Search Results for author:
Found 29 papers, 9 papers with code
Scaling provable adversarial defenses
Recent work has developed methods for learning deep network classifiers that are provably robust to norm-bounded adversarial perturbation; however, these methods are currently only possible for relatively small feedforward networks.
Minimum Regret Search for Single- and Multi-Task Optimization
We propose minimum regret search (MRS), a novel acquisition function for Bayesian optimization.
Meta Adversarial Training against Universal Patches
However, tailoring adversarial training to universal patches is computationally expensive since the optimal universal patch depends on the model weights which change during training.
Meta-Learning of Neural Architectures for Few-Shot Learning
The recent progress in neural architecture search (NAS) has allowed scaling the automated design of neural architectures to real-world domains, such as object detection and semantic segmentation.
Meta-Learning the Search Distribution of Black-Box Random Search Based Adversarial Attacks
We demonstrate that plugging the learned controller into the attack consistently improves its black-box robustness estimate in different query regimes by up to 20% for a wide range of different models with black-box access.
Neural Architecture Search: A Survey
Deep Learning has enabled remarkable progress over the last years on a variety of tasks, such as image recognition, speech recognition, and machine translation.
Interpreting Adversarial Examples with Attributes
Deep computer vision systems being vulnerable to imperceptible and carefully crafted noise have raised questions regarding the robustness of their decisions.
Understanding Misclassifications by Attributes
We study the changes in attributes for clean as well as adversarial images in both standard and adversarially robust networks.
Efficient Multi-objective Neural Architecture Search via Lamarckian Evolution
Neural Architecture Search aims at automatically finding neural architectures that are competitive with architectures designed by human experts.
Universal Adversarial Perturbations Against Semantic Image Segmentation
We show empirically that there exist barely perceptible universal noise patterns which result in nearly the same predicted segmentation for arbitrary inputs.
Adversarial Examples for Semantic Image Segmentation
Machine learning methods in general and Deep Neural Networks in particular have shown to be vulnerable to adversarial perturbations.
On Detecting Adversarial Perturbations
In this work, we propose to augment deep neural networks with a small "detector" subnetwork which is trained on the binary classification task of distinguishing genuine data from data containing adversarial perturbations.
Active Contextual Entropy Search
Contextual policy search allows adapting robotic movement primitives to different situations.
Defending Against Universal Perturbations With Shared Adversarial Training
Classifiers such as deep neural networks have been shown to be vulnerable against adversarial perturbations on problems with high-dimensional input space.
Universality, Robustness, and Detectability of Adversarial Perturbations under Adversarial Training
While adversarial training improves the robustness of classifiers against such adversarial perturbations, it leaves classifiers sensitive to them on a non-negligible fraction of the inputs.
Adversarial and Natural Perturbations for General Robustness
In this paper we aim to explore the general robustness of neural network classifiers by utilizing adversarial as well as natural perturbations.
Increasing the Robustness of Semantic Segmentation Models with Painting-by-Numbers
With respect to our 16 different types of image corruptions and 5 different network backbones, we are in 74% better than training with clean data.
Efficient Certified Defenses Against Patch Attacks on Image Classifiers
Adversarial patches pose a realistic threat model for physical world attacks on autonomous systems via their perception component.
Does enhanced shape bias improve neural network robustness to common corruptions?
We conclude that the data augmentation caused by style-variation accounts for the improved corruption robustness and increased shape bias is only a byproduct.
Test-Time Adaptation to Distribution Shift by Confidence Maximization and Input Transformation
This paper focuses on the fully test-time adaptation setting, where only unlabeled data from the target distribution is required.
Bag of Tricks for Neural Architecture Search
While neural architecture search methods have been successful in previous years and led to new state-of-the-art performance on various problems, they have also been criticized for being unstable, being highly sensitive with respect to their hyperparameters, and often not performing better than random search.
Test-Time Adaptation to Distribution Shifts by Confidence Maximization and Input Transformation
This paper focuses on the fully test-time adaptation setting, where only unlabeled data from the target distribution is required.
Neural Architecture Search for Dense Prediction Tasks in Computer Vision
The success of deep learning in recent years has lead to a rising demand for neural network architecture engineering.
Give Me Your Attention: Dot-Product Attention Considered Harmful for Adversarial Patch Robustness
Neural architectures based on attention such as vision transformers are revolutionizing image recognition.
Certified Defences Against Adversarial Patch Attacks on Semantic Segmentation
Adversarial patch attacks are an emerging security threat for real world deep learning applications.
Identification of Systematic Errors of Image Classifiers on Rare Subgroups
Despite excellent average-case performance of many image classifiers, their performance can substantially deteriorate on semantically coherent subgroups of the data that were under-represented in the training data.
Identifying Systematic Errors in Object Detectors with the SCROD Pipeline
Moreover, our framework introduces an evaluation setting that can serve as a benchmark for similar pipelines.
AutoCLIP: Auto-tuning Zero-Shot Classifiers for Vision-Language Models
We show that AutoCLIP outperforms baselines across a broad range of vision-language models, datasets, and prompt templates consistently and by up to 3 percent point accuracy.
Identification of Fine-grained Systematic Errors via Controlled Scene Generation
Our approach, BEV2EGO, allows for a realistic generation of the complete scene with road-contingent control that maps 2D bird's-eye view (BEV) scene configurations to a first-person view (EGO).
