Description
The 38th Seminar
Date and Time: Oct. 31st 11:00 am – 12:00 pm(JST)
Venue: Zoom webinar
Language: English
Speaker: Gaurang Sriramanan (University of Maryland)
Title: Toward Efficient Evaluation and Training of Adversarially Robust Neural Networks
Short Abstract:
While current Machine Learning models achieve excellent performance on standard data, they are overwhelmingly susceptible to imperceptible perturbations to their inputs, known as adversarial attacks. Efficient and effective attacks are crucial for reliable evaluation of defenses, and also for developing robust models. In this talk, I will present some of our research work that focuses on addressing both these directions. We first propose Guided Adversarial Margin Attack, wherein we introduce a relaxation term to the standard loss that finds more suitable gradient-directions, increases attack efficacy and leads to more efficient adversarial training. In the latter part of the talk, I shall present our work on utilizing Nuclear Norm regularization that uses the joint statistics of adversarial samples across a minibatch to enhance optimization. We further demonstrate how Nuclear Norm based training can be extended to achieve robustness under a union of threat models simultaneously, while utilizing only single-step adversaries during the training regime. Using the techniques so mentioned, we demonstrate equivalent or superior robustness when compared to multi-step adversarial defenses, while requiring a significantly lower computational cost.
