Adversarial Machine Learning

Size: px

Start display at page:

Download "Adversarial Machine Learning"

Hilda Dean
5 years ago
Views:

C-RNN-GAN South Park Commons San Francisco, 2018-05-24 BPDA DR-GAN BS-GAN DCGAN MAGAN 3D-GAN CCGAN AC-GAN Adversarial Training

1 MedGAN Progressive GAN CoGAN LR-GAN CGAN IcGAN BIM LS-GAN AffGAN LAPGAN DiscoGANMPM-GAN AdaGAN LSGAN InfoGAN ATN FGSM igan IAN Adversarial Machine Learning McGAN Ian Goodfellow, Staff Research Scientist, Google Brain MIX+GAN MGAN C-VAE-GAN FF-GAN C-RNN-GAN South Park Commons San Francisco, BPDA DR-GAN BS-GAN DCGAN MAGAN 3D-GAN CCGAN AC-GAN Adversarial Training GAWWN Bayesian GAN EBGAN SN-GAN Context-RNN-GAN ALI f-gan PGD ArtGAN BiGAN CycleGAN Gradient Masking AnoGAN DTN MAD-GAN BEGAN AL-CGAN MalGAN

2 Adversarial Machine Learning Traditional ML: optimization Adversarial ML: game theory Minimum One player, one cost Equilibrium More than one player, more than one cost

3 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

4 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

5 Generative Modeling: Sample Generation Training Data Sample Generator (CelebA) (Karras et al, 2017) (Goodfellow 2018)

function D D x sampled from data x sampled from model

6 Adversarial Nets Framework D(x) tries to be near 1 D tries to make D(G(z)) near 0, G tries to make D(G(z)) near 1 Differentiable function D D x sampled from data x sampled from model Differentiable function G (Goodfellow et al., 2014) Input noise z (Goodfellow 2018)

7 GANs for simulated training data (Shrivastava et al., 2016) (Goodfellow 2018)

8 nsupervised Image-to-Image Translation Day to night (Liu et al., 2017) (Goodfellow 2018)

9 CycleGAN (Zhu et al., 2017) (Goodfellow 2018)

10 Designing DNA to optimize protein binding (Killoran et al, 2017) (Goodfellow 2018)

11 Personalized GANufacturing (Hwang et al 2018) (Goodfellow 2018)

12 Self-Attention GAN State of the art FID on ImageNet: 1000 categories, 128x128 pixels Goldfish Redshank Tiger Cat Geyser Broccoli Stone Wall Indigo Bunting (Zhang et al, 2018) Saint Bernard (Goodfellow 2018)

13 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

14 Adversarial Examples X ŷ x

15 Adversarial Examples in the Physical World (Kurakin et al, 2016)

16 Training on Adversarial Examples 10 0 Test misclassification rate Train=Clean, Test=Clean Train=Clean, Test=Adv Train=Adv, Test=Clean Train=Adv, Test=Adv Training time (epochs) (CleverHans tutorial, using method of Goodfellow et al 2014)

17 Adversarial Logit Pairing Logit pairing State of the art clean logits adv logits defense on ImageNet Adversarial perturbation (Kannan et al, 2018) (Goodfellow 2018)

18 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

19 Adversarial Examples for RL (Huang et al., 2017)

20 Self-Play 1959: Arthur Samuel s checkers agent (OpenAI, 2017) (Silver et al, 2017) (Bansal et al, 2017)

21 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

22 Extreme Reliability We want extreme reliability for Autonomous vehicles Air traffic control Surgery robots Medical diagnosis, etc. Adversarial machine learning research techniques can help with this Katz et al 2017: verification system, applied to air traffic control

23 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

24 Supervised Discriminator for Semi-Supervised Learning Real Fake Real cat Real dog Fake Hidden units Hidden units Learn to read with 100 labels rather Input Input than 60,000 (Odena 2016, Salimans et al 2016) (Goodfellow 2018)

25 Virtual Adversarial Training Miyato et al 2015: regularize for robustness to adversarial perturbations of unlabeled data (Oliver+Odena+Raffel et al, 2018) (Goodfellow 2018)

26 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

27 Privacy of training data X ˆX (Goodfellow 2018)

28 Defining (ε, δ)-differential Privacy (Abadi 2017) (Goodfellow 2018)

29 Private Aggregation of Teacher Ensembles (Papernot et al 2016) (Goodfellow 2018)

30 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

31 Domain Adaptation Domain Adversarial Networks (Ganin et al, 2015) Professor forcing (Lamb et al, 2016): Domain- Adversarial learning in RNN hidden state

32 GANs for domain adaptation (Bousmalis et al., 2016) (Raffel, 2017)

33 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

34 Adversarially Learned Fair Representations Edwards and Storkey 2015 Learn representations that are useful for classification An adversary tries to recover a sensitive variable S from the representation. Primary learner tries to make S impossible to recover Final decision does not depend on S

35 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

36 How do machine learning models work? (Goodfellow et al, 2014) Interpretability literature: our analysis tools show that deep nets work about how you would expect them to. (Selvaraju et al, 2016) Adversarial ML literature: ML models are very easy to fool and even linear models work in counter-intuitive ways.

37 A Cambrian Explosion of Machine Learning Research Topics Generative Modeling Security RL Make ML work ML+neuroscience Accountability and Transparency Fairness Extreme reliability Domain adaptation Label Privacy efficiency

38 Adversarial Examples that Fool both Human and Computer Vision Gamaleldin et al 2018

39 Questions (Goodfellow 2018)

Introduction to GANs

MedGAN ID-CGAN CoGAN LR-GAN CGAN IcGAN b-gan LS-GAN LAPGAN DiscoGANMPM-GAN AdaGAN LSGAN InfoGAN CatