Search Results for author: Soheil Feizi

Found 100 papers, 43 papers with code

Instruct2Attack: Language-Guided Semantic Adversarial Attacks

no code implementations27 Nov 2023 Jiang Liu, Chen Wei, Yuxiang Guo, Heng Yu, Alan Yuille, Soheil Feizi, Chun Pong Lau, Rama Chellappa

We propose Instruct2Attack (I2A), a language-guided semantic attack that generates semantically meaningful perturbations according to free-form language instructions.

Online Advertisements with LLMs: Opportunities and Challenges

no code implementations11 Nov 2023 Soheil Feizi, Mohammadtaghi Hajiaghayi, Keivan Rezaei, Suho Shin

This paper explores the potential for leveraging Large Language Models (LLM) in the realm of online advertising systems.

Exploring Geometry of Blind Spots in Vision Models

1 code implementation30 Oct 2023 Sriram Balasubramanian, Gaurang Sriramanan, Vinu Sankar Sadasivan, Soheil Feizi

We further observe that the source image is linearly connected by a high-confidence path to these inputs, uncovering a star-like structure for level sets of deep networks.

Localizing and Editing Knowledge in Text-to-Image Generative Models

no code implementations20 Oct 2023 Samyadeep Basu, Nanxuan Zhao, Vlad Morariu, Soheil Feizi, Varun Manjunatha

We adapt Causal Mediation Analysis for text-to-image models and trace knowledge about distinct visual attributes to various (causal) components in the (i) UNet and (ii) text-encoder of the diffusion model.

Image Generation Model Editing

EditVal: Benchmarking Diffusion Based Text-Guided Image Editing Methods

no code implementations3 Oct 2023 Samyadeep Basu, Mehrdad Saberi, Shweta Bhardwaj, Atoosa Malemir Chegini, Daniela Massiceti, Maziar Sanjabi, Shell Xu Hu, Soheil Feizi

From both the human study and automated evaluation, we find that: (i) Instruct-Pix2Pix, Null-Text and SINE are the top-performing methods averaged across different edit types, however {\it only} Instruct-Pix2Pix and Null-Text are able to preserve original image properties; (ii) Most of the editing methods fail at edits involving spatial operations (e. g., changing the position of an object).

Benchmarking text-guided-image-editing

Robustness of AI-Image Detectors: Fundamental Limits and Practical Attacks

no code implementations29 Sep 2023 Mehrdad Saberi, Vinu Sankar Sadasivan, Keivan Rezaei, Aounon Kumar, Atoosa Chegini, Wenxiao Wang, Soheil Feizi

For high perturbation watermarking methods where notable changes are applied to images, the diffusion purification attack is not effective.

Adversarial Attack Face Swapping

PRIME: Prioritizing Interpretability in Failure Mode Extraction

no code implementations29 Sep 2023 Keivan Rezaei, Mehrdad Saberi, Mazda Moayeri, Soheil Feizi

To improve on these shortcomings, we propose a novel approach that prioritizes interpretability in this problem: we start by obtaining human-understandable concepts (tags) of images in the dataset and then analyze the model's behavior based on the presence or absence of combinations of these tags.

Image Classification

Adapting Self-Supervised Representations to Multi-Domain Setups

no code implementations7 Sep 2023 Neha Kalibhat, Sam Sharpe, Jeremy Goodsitt, Bayan Bruss, Soheil Feizi

Current state-of-the-art self-supervised approaches, are effective when trained on individual domains but show limited generalization on unseen domains.


Certifying LLM Safety against Adversarial Prompting

1 code implementation6 Sep 2023 Aounon Kumar, Chirag Agarwal, Suraj Srinivas, Aaron Jiaxun Li, Soheil Feizi, Himabindu Lakkaraju

We defend against three attack modes: i) adversarial suffix, which appends an adversarial sequence at the end of the prompt; ii) adversarial insertion, where the adversarial sequence is inserted anywhere in the middle of the prompt; and iii) adversarial infusion, where adversarial tokens are inserted at arbitrary positions in the prompt, not necessarily as a contiguous block.

