only backdoored, they are fundamentally broken

1 code implementation18 Oct 2020 MingJie Sun, Siddhant Agarwal, J. Zico Kolter

Under this threat model, we propose a test-time, human-in-the-loop attack method to generate multiple effective alternative triggers without access to the initial backdoor and the training data.

Gaussian MRF Covariance Modeling for Efficient Black-Box Adversarial Attacks

1 code implementation8 Oct 2020 Anit Kumar Sahu, Satya Narayan Shukla, J. Zico Kolter

We study the problem of generating adversarial examples in a black-box setting, where we only have access to a zeroth order oracle, providing us with loss function evaluations.

Learning perturbation sets for robust machine learning

1 code implementation ICLR 2021 Eric Wong, J. Zico Kolter

In this paper, we aim to bridge this gap by learning perturbation sets from data, in order to characterize real-world effects for robust training and evaluation.

Simple and Efficient Hard Label Black-box Adversarial Attacks in Low Query Budget Regimes

1 code implementation13 Jul 2020 Satya Narayan Shukla, Anit Kumar Sahu, Devin Willmott, J. Zico Kolter

We focus on the problem of black-box adversarial attacks, where the aim is to generate adversarial examples for deep learning models solely based on information limited to output label~(hard label) to a queried data input.

Combining Differentiable PDE Solvers and Graph Neural Networks for Fluid Flow Prediction

1 code implementation ICML 2020 Filipe de Avila Belbute-Peres, Thomas D. Economon, J. Zico Kolter

Solving large complex partial differential equations (PDEs), such as those that arise in computational fluid dynamics (CFD), is a computationally expensive process.

Graph Convolutional Network

Provably Safe PAC-MDP Exploration Using Analogies

1 code implementation7 Jul 2020 Melrose Roderick, Vaishnavh Nagarajan, J. Zico Kolter

A key challenge in applying reinforcement learning to safety-critical domains is understanding how to balance exploration (needed to attain good performance on the task) with safety (needed to avoid catastrophic failure).

Safe Exploration

Neural Network Virtual Sensors for Fuel Injection Quantities with Provable Performance Specifications

no code implementations30 Jun 2020 Eric Wong, Tim Schneider, Joerg Schmitt, Frank R. Schmidt, J. Zico Kolter

Additionally, we show how specific intervals of fuel injection quantities can be targeted to maximize robustness for certain ranges, allowing us to train a virtual sensor for fuel injection which is provably guaranteed to have at most 10. 69% relative error under noise while maintaining 3% relative error on non-adversarial data within normalized fuel injection ranges of 0. 6 to 1. 0.

Multiscale Deep Equilibrium Models

4 code implementations NeurIPS 2020 Shaojie Bai, Vladlen Koltun, J. Zico Kolter

These simultaneously-learned multi-resolution features allow us to train a single model on a diverse set of tasks and loss functions, such as using a single MDEQ to perform both image classification and semantic segmentation.

General Classification Image Classification +1

Monotone operator equilibrium networks

1 code implementation NeurIPS 2020 Ezra Winston, J. Zico Kolter

We then develop a parameterization of the network which ensures that all operators remain monotone, which guarantees the existence of a unique equilibrium point.

Differentiable learning of numerical rules in knowledge graphs

no code implementations ICLR 2020 Po-Wei Wang, Daria Stepanova, Csaba Domokos, J. Zico Kolter

Rules over a knowledge graph (KG) capture interpretable patterns in data and can be used for KG cleaning and completion.

Knowledge Graphs

Overfitting in adversarially robust deep learning

2 code implementations ICML 2020 Leslie Rice, Eric Wong, J. Zico Kolter

Based upon this observed effect, we show that the performance gains of virtually all recent algorithmic improvements upon adversarial training can be matched by simply using early stopping.

Data Augmentation

Certified Robustness to Label-Flipping Attacks via Randomized Smoothing

no code implementations ICML 2020 Elan Rosenfeld, Ezra Winston, Pradeep Ravikumar, J. Zico Kolter

Machine learning algorithms are known to be susceptible to data poisoning attacks, where an adversary manipulates the training data to degrade performance of the resulting classifier.

Data Poisoning General Classification +1

Learning Stable Deep Dynamics Models

1 code implementation NeurIPS 2019 Gaurav Manek, J. Zico Kolter

Deep networks are commonly used to model dynamical systems, predicting how the state of a system will evolve over time (either autonomously or in response to control inputs).

Fast is better than free: Revisiting adversarial training

10 code implementations ICLR 2020 Eric Wong, Leslie Rice, J. Zico Kolter

Furthermore we show that FGSM adversarial training can be further accelerated by using standard techniques for efficient training of deep networks, allowing us to learn a robust CIFAR10 classifier with 45% robust accuracy to PGD attacks with $\epsilon=8/255$ in 6 minutes, and a robust ImageNet classifier with 43% robust accuracy at $\epsilon=2/255$ in 12 hours, in comparison to past work based on "free" adversarial training which took 10 and 50 hours to reach the same respective thresholds.

