Search Results for author:
Found 43 papers, 19 papers with code
On the Difficulty of Constructing a Robust and Publicly-Detectable Watermark
This work investigates the theoretical boundaries of creating publicly-detectable schemes to enable the provenance of watermarked imagery.
Evaluating Model Bias Requires Characterizing its Mistakes
We demonstrate that characterizing (as opposed to simply quantifying) model mistakes across subgroups is pivotal to properly reflect model biases, which are ignored by standard metrics such as worst-group accuracy or accuracy gap.
Generative models improve fairness of medical classifiers under distribution shifts
In our work, we show that learning realistic augmentations automatically from data is possible in a label-efficient manner using generative models.
Differentially Private Diffusion Models Generate Useful Synthetic Images
By privately fine-tuning ImageNet pre-trained diffusion models with more than 80M parameters, we obtain SOTA results on CIFAR-10 and Camelyon17 in terms of both FID and the accuracy of downstream classifiers trained on synthetic data.
Seasoning Model Soups for Robustness to Adversarial and Natural Distribution Shifts
Adversarial training is widely used to make classifiers robust to a specific threat or adversary, such as $\ell_p$-norm bounded perturbations of a given $p$-norm.
Benchmarking Robustness to Adversarial Image Obfuscations
We evaluate 33 pretrained models on the benchmark and train models with different augmentations, architectures and training methods on subsets of the obfuscations to measure generalization.
Hindering Adversarial Attacks with Implicit Neural Representations
We introduce the Lossy Implicit Network Activation Coding (LINAC) defence, an input transformation which successfully hinders several common adversarial attacks on CIFAR-$10$ classifiers for perturbations up to $\epsilon = 8/255$ in $L_\infty$ norm and $\epsilon = 0. 5$ in $L_2$ norm.
Revisiting adapters with adversarial training
By co-training a neural network on clean and adversarial inputs, it is possible to improve classification accuracy on the clean, non-adversarial inputs.
Discovering Bugs in Vision Models using Off-the-shelf Image Generation and Captioning
Misclassified inputs are clustered and a captioning model is used to describe each cluster.
Robustness of Epinets against Distributional Shifts
However, these improvements are relatively small compared to the outstanding issues in distributionally-robust deep learning.
Evaluating the Adversarial Robustness of Adaptive Test-time Defenses
Adaptive defenses, which optimize at test time, promise to improve adversarial robustness.
Competition-Level Code Generation with AlphaCode
Programming is a powerful and ubiquitous problem-solving tool.
Ranked #1 on
Code Generation
on APPS
(Competition Pass@5 metric)
Data Augmentation Can Improve Robustness
Adversarial training suffers from robust overfitting, a phenomenon where the robust test accuracy starts to decrease during training.
A Fine-Grained Analysis on Distribution Shift
Despite this necessity, there has been little work in defining the underlying mechanisms that cause these shifts and evaluating the robustness of algorithms across multiple, different distribution shifts.
Improving Robustness using Generated Data
Against $\ell_\infty$ norm-bounded perturbations of size $\epsilon = 8/255$, our models achieve 66. 10% and 33. 49% robust accuracy on CIFAR-10 and CIFAR-100, respectively (improving upon the state-of-the-art by +8. 96% and +3. 29%).
An Empirical Investigation of Learning from Biased Toxicity Labels
Collecting annotations from human raters often results in a trade-off between the quantity of labels one wishes to gather and the quality of these labels.
A Closer Look at the Adversarial Robustness of Information Bottleneck Models
We study the adversarial robustness of information bottleneck models for classification.
Defending Against Image Corruptions Through Adversarial Augmentations
Modern neural networks excel at image classification, yet they remain vulnerable to common image corruptions such as blur, speckle noise or fog.
Fixing Data Augmentation to Improve Adversarial Robustness
In particular, against $\ell_\infty$ norm-bounded perturbations of size $\epsilon = 8/255$, our model reaches 64. 20% robust accuracy without using any external data, beating most prior works that use external data.
Make Sure You're Unsure: A Framework for Verifying Probabilistic Specifications
In this direction, we first introduce a general formulation of probabilistic specifications for neural networks, which captures both probabilistic networks (e. g., Bayesian neural networks, MC-Dropout networks) and uncertain inputs (distributions over inputs arising from sensor noise or other perturbations).
Bridging the Gap Between Adversarial Robustness and Optimization Bias
We demonstrate that the choice of optimizer, neural network architecture, and regularizer significantly affect the adversarial robustness of linear neural networks, providing guarantees without the need for adversarial training.
Self-supervised Adversarial Robustness for the Low-label, High-data Regime
Experiments on CIFAR-10 against $\ell_2$ and $\ell_\infty$ norm-bounded perturbations demonstrate that BYORL achieves near state-of-the-art robustness with as little as 500 labeled examples.
Autoencoding Variational Autoencoder
We provide experimental results on the ColorMnist and CelebA benchmark datasets that quantify the properties of the learned representations and compare the approach with a baseline that is specifically trained for the desired property.
The Autoencoding Variational Autoencoder
We provide experimental results on the ColorMnist and CelebA benchmark datasets that quantify the properties of the learned representations and compare the approach with a baseline that is specifically trained for the desired property.
Uncovering the Limits of Adversarial Training against Norm-Bounded Adversarial Examples
In the setting with additional unlabeled data, we obtain an accuracy under attack of 65. 88% against $\ell_\infty$ perturbations of size $8/255$ on CIFAR-10 (+6. 35% with respect to prior art).
Towards Verified Robustness under Text Deletion Interventions
Neural networks are widely used in Natural Language Processing, yet despite their empirical successes, their behaviour is brittle: they are both over-sensitive to small input changes, and under-sensitive to deletions of large fractions of input text.
A FRAMEWORK FOR ROBUSTNESS CERTIFICATION OF SMOOTHED CLASSIFIERS USING F-DIVERGENCES
Formal verification techniques that compute provable guarantees on properties of machine learning models, like robustness to norm-bounded adversarial perturbations, have yielded impressive results.
An empirical investigation of the challenges of real-world reinforcement learning
We believe that an approach that addresses our set of proposed challenges would be readily deployable in a large number of real world problems.
Achieving Robustness in the Wild via Adversarial Mixing with Disentangled Representations
Specifically, we leverage the disentangled latent representations computed by a StyleGAN model to generate perturbations of an image that are similar to real-world variations (like adding make-up, or changing the skin-tone of a person) and train models to be invariant to these perturbations.
Towards Robust Image Classification Using Sequential Attention Models
In this paper we propose to augment a modern neural-network architecture with an attention model inspired by human perception.
An Alternative Surrogate Loss for PGD-based Adversarial Testing
Adversarial testing methods based on Projected Gradient Descent (PGD) are widely used for searching norm-bounded perturbations that cause the inputs of neural networks to be misclassified.
Scalable Verified Training for Provably Robust Image Classification
Recent work has shown that it is possible to train deep neural networks that are provably robust to norm-bounded adversarial perturbations.
Scalable Neural Learning for Verifiable Consistency with Temporal Specifications
Formal verification of machine learning models has attracted attention recently, and significant progress has been made on proving simple properties like robustness to small perturbations of the input features.
Achieving Verified Robustness to Symbol Substitutions via Interval Bound Propagation
Neural networks are part of many contemporary NLP systems, yet their empirical successes come at the price of vulnerability to adversarial attacks.
Adversarial Robustness through Local Linearization
Using this regularizer, we exceed current state of the art and achieve 47% adversarial accuracy for ImageNet with l-infinity adversarial perturbations of radius 4/255 under an untargeted, strong, white-box attack.
Towards Stable and Efficient Training of Verifiably Robust Neural Networks
In this paper, we propose a new certified adversarial training method, CROWN-IBP, by combining the fast IBP bounds in a forward bounding pass and a tight linear relaxation based bound, CROWN, in a backward bounding pass.
Verification of Non-Linear Specifications for Neural Networks
We show that a number of important properties of interest can be modeled within this class, including conservation of energy in a learned dynamics model of a physical system; semantic consistency of a classifier's output labels under adversarial perturbations and bounding errors in a system that predicts the summation of handwritten digits.
On the Effectiveness of Interval Bound Propagation for Training Verifiably Robust Models
Recent work has shown that it is possible to train deep neural networks that are provably robust to norm-bounded adversarial perturbations.
Learning from Delayed Outcomes via Proxies with Applications to Recommender Systems
Predicting delayed outcomes is an important problem in recommender systems (e. g., if customers will finish reading an ebook).
Training verified learners with learned verifiers
This paper proposes a new algorithmic framework, predictor-verifier training, to train neural networks that are verifiable, i. e., networks that provably satisfy some desired input-output properties.
A Dual Approach to Scalable Verification of Deep Networks
In contrast, our framework applies to a general class of activation functions and specifications on neural network inputs and outputs.
Beyond Greedy Ranking: Slate Optimization via List-CVAE
The conventional solution to the recommendation problem greedily ranks individual document candidates by prediction scores.