Language Modelling

Identifying Interpretable Subspaces in Image Representations

1 code implementation20 Jul 2023 Neha Kalibhat, Shweta Bhardwaj, Bayan Bruss, Hamed Firooz, Maziar Sanjabi, Soheil Feizi

Although many existing approaches interpret features independently, we observe in state-of-the-art self-supervised and supervised models, that less than 20% of the representation space can be explained by individual features.

Language Modelling

Augmenting CLIP with Improved Visio-Linguistic Reasoning

no code implementations18 Jul 2023 Samyadeep Basu, Maziar Sanjabi, Daniela Massiceti, Shell Xu Hu, Soheil Feizi

On the challenging Winoground compositional reasoning benchmark, our method improves the absolute visio-linguistic performance of different CLIP models by up to 7%, while on the ARO dataset, our method improves the visio-linguistic performance by upto 3%.

Retrieval Text Retrieval +2

On Practical Aspects of Aggregation Defenses against Data Poisoning Attacks

no code implementations28 Jun 2023 Wenxiao Wang, Soheil Feizi

The increasing access to data poses both opportunities and risks in deep learning, as one can manipulate the behaviors of deep learning models with malicious training samples.

Data Poisoning

Diffused Redundancy in Pre-trained Representations

1 code implementation31 May 2023 Vedant Nanda, Till Speicher, John P. Dickerson, Soheil Feizi, Krishna P. Gummadi, Adrian Weller

We find that learned representations in a given layer exhibit a degree of diffuse redundancy, ie, any randomly chosen subset of neurons in the layer that is larger than a threshold size shares a large degree of similarity with the full layer and is able to perform similarly as the whole layer on a variety of downstream tasks.

Text-To-Concept (and Back) via Cross-Model Alignment

no code implementations10 May 2023 Mazda Moayeri, Keivan Rezaei, Maziar Sanjabi, Soheil Feizi

We observe that the mapping between an image's representation in one model to its representation in another can be learned surprisingly well with just a linear layer, even across diverse models.

Strong Baselines for Parameter Efficient Few-Shot Fine-tuning

no code implementations4 Apr 2023 Samyadeep Basu, Daniela Massiceti, Shell Xu Hu, Soheil Feizi

Through our controlled empirical study, we have two main findings: (i) Fine-tuning just the LayerNorm parameters (which we call LN-Tune) during few-shot adaptation is an extremely strong baseline across ViTs pre-trained with both self-supervised and supervised objectives, (ii) For self-supervised ViTs, we find that simply learning a set of scaling parameters for each attention matrix (which we call AttnScale) along with a domain-residual adapter (DRA) module leads to state-of-the-art performance (while being $\sim\!$ 9$\times$ more parameter-efficient) on MD.

Few-Shot Image Classification

Provable Robustness for Streaming Models with a Sliding Window

no code implementations28 Mar 2023 Aounon Kumar, Vinu Sankar Sadasivan, Soheil Feizi

Robustness certificates based on the assumption of independent input samples are not directly applicable in such scenarios.

Human Activity Recognition Image Classification

DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness

1 code implementation20 Mar 2023 Shoumik Saha, Wenxiao Wang, Yigitcan Kaya, Soheil Feizi, Tudor Dumitras

After showing how DRSM is theoretically robust against attacks with contiguous adversarial bytes, we verify its performance and certified robustness experimentally, where we observe only marginal accuracy drops as the cost of robustness.

Adversarial Robustness Malware Detection

Can AI-Generated Text be Reliably Detected?

1 code implementation17 Mar 2023 Vinu Sankar Sadasivan, Aounon Kumar, Sriram Balasubramanian, Wenxiao Wang, Soheil Feizi

Empirically, we show that paraphrasing attacks, where a light paraphraser is applied on top of a large language model (LLM), can break a whole range of detectors, including ones using watermarking schemes as well as neural network-based detectors and zero-shot classifiers.

Language Modelling Large Language Model +2

Temporal Robustness against Data Poisoning

no code implementations7 Feb 2023 Wenxiao Wang, Soheil Feizi

Data poisoning considers cases when an adversary manipulates the behavior of machine learning algorithms through malicious training data.

Data Poisoning

Run-Off Election: Improved Provable Defense against Data Poisoning Attacks

2 code implementations5 Feb 2023 Keivan Rezaei, Kiarash Banihashem, Atoosa Chegini, Soheil Feizi

Based on this approach, we propose DPA+ROE and FA+ROE defense methods based on Deep Partition Aggregation (DPA) and Finite Aggregation (FA) approaches from prior work.

