In deep learning and computer vision, data is often assumed to lie on a low-dimensional manifold, embedded within the potentially high-dimensional input space — as, for example, for images. However, the manifold is usually not known which hinders deeper understanding of many phenomena in deep learning, such as adversarial examples. Based on my recent CVPR’19 paper, I want to present FONTS, a MNIST-like, synthetically created dataset with known manifold to study adversarial example.
In the last few months, there were at least 50 papers per month related to adversarial examples — on ArXiv alone. While not all of them might meet the high bar of conferences such as ICLR, ICML or NeurIPS regarding their contributions and experiments, it becomes more and more difficult to stay on top of the literature. In this article, I want to share a categorized list of more than 240 papers on adversarial examples and related topics.
With the rising success of deep neural networks, their reliability in terms of robustness (for example, against various kinds of adversarial examples) and confidence estimates becomes increasingly important. Bayesian neural networks promise to address these issues by directly modeling the uncertainty of the estimated network weights. In this article, I want to give a short introduction of training Bayesian neural networks, covering three recent approaches.
The Heidelberg Laureate Forum brings together young researchers and laureates in computer science and mathematics. During lectures, workshops, panel discussions and social events, the forum fosters personal and scientific exchange with other young researchers as well as laureates. I was incredibly lucky to have the opportunity to participate in the 7th Heidelberg Laureate Forum 2019. In this article, I want to give a short overview of the forum and share some of my impressions.
This article is a short follow-up on my initial collection of examples for getting started with Torch. In the meanwhile, through a series of additional articles, the corresponding GitHub repository has grown, including not only basic examples but also more advanced examples such as variational auto-encoders, generative adversarial networks or adversarial auto encoders. This article aims to provide a short overview of the added examples.
Adversarial training is the de-facto standard to obtain models robust against adversarial examples. However, on complex datasets, a significant loss in accuracy is incurred and the robustness does not generalize to attacks not used during training. This paper introduces confidence-calibrated adversarial training. By forcing the confidence on adversarial examples to decay with their distance to the training data, the loss in accuracy is reduced and robustness generalizes to other attacks and larger perturbations.
In early May, I received the Qualcomm Innovation Fellowship 2019 for my ongoing research on adversarial robustness of deep neural networks. After an initial application round, I was invited to the University of Amsterdam’s Science Park for the finalist round. The winners were selected based on a short research talk including questions from Qualcomm researchers.
This article presents the poster for our CVPR’19 paper on adversarial robustness and generalization. In addition to CVPR’19, we also presented this work at the ICML’19 Workshop on Uncertainty and Robustness in Deep Learning, with a slightly smaller poster.
Our paper on adversarial robustness and generalization was accepted at CVPR’19. In the revised paper, we show that adversarial examples usually leave the manifold, including a brief theoretical argumentation. Similarly, adversarial examples can be found on the manifold; then, robustness is nothing else than generalization. For (off-manifold) adversarial examples, in contrast, we show that generalization and robustness are not necessarily contradicting objectives. As example, on synthetic data, we adversarially train a robust and accurate model. This article gives a short abstract and provides the paper including appendix.
Obtaining deep networks robust against adversarial examples is a widely open problem. While many papers are devoted to training more robust deep networks, a clear definition of adversarial examples has not been agreed upon. In this article, I want to discuss two very simple toy examples illustrating the necessity of a proper definition of adversarial examples.