AP-Perf: Incorporating Generic Performance Metrics in Differentiable Learning

4 code implementations2 Dec 2019 Rizal Fathony, J. Zico Kolter

We propose a method that enables practitioners to conveniently incorporate custom non-decomposable performance metrics into differentiable learning pipelines, notably those based upon neural network architectures.

General Classification Image Classification

Dynamic Modeling and Equilibria in Fair Decision Making

no code implementations15 Nov 2019 Joshua Williams, J. Zico Kolter

Recent studies on fairness in automated decision making systems have both investigated the potential future impact of these decisions on the population at large, and emphasized that imposing ''typical'' fairness constraints such as demographic parity or equality of opportunity does not guarantee a benefit to disadvantaged groups.

Decision Making Fairness

Adversarial Music: Real World Audio Adversary Against Wake-word Detection System

no code implementations NeurIPS 2019 Juncheng B. Li, Shuhui Qu, Xinjian Li, Joseph Szurley, J. Zico Kolter, Florian Metze

In this work, we target our attack on the wake-word detection system, jamming the model with some inconspicuous background music to deactivate the VAs while our audio adversary is present.

Real-World Adversarial Attack

Black-box Adversarial Attacks with Bayesian Optimization

1 code implementation30 Sep 2019 Satya Narayan Shukla, Anit Kumar Sahu, Devin Willmott, J. Zico Kolter

We focus on the problem of black-box adversarial attacks, where the aim is to generate adversarial examples using information limited to loss function evaluations of input-output pairs.

Certified Robustness to Adversarial Label-Flipping Attacks via Randomized Smoothing

no code implementations25 Sep 2019 Elan Rosenfeld, Ezra Winston, Pradeep Ravikumar, J. Zico Kolter

This paper considers label-flipping attacks, a type of data poisoning attack where an adversary relabels a small number of examples in a training set in order to degrade the performance of the resulting classifier.

Data Poisoning

Adversarial Robustness Against the Union of Multiple Perturbation Models

1 code implementation9 Sep 2019 Pratyush Maini, Eric Wong, J. Zico Kolter

Owing to the susceptibility of deep learning systems to adversarial attacks, there has been a great deal of work in developing (both empirically and certifiably) robust classifiers.

Adversarial Robustness

The Limited Multi-Label Projection Layer

1 code implementation20 Jun 2019 Brandon Amos, Vladlen Koltun, J. Zico Kolter

We propose the Limited Multi-Label (LML) projection layer as a new primitive operation for end-to-end learning systems.

General Classification Graph Generation +1

Perceptual Based Adversarial Audio Attacks

no code implementations14 Jun 2019 Joseph Szurley, J. Zico Kolter

Recent work has shown the possibility of adversarial attacks on automatic speechrecognition (ASR) systems.

Audio and Speech Processing Sound

Deterministic PAC-Bayesian generalization bounds for deep networks via generalizing noise-resilience

no code implementations ICLR 2019 Vaishnavh Nagarajan, J. Zico Kolter

The ability of overparameterized deep networks to generalize well has been linked to the fact that stochastic gradient descent (SGD) finds solutions that lie in flat, wide minima in the training loss -- minima where the output of the network is resilient to small random noise added to its parameters.

Generalization Bounds

Adversarial camera stickers: A physical camera-based attack on deep learning systems

1 code implementation21 Mar 2019 Juncheng Li, Frank R. Schmidt, J. Zico Kolter

In this work, we consider an alternative question: is it possible to fool deep classifiers, over all perceived objects of a certain type, by physically manipulating the camera itself?

Large Scale Learning of Agent Rationality in Two-Player Zero-Sum Games

no code implementations11 Mar 2019 Chun Kai Ling, Fei Fang, J. Zico Kolter

With the recent advances in solving large, zero-sum extensive form games, there is a growing interest in the inverse problem of inferring underlying game parameters given only access to agent actions.

Wasserstein Adversarial Examples via Projected Sinkhorn Iterations

2 code implementations21 Feb 2019 Eric Wong, Frank R. Schmidt, J. Zico Kolter

In this paper, we propose a new threat model for adversarial attacks based on the Wasserstein distance.

Adversarial Attack Adversarial Defense +4

Uniform convergence may be unable to explain generalization in deep learning

1 code implementation NeurIPS 2019 Vaishnavh Nagarajan, J. Zico Kolter

Aimed at explaining the surprisingly good generalization behavior of overparameterized deep networks, recent works have developed a variety of generalization bounds for deep learning, all based on the fundamental learning-theoretic technique of uniform convergence.

Generalization Bounds

Certified Adversarial Robustness via Randomized Smoothing

7 code implementations8 Feb 2019 Jeremy M Cohen, Elan Rosenfeld, J. Zico Kolter

We show how to turn any classifier that classifies well under Gaussian noise into a new classifier that is certifiably robust to adversarial perturbations under the $\ell_2$ norm.

Adversarial Defense Adversarial Robustness +1

Generalization in Deep Networks: The Role of Distance from Initialization

no code implementations7 Jan 2019 Vaishnavh Nagarajan, J. Zico Kolter

Why does training deep neural networks using stochastic gradient descent (SGD) result in a generalization error that does not worsen with the number of parameters in the network?