Data Poisoning

Spuriosity Rankings: Sorting Data to Measure and Mitigate Biases

no code implementations5 Dec 2022 Mazda Moayeri, Wenxiao Wang, Sahil Singla, Soheil Feizi

With spuriosity rankings, it is easy to identify minority subpopulations (i. e. low spuriosity images) and assess model bias as the gap in accuracy between high and low spuriosity images.

Towards Improved Input Masking for Convolutional Neural Networks

1 code implementation ICCV 2023 Sriram Balasubramanian, Soheil Feizi

In this work, we propose a new masking method for CNNs we call layer masking in which the missingness bias caused by masking is reduced to a large extent.

Data Augmentation

Invariant Learning via Diffusion Dreamed Distribution Shifts

no code implementations18 Nov 2022 Priyatham Kattakinda, Alexander Levine, Soheil Feizi

Using the validation set, we evaluate several popular DNN image classifiers and find that the classification performance of models generally suffers on our background diverse images.

Image Classification

Improved techniques for deterministic l2 robustness

1 code implementation15 Nov 2022 Sahil Singla, Soheil Feizi

In this work, we reduce this gap by introducing (a) a procedure to certify robustness of 1-Lipschitz CNNs by replacing the last linear layer with a 1-hidden layer MLP that significantly improves their performance for both standard and provably robust accuracy, (b) a method to significantly reduce the training time per epoch for Skew Orthogonal Convolution (SOC) layers (>30\% reduction for deeper networks) and (c) a class of pooling layers using the mathematical property that the $l_{2}$ distance of an input to a manifold is 1-Lipschitz.

Adversarial Robustness

Explicit Tradeoffs between Adversarial and Natural Distributional Robustness

no code implementations15 Sep 2022 Mazda Moayeri, Kiarash Banihashem, Soheil Feizi

In this setting, through theoretical and empirical analysis, we show that (i) adversarial training with $\ell_1$ and $\ell_2$ norms increases the model reliance on spurious features; (ii) For $\ell_\infty$ adversarial training, spurious reliance only occurs when the scale of the spurious features is larger than that of the core features; (iii) adversarial training can have an unintended consequence in reducing distributional robustness, specifically when spurious correlations are changed in the new test domain.

Adversarial Robustness Test

Goal-Conditioned Q-Learning as Knowledge Distillation

1 code implementation28 Aug 2022 Alexander Levine, Soheil Feizi

We empirically show that this can improve the performance of goal-conditioned off-policy reinforcement learning when the space of goals is high-dimensional.

Knowledge Distillation Q-Learning +2

Lethal Dose Conjecture on Data Poisoning

1 code implementation5 Aug 2022 Wenxiao Wang, Alexander Levine, Soheil Feizi

Deep Partition Aggregation (DPA) and its extension, Finite Aggregation (FA) are recent approaches for provable defenses against data poisoning, where they predict through the majority vote of many base models trained from different subsets of training set using a given learner.

Data Poisoning

Certifiably Robust Policy Learning against Adversarial Communication in Multi-agent Systems

no code implementations21 Jun 2022 Yanchao Sun, Ruijie Zheng, Parisa Hassanzadeh, Yongyuan Liang, Soheil Feizi, Sumitra Ganesh, Furong Huang

Communication is important in many multi-agent reinforcement learning (MARL) problems for agents to share information and make good decisions.

Multi-agent Reinforcement Learning

Interpretable Mixture of Experts

no code implementations5 Jun 2022 Aya Abdelsalam Ismail, Sercan Ö. Arik, Jinsung Yoon, Ankur Taly, Soheil Feizi, Tomas Pfister

In addition to constituting a standalone inherently-interpretable architecture, IME has the premise of being integrated with existing DNNs to offer interpretability to a subset of samples while maintaining the accuracy of the DNNs.

Decision Making Time Series

Core Risk Minimization using Salient ImageNet

no code implementations28 Mar 2022 Sahil Singla, Mazda Moayeri, Soheil Feizi

Deep neural networks can be unreliable in the real world especially when they heavily use spurious features for their predictions.

