Robustness of classifiers_from_adversarial_to_random_noise
43
Robustness of classifiers: from adversarial to random noise hskksk @ 2017/2/3 1
-
Upload
keisuke-hosaka -
Category
Data & Analytics
-
view
195 -
download
0
Transcript of Robustness of classifiers_from_adversarial_to_random_noise
Robustness of classifiers: from adversarial to random noise
hskksk @ 2017/2/3
1
•
• nota&on
• /
•
•
2
3
Fawzi, A., Moosavi-Dezfooli, S.-M., & Frossard, P. (2016). Robustness of classifiers: from adversarial to random noise. In NIPS (pp. 1624–1632).
4
• Deep learning state-of-the-art
• Adversarial ( )
•
• Adversarial
5
Adversarial (1)
•
•
• :
6
Adversarial (2)
•
•
worst-case
• worst-case
7
(1)
• [1, 10, 19]
• DL adversarial example [17]
• DL adversarial example
• [3, 5, 14, 18]
• robust network [6, 8, 20, 13, 15, 12]
8
(2)
• [18] empirical adversarial example
pixel
• [3] random adversarial
9
• semi-random
• semi-random random/worst-case
• worst-case semi-random
•
10
nota%on
11
nota%on
クラス分類器
データ点
推定されたラベル
次元 の の任意の部分空間
12
•
•
•
13
adversarial
•
•
• adversarial
→ adversarial
14
15
16
•
•
17
1:
•
18
• 1
•
•
•
19
(d )
•
•
• e.g.
(
)
20
(m=1 )
•
21
1
•
• m
22
23
•
• pairwise
•
•
•
24
( )
•
•
25
(1)
• bound
•
• i j
worst-case
26
(2)
• worst-case radius:
• :
•
•
27
2: ( )
•
•
28
•
•
• affine classifier
29
•
•
( )
•
30
2-1: (1)
• (5)
•
31
2-1: (2)
•
• global 2
• 2
( )
32
33
1: 2-1 (1)
•
•
• 1 1
34
1: 2-1 (2)
• [13]
• 1000
35
1 (1)
• 1 2-1
36
1 (2)
•
37
2: (5)
•
•
•
38
2 (1)
39
2 (2)
•
• (5)
•
(5)
•
40
3:
•
• NIPS,SPAIN,2016
•
•
•
41
3
•
Po$lower → Pineapple
42
• → adversarial
•
robust
• state-of-the-art semi-random
43