Low-rank semidefinite programming for the MAX2SAT problem

1 code implementation15 Dec 2018 Po-Wei Wang, J. Zico Kolter

This paper proposes a new algorithm for solving MAX2SAT problems based on combining search methods with semidefinite programming approaches.

End-to-End Differentiable Physics for Learning and Control

1 code implementation NeurIPS 2018 Filipe de Avila Belbute-Peres, Kevin Smith, Kelsey Allen, Josh Tenenbaum, J. Zico Kolter

We present a differentiable physics engine that can be integrated as a module in deep neural networks for end-to-end learning.

Differentiable MPC for End-to-end Planning and Control

2 code implementations NeurIPS 2018 Brandon Amos, Ivan Dario Jimenez Rodriguez, Jacob Sacks, Byron Boots, J. Zico Kolter

We present foundations for using Model Predictive Control (MPC) as a differentiable policy class for reinforcement learning in continuous state and action spaces.

Imitation Learning

A Continuous-Time View of Early Stopping for Least Squares

no code implementations23 Oct 2018 Alnur Ali, J. Zico Kolter, Ryan J. Tibshirani

Our primary focus is to compare the risk of gradient flow to that of ridge regression.

Trellis Networks for Sequence Modeling

1 code implementation ICLR 2019 Shaojie Bai, J. Zico Kolter, Vladlen Koltun

On the other hand, we show that truncated recurrent networks are equivalent to trellis networks with special sparsity structure in their weight matrices.

Language Modelling Sequential Image Classification

Scaling provable adversarial defenses

4 code implementations NeurIPS 2018 Eric Wong, Frank R. Schmidt, Jan Hendrik Metzen, J. Zico Kolter

Recent work has developed methods for learning deep network classifiers that are provably robust to norm-bounded adversarial perturbation; however, these methods are currently only possible for relatively small feedforward networks.

What game are we playing? End-to-end learning in normal and extensive form games

no code implementations7 May 2018 Chun Kai Ling, Fei Fang, J. Zico Kolter

Although recent work in AI has made great progress in solving large, zero-sum, extensive-form games, the underlying assumption in most past work is that the parameters of the game itself are known to the agents.

An Empirical Evaluation of Generic Convolutional and Recurrent Networks for Sequence Modeling

26 code implementations4 Mar 2018 Shaojie Bai, J. Zico Kolter, Vladlen Koltun

Our results indicate that a simple convolutional architecture outperforms canonical recurrent networks such as LSTMs across a diverse range of tasks and datasets, while demonstrating longer effective memory.

Language Modelling Machine Translation +3

Realtime query completion via deep language models

no code implementations ICLR 2018 Po-Wei Wang, J. Zico Kolter, Vijai Mohan, Inderjit S. Dhillon

Search engine users nowadays heavily depend on query completion and correction to shape their queries.

Language Modelling

Provable defenses against adversarial examples via the convex outer adversarial polytope

8 code implementations ICML 2018 Eric Wong, J. Zico Kolter

We propose a method to learn deep ReLU-based classifiers that are provably robust against norm-bounded adversarial perturbations on the training data.

Adversarial Attack

Gradient descent GAN optimization is locally stable

1 code implementation NeurIPS 2017 Vaishnavh Nagarajan, J. Zico Kolter

Despite the growing prominence of generative adversarial networks (GANs), optimization in GANs is still a poorly understood topic.

The Mixing method: low-rank coordinate descent for semidefinite programming with diagonal constraints

1 code implementation1 Jun 2017 Po-Wei Wang, Wei-Cheng Chang, J. Zico Kolter

In this paper, we propose a low-rank coordinate descent approach to structured semidefinite programming with diagonal constraints.

Learning Word Embeddings

Task-based End-to-end Model Learning in Stochastic Optimization

1 code implementation NeurIPS 2017 Priya L. Donti, Brandon Amos, J. Zico Kolter

With the increasing popularity of machine learning techniques, it has become common to see prediction algorithms operating within some larger process.

Stochastic Optimization

OptNet: Differentiable Optimization as a Layer in Neural Networks

6 code implementations ICML 2017 Brandon Amos, J. Zico Kolter

This paper presents OptNet, a network architecture that integrates optimization problems (here, specifically in the form of quadratic programs) as individual layers in larger end-to-end trainable deep networks.

bilevel optimization

Input Convex Neural Networks

3 code implementations ICML 2017 Brandon Amos, Lei Xu, J. Zico Kolter

We show that many existing neural network architectures can be made input-convex with a minor modification, and develop specialized optimization algorithms tailored to this setting.

Imputation Inference Optimization +1

Probabilistic Segmentation via Total Variation Regularization

no code implementations16 Nov 2015 Matt Wytock, J. Zico Kolter

We present a convex approach to probabilistic segmentation and modeling of time series data.

Density Estimation Time Series

Contextually Supervised Source Separation with Application to Energy Disaggregation

no code implementations18 Dec 2013 Matt Wytock, J. Zico Kolter

We propose a new framework for single-channel source separation that lies between the fully supervised and unsupervised setting.

Cannot find the paper you are looking for? You can Submit a new open access paper.