Provable Adversarial Robustness for Fractional Lp Threat Models

1 code implementation16 Mar 2022 Alexander Levine, Soheil Feizi

Our approach builds on a recent work, Levine and Feizi (2021), which provides a provable defense against L_1 attacks.

Adversarial Robustness

Measuring Self-Supervised Representation Quality for Downstream Classification using Discriminative Features

no code implementations3 Mar 2022 Neha Kalibhat, Kanika Narang, Hamed Firooz, Maziar Sanjabi, Soheil Feizi

Fine-tuning with Q-Score regularization can boost the linear probing accuracy of SSL models by up to 5. 8% on ImageNet-100 and 3. 7% on ImageNet-1K compared to their baselines.

Self-Supervised Learning

Improved Certified Defenses against Data Poisoning with (Deterministic) Finite Aggregation

1 code implementation5 Feb 2022 Wenxiao Wang, Alexander Levine, Soheil Feizi

DPA predicts through an aggregation of base classifiers trained on disjoint subsets of data, thus restricting its sensitivity to dataset distortions.

Data Poisoning

Certifying Model Accuracy under Distribution Shifts

1 code implementation28 Jan 2022 Aounon Kumar, Alexander Levine, Tom Goldstein, Soheil Feizi

Certified robustness in machine learning has primarily focused on adversarial perturbations of the input with a fixed attack budget for each point in the data distribution.

A Comprehensive Study of Image Classification Model Sensitivity to Foregrounds, Backgrounds, and Visual Attributes

no code implementations CVPR 2022 Mazda Moayeri, Phillip Pope, Yogesh Balaji, Soheil Feizi

While datasets with single-label supervision have propelled rapid advances in image classification, additional annotations are necessary in order to quantitatively assess how models make predictions.

Image Classification

Segment and Complete: Defending Object Detectors against Adversarial Patch Attacks with Robust Patch Detection

1 code implementation CVPR 2022 Jiang Liu, Alexander Levine, Chun Pong Lau, Rama Chellappa, Soheil Feizi

In addition, we design a robust shape completion algorithm, which is guaranteed to remove the entire patch from the images if the outputs of the patch segmenter are within a certain Hamming distance of the ground-truth patch masks.

Adversarial Attack Detection Adversarial Defense +4

Improving Deep Learning Interpretability by Saliency Guided Training

1 code implementation NeurIPS 2021 Aya Abdelsalam Ismail, Héctor Corrada Bravo, Soheil Feizi

In this paper, we tackle this issue and introduce a {\it saliency guided training}procedure for neural networks to reduce noisy gradients used in predictions while retaining the predictive performance of the model.

Time Series Time Series Analysis

On Hard Episodes in Meta-Learning

no code implementations21 Oct 2021 Samyadeep Basu, Amr Sharaf, Nicolo Fusi, Soheil Feizi

To address the issue of sub-par performance on hard episodes, we investigate and benchmark different meta-training strategies based on adversarial training and curriculum learning.


Salient ImageNet: How to discover spurious features in Deep Learning?

2 code implementations8 Oct 2021 Sahil Singla, Soheil Feizi

Our methodology is based on this key idea: to identify spurious or core \textit{visual features} used in model predictions, we identify spurious or core \textit{neural features} (penultimate layer neurons of a robust model) via limited human supervision (e. g., using top 5 activating images per feature).

FOCUS: Familiar Objects in Common and Uncommon Settings

1 code implementation7 Oct 2021 Priyatham Kattakinda, Soheil Feizi

Standard training datasets for deep learning often contain objects in common settings (e. g., "a horse on grass" or "a ship in water") since they are usually collected by randomly scraping the web.

Causal ImageNet: How to discover spurious features in Deep Learning?

no code implementations ICLR 2022 Sahil Singla, Soheil Feizi

Focusing on image classifications, we define causal attributes as the set of visual features that are always a part of the object while spurious attributes are the ones that are likely to {\it co-occur} with the object but not a part of it (e. g., attribute ``fingers" for class ``band aid").

Multi-Domain Self-Supervised Learning

no code implementations29 Sep 2021 Neha Mukund Kalibhat, Yogesh Balaji, C. Bayan Bruss, Soheil Feizi

In fact, training these methods on a combination of several domains often degrades the quality of learned representations compared to the models trained on a single domain.

