Center for Advanced Intelligence Project

Speaker

Shpresim Sadiku (Technische Universität Berlin & Zuse Institute Berlin)

Title

Minimally Distorted Interpretable Adversarial Attacks

Abstract

Sparse adversarial attack approaches can be unified in a framework that is often based on a convex relaxation of the domain of the generated perturbation. However, there is a priori no real need for convexity relaxation. We consider generating adversarial images with a non-convex loss in a non-convex ℓp neighbourhood of an input image, thus stepping away from the ℓ0 combinatorial problem while remaining as continuous but sparser than the ℓ1 ball. We formalise the concept of finding adversarial examples as an explicit optimization problem for the special case of p = 1/2, for which we have access to an efficient proximal operator. In order to enhance the interpretability of generated attacks, we adjust the regularization parameter of the perturbation for each pixel separately. This modification increases the likelihood of perturbing pixels that are in proximity to the already perturbed pixels. Experiments show that our method computes highly sparse and interpretable adversarial examples for ImageNet models.

Zoom link

Time: Aug 28, 2023 10:45 AM Osaka, Sapporo, Tokyo

Join Zoom Meeting
https://riken-jp.zoom.us/j/98897491464?pwd=UUF6dkRUTW9TL0EzeWpickNDMy9idz09

Meeting ID: 988 9749 1464
Passcode: 4LhxeEKUii

Speaker’s bio

Shpresim Sadiku is a PhD candidate at the Institute of Mathematics, Technische Universität Berlin, working under the supervision of Prof. Dr. Sebastian Pokutta. He is also affiliated with the Interactive Optimization and Learning (IOL) research lab at the Zuse Institute Berlin, where he holds a Scientific Assistant position. Previously, he worked on Neural Ordinary Differential Equations and Neural Networks Approximation Theory. He received an MSc in Mathematics in Data Science under the supervision of Prof. Dr. Michael Wolf at the Technical University of Munich in May 2020 and a BSc in Mathematics at the University of Tirana in July 2017.

His current research interests lie at the interface of 2D Computer Vision and Optimization, with a primary focus on developing efficient adversarial attack and defense techniques for deep neural networks. Currently, he is using first-order optimization methods to generate sparse adversarial attacks of high visual quality.

Host

Minh Ha Quang (Functional Analytic Learning Team, RIKEN-AIP)