Adversarial training is the de-facto standard to obtain models robust against adversarial examples. However, on complex datasets, a significant loss in accuracy is incurred and the robustness does not generalize to attacks not used during training. This paper introduces confidence-calibrated adversarial training. By forcing the confidence on adversarial examples to decay with their distance to the training data, the loss in accuracy is reduced and robustness generalizes to other attacks and larger perturbations.
In early May, I received the Qualcomm Innovation Fellowship 2019 for my ongoing research on adversarial robustness of deep neural networks. After an initial application round, I was invited to the University of Amsterdam’s Science Park for the finalist round. The winners were selected based on a short research talk including questions from Qualcomm researchers.
This article presents the poster for our CVPR’19 paper on adversarial robustness and generalization. In addition to CVPR’19, we also presented this work at the ICML’19 Workshop on Uncertainty and Robustness in Deep Learning, with a slightly smaller poster.
Our paper on adversarial robustness and generalization was accepted at CVPR’19. In the revised paper, we show that adversarial examples usually leave the manifold, including a brief theoretical argumentation. Similarly, adversarial examples can be found on the manifold; then, robustness is nothing else than generalization. For (off-manifold) adversarial examples, in contrast, we show that generalization and robustness are not necessarily contradicting objectives. As example, on synthetic data, we adversarially train a robust and accurate model. This article gives a short abstract and provides the paper including appendix.
Obtaining deep networks robust against adversarial examples is a widely open problem. While many papers are devoted to training more robust deep networks, a clear definition of adversarial examples has not been agreed upon. In this article, I want to discuss two very simple toy examples illustrating the necessity of a proper definition of adversarial examples.
During my master thesis I partly worked on OctNets, octree-bases convolutional neural networks for efficient learning in 3D. Among others, I implemented convolutional batch normalization for OctNets. This article briefly discusses the implementation, which will be available on GitHub.
Obtaining high-quality visualizations of 3D data such as triangular meshes or occupancy grids, as needed for publications in computer graphics and computer vision, is difficult. In this article, I want to present a GitHub repository containing some utility scripts for paper-ready visualizations of meshes and occupancy grids using Blender and Python.
To date, it is unclear whether we can obtain both accurate and robust deep networks — meaning deep networks that generalize well and resist adversarial examples. In this pre-print, we aim to disentangle the relationship between adversarial robustness and generalization. The paper is available on ArXiv.
Our CVPR’18 follow-up paper has been accepted at IJCV. In this longer paper we extend our weakly-supervised 3D shape completion approach to obtain high-quality shape predictions, and also present updated, synthetic benchmarks on ShapeNet and ModelNet. The paper is available through Springer Link and ArXiv.
In September, I received the STEM-Award IT 2018 for the best master thesis on autonomous driving. The award with the topic “On The Road to Vision Zero” was sponsored by ZF, audimax and MINT Zukunft Schaffen. The jury specifically highlighted the high scientific standard of my master thesis “Learning 3D Shape Completion under Weak Supervision”.