Contrastive Learning Representation Learning +1

Sample Efficient Detection and Classification of Adversarial Attacks via Self-Supervised Embeddings

no code implementations ICCV 2021 Mazda Moayeri, Soheil Feizi

In this paper, we propose a self-supervised method to detect adversarial attacks and classify them to their respective threat models, based on a linear model operating on the embeddings from a pre-trained self-supervised encoder.

Adversarial Robustness

Improved deterministic l2 robustness on CIFAR-10 and CIFAR-100

1 code implementation ICLR 2022 Sahil Singla, Surbhi Singla, Soheil Feizi

While $1$-Lipschitz CNNs can be designed by enforcing a $1$-Lipschitz constraint on each layer, training such networks requires each layer to have an orthogonal Jacobian matrix (for all inputs) to prevent the gradients from vanishing during backpropagation.

Adversarial Robustness

Policy Smoothing for Provably Robust Reinforcement Learning

no code implementations ICLR 2022 Aounon Kumar, Alexander Levine, Soheil Feizi

Prior works in provable robustness in RL seek to certify the behaviour of the victim policy at every time-step against a non-adaptive adversary using methods developed for the static setting.

Adversarial Robustness Image Classification +3

Skew Orthogonal Convolutions

1 code implementation24 May 2021 Sahil Singla, Soheil Feizi

Then, we use the Taylor series expansion of the Jacobian exponential to construct the SOC layer that is orthogonal.

Adversarial Robustness

Understanding Overparameterization in Generative Adversarial Networks

no code implementations12 Apr 2021 Yogesh Balaji, Mohammadmahdi Sajedi, Neha Mukund Kalibhat, Mucong Ding, Dominik Stöger, Mahdi Soltanolkotabi, Soheil Feizi

We also empirically study the role of model overparameterization in GANs using several large-scale experiments on CIFAR-10 and Celeb-A datasets.

Improved, Deterministic Smoothing for L_1 Certified Robustness

1 code implementation17 Mar 2021 Alexander Levine, Soheil Feizi

To the best of our knowledge, this is the first work to provide deterministic "randomized smoothing" for a norm-based adversarial threat model while allowing for an arbitrary classifier (i. e., a deep model) to be used as a base classifier and without requiring an exponential number of smoothing samples.

Low Curvature Activations Reduce Overfitting in Adversarial Training

1 code implementation ICCV 2021 Vasu Singla, Sahil Singla, David Jacobs, Soheil Feizi

In particular, we show that using activation functions with low (exact or approximate) curvature values has a regularization effect that significantly reduces both the standard and robust generalization gaps in adversarial training.

Perceptual Adversarial Robustness: Generalizable Defenses Against Unforeseen Threat Models

no code implementations ICLR 2021 Cassidy Laidlaw, Sahil Singla, Soheil Feizi

We call this threat model the neural perceptual threat model (NPTM); it includes adversarial examples with a bounded neural perceptual distance (a neural network-based approximation of the true perceptual distance) to natural images.

Adversarial Defense Adversarial Robustness +1

Deep Partition Aggregation: Provable Defenses against General Poisoning Attacks

no code implementations ICLR 2021 Alexander Levine, Soheil Feizi

Against general poisoning attacks where no prior certified defenses exists, DPA can certify $\geq$ 50% of test images against over 500 poison image insertions on MNIST, and nine insertions on CIFAR-10.


Understanding Over-parameterization in Generative Adversarial Networks

no code implementations ICLR 2021 Yogesh Balaji, Mohammadmahdi Sajedi, Neha Mukund Kalibhat, Mucong Ding, Dominik Stöger, Mahdi Soltanolkotabi, Soheil Feizi

In this work, we present a comprehensive analysis of the importance of model over-parameterization in GANs both theoretically and empirically.

Fantastic Four: Differentiable and Efficient Bounds on Singular Values of Convolution Layers

no code implementations ICLR 2021 Sahil Singla, Soheil Feizi

Through experiments on MNIST and CIFAR-10, we demonstrate the effectiveness of our spectral bound in improving generalization and robustness of deep networks.

