Properly evaluating defenses against adversarial examples has been difficult as adversarial attacks need to be adapted to each individual defense. This also holds for confidence-calibrated adversarial training, where robustness is obtained by rejecting adversarial examples based on their confidence. Thus, regular robustness metrics and attacks are not easily applicable. In this article, I want to discuss how to evaluate confidence-calibrated adversarial training in terms of metrics and attacks.
Recently, I had the opportunity to be a guest on Jay Shah’s podcast where he regularly talks to machine learning professionals from industry and academia. We had a great conversation about my PhD research and topics surrounding a successful career in machine learning — finding a good PhD program and research topic, preparing for interviews in industry, etc.