Tight Second-Order Certificates for Randomized Smoothing

1 code implementation20 Oct 2020 Alexander Levine, Aounon Kumar, Thomas Goldstein, Soheil Feizi

In this work, we show that there also exists a universal curvature-like bound for Gaussian random smoothing: given the exact value and gradient of a smoothed function, we compute a lower bound on the distance of a point to its closest adversarial example, called the Second-order Smoothing (SoS) robustness certificate.

Robust Optimal Transport with Applications in Generative Modeling and Domain Adaptation

2 code implementations NeurIPS 2020 Yogesh Balaji, Rama Chellappa, Soheil Feizi

To remedy this issue, robust formulations of OT with unbalanced marginal constraints have previously been proposed.

Domain Adaptation

Winning Lottery Tickets in Deep Generative Models

1 code implementation5 Oct 2020 Neha Mukund Kalibhat, Yogesh Balaji, Soheil Feizi

In this paper, we confirm the existence of winning tickets in deep generative models such as GANs and VAEs.

GANs with Variational Entropy Regularizers: Applications in Mitigating the Mode-Collapse Issue

no code implementations24 Sep 2020 Pirazh Khorramshahi, Hossein Souri, Rama Chellappa, Soheil Feizi

To tackle this issue, we take an information-theoretic approach and maximize a variational lower bound on the entropy of the generated samples to increase their diversity.

Certifying Confidence via Randomized Smoothing

no code implementations NeurIPS 2020 Aounon Kumar, Alexander Levine, Soheil Feizi, Tom Goldstein

It uses the probabilities of predicting the top two most-likely classes around an input point under a smoothing distribution to generate a certified radius for a classifier's prediction.


Dual Manifold Adversarial Robustness: Defense against Lp and non-Lp Adversarial Attacks

no code implementations NeurIPS 2020 Wei-An Lin, Chun Pong Lau, Alexander Levine, Rama Chellappa, Soheil Feizi

Using OM-ImageNet, we first show that adversarial training in the latent space of images improves both standard accuracy and robustness to on-manifold attacks.

Adversarial Robustness

Deep Partition Aggregation: Provable Defense against General Poisoning Attacks

no code implementations26 Jun 2020 Alexander Levine, Soheil Feizi

Our defense against label-flipping attacks, SS-DPA, uses a semi-supervised learning algorithm as its base classifier model: each base classifier is trained using the entire unlabeled training set in addition to the labels for a partition.


Influence Functions in Deep Learning Are Fragile

no code implementations ICLR 2021 Samyadeep Basu, Philip Pope, Soheil Feizi

Influence functions approximate the effect of training samples in test-time predictions and have a wide variety of applications in machine learning interpretability and uncertainty estimation.

Perceptual Adversarial Robustness: Defense Against Unseen Threat Models

2 code implementations22 Jun 2020 Cassidy Laidlaw, Sahil Singla, Soheil Feizi

We call this threat model the neural perceptual threat model (NPTM); it includes adversarial examples with a bounded neural perceptual distance (a neural network-based approximation of the true perceptual distance) to natural images.

Adversarial Defense Adversarial Robustness +1

Fairness Through Robustness: Investigating Robustness Disparity in Deep Learning

1 code implementation17 Jun 2020 Vedant Nanda, Samuel Dooley, Sahil Singla, Soheil Feizi, John P. Dickerson

In this paper, we argue that traditional notions of fairness that are only based on models' outputs are not sufficient when the model is vulnerable to adversarial attacks.

Decision Making Face Recognition +1

Second-Order Provable Defenses against Adversarial Attacks

no code implementations ICML 2020 Sahil Singla, Soheil Feizi

Second, we derive a computationally-efficient differentiable upper bound on the curvature of a deep network.

GANs with Conditional Independence Graphs: On Subadditivity of Probability Divergences

no code implementations2 Mar 2020 Mucong Ding, Constantinos Daskalakis, Soheil Feizi

GANs, however, are designed in a model-free fashion where no additional information about the underlying distribution is available.

Image-to-Image Translation Time Series Analysis

(De)Randomized Smoothing for Certifiable Defense against Patch Attacks

1 code implementation NeurIPS 2020 Alexander Levine, Soheil Feizi

In this paper, we introduce a certifiable defense against patch attacks that guarantees for a given image and patch attack size, no patch adversarial examples exist.

Curse of Dimensionality on Randomized Smoothing for Certifiable Robustness

1 code implementation ICML 2020 Aounon Kumar, Alexander Levine, Tom Goldstein, Soheil Feizi

Notably, for $p \geq 2$, this dependence on $d$ is no better than that of the $\ell_p$-radius that can be certified using isotropic Gaussian smoothing, essentially putting a matching lower bound on the robustness radius.

Playing it Safe: Adversarial Robustness with an Abstain Option

no code implementations25 Nov 2019 Cassidy Laidlaw, Soheil Feizi

We explore adversarial robustness in the setting in which it is acceptable for a classifier to abstain---that is, output no class---on adversarial examples.

Adversarial Robustness

Fantastic Four: Differentiable Bounds on Singular Values of Convolution Layers

1 code implementation22 Nov 2019 Sahil Singla, Soheil Feizi

Through experiments on MNIST and CIFAR-10, we demonstrate the effectiveness of our spectral bound in improving generalization and provable robustness of deep networks.

Robustness Certificates for Sparse Adversarial Attacks by Randomized Ablation

1 code implementation21 Nov 2019 Alexander Levine, Soheil Feizi

This is comparable to the observed empirical robustness of unprotected classifiers on MNIST to modern L_0 attacks, demonstrating the tightness of the proposed robustness certificate.

Robust classification

Adversarial Robustness of Flow-Based Generative Models

no code implementations20 Nov 2019 Phillip Pope, Yogesh Balaji, Soheil Feizi

Finally, using a hybrid adversarial training procedure, we significantly boost the robustness of these generative models.

Adversarial Robustness

On Second-Order Group Influence Functions for Black-Box Predictions

no code implementations ICML 2020 Samyadeep Basu, Xuchen You, Soheil Feizi

Often we want to identify an influential group of training samples in a particular test prediction for a given machine learning model.

BIG-bench Machine Learning Test

Quantum Wasserstein Generative Adversarial Networks

1 code implementation NeurIPS 2019 Shouvanik Chakrabarti, Yiming Huang, Tongyang Li, Soheil Feizi, Xiaodi Wu

The study of quantum generative models is well-motivated, not only because of its importance in quantum machine learning and quantum chemistry but also because of the perspective of its implementation on near-term quantum machines.

Quantum Machine Learning

Wasserstein Smoothing: Certified Robustness against Wasserstein Adversarial Attacks

no code implementations23 Oct 2019 Alexander Levine, Soheil Feizi

An example of an attack method based on a non-additive threat model is the Wasserstein adversarial attack proposed by Wong et al. (2019), where the distance between an image and its adversarial example is determined by the Wasserstein metric ("earth-mover distance") between their normalized pixel intensities.

Adversarial Attack Image Classification

Deep k-NN Defense against Clean-label Data Poisoning Attacks

1 code implementation29 Sep 2019 Neehar Peri, Neal Gupta, W. Ronny Huang, Liam Fowl, Chen Zhu, Soheil Feizi, Tom Goldstein, John P. Dickerson

Targeted clean-label data poisoning is a type of adversarial attack on machine learning systems in which an adversary injects a few correctly-labeled, minimally-perturbed samples into the training data, causing a model to misclassify a particular test sample during inference.

Adversarial Attack Data Poisoning +1

Curvature-based Robustness Certificates against Adversarial Examples

no code implementations25 Sep 2019 Sahil Singla, Soheil Feizi

We also use the curvature bound as a regularization term during the training of the network to boost its certified robustness against adversarial examples.

Interpretable Adversarial Training for Text

no code implementations30 May 2019 Samuel Barham, Soheil Feizi

SPGD imposes a directional regularization constraint on input perturbations by projecting them onto the directions to nearby word embeddings with highest cosine similarities.

Word Embeddings

Functional Adversarial Attacks

1 code implementation NeurIPS 2019 Cassidy Laidlaw, Soheil Feizi

For simplicity, we refer to functional adversarial attacks on image colors as ReColorAdv, which is the main focus of our experiments.

Adversarial Attack

Certifiably Robust Interpretation in Deep Learning

no code implementations28 May 2019 Alexander Levine, Sahil Singla, Soheil Feizi

Deep learning interpretation is essential to explain the reasoning behind model predictions.

Adversarially Robust Distillation

2 code implementations23 May 2019 Micah Goldblum, Liam Fowl, Soheil Feizi, Tom Goldstein

In addition to producing small models with high test accuracy like conventional distillation, ARD also passes the superior robustness of large networks onto the student.

Adversarial Robustness Knowledge Distillation +1

Normalized Wasserstein Distance for Mixture Distributions with Applications in Adversarial Learning and Domain Adaptation

1 code implementation1 Feb 2019 Yogesh Balaji, Rama Chellappa, Soheil Feizi

Using the proposed normalized Wasserstein measure leads to significant performance gains for mixture distributions with imbalanced mixture proportions compared to the vanilla Wasserstein distance.

Clustering Domain Adaptation

Robustness Certificates Against Adversarial Examples for ReLU Networks

no code implementations1 Feb 2019 Sahil Singla, Soheil Feizi

These robustness certificates leverage the piece-wise linear structure of ReLU networks and use the fact that in a polyhedron around a given sample, the prediction function is linear.

General Classification Multi-Label Classification

Understanding Impacts of High-Order Loss Approximations and Features in Deep Learning Interpretation

1 code implementation1 Feb 2019 Sahil Singla, Eric Wallace, Shi Feng, Soheil Feizi

Second, we compute the importance of group-features in deep learning interpretation by introducing a sparsity regularization term.

Feature Importance General Classification

Porcupine Neural Networks: Approximating Neural Network Landscapes

no code implementations NeurIPS 2018 Soheil Feizi, Hamid Javadi, Jesse Zhang, David Tse

Neural networks have been used prominently in several machine learning and statistics applications.

Entropic GANs meet VAEs: A Statistical Approach to Compute Sample Likelihoods in GANs

1 code implementation ICLR 2019 Yogesh Balaji, Hamed Hassani, Rama Chellappa, Soheil Feizi

Building on the success of deep learning, two modern approaches to learn a probability model from the data are Generative Adversarial Networks (GANs) and Variational AutoEncoders (VAEs).

Are adversarial examples inevitable?

no code implementations ICLR 2019 Ali Shafahi, W. Ronny Huang, Christoph Studer, Soheil Feizi, Tom Goldstein

Using experiments, we explore the implications of theoretical guarantees for real-world problems and discuss how factors such as dimensionality and image complexity limit a classifier's robustness against adversarial examples.

Tensor Biclustering

1 code implementation NeurIPS 2017 Soheil Feizi, Hamid Javadi, David Tse

Consider a dataset where data is collected on multiple features of multiple individuals over multiple times.

Understanding GANs: the LQG Setting

no code implementations ICLR 2018 Soheil Feizi, Farzan Farnia, Tony Ginart, David Tse

Generative Adversarial Networks (GANs) have become a popular method to learn a probability model from data.

Porcupine Neural Networks: (Almost) All Local Optima are Global

1 code implementation5 Oct 2017 Soheil Feizi, Hamid Javadi, Jesse Zhang, David Tse

Neural networks have been used prominently in several machine learning and statistics applications.

Maximally Correlated Principal Component Analysis

no code implementations17 Feb 2017 Soheil Feizi, David Tse

For jointly Gaussian variables we show that the covariance matrix corresponding to the identity (or the negative of the identity) transformations majorizes covariance matrices of non-identity functions.

Dimensionality Reduction

Network Maximal Correlation

no code implementations15 Jun 2016 Soheil Feizi, Ali Makhdoumi, Ken Duffy, Muriel Medard, Manolis Kellis

For jointly Gaussian variables, we show that under some conditions the NMC optimization is an instance of the Max-Cut problem.

graph partitioning

Maximum Likelihood Latent Space Embedding of Logistic Random Dot Product Graphs

no code implementations3 Oct 2015 Luke O'Connor, Muriel Médard, Soheil Feizi

A latent space model of particular interest is the Random Dot Product Graph (RDPG), which can be fit using an efficient spectral method; however, this method is based on a heuristic that can fail, even in simple cases.

Clustering regression

Cannot find the paper you are looking for? You can Submit a new open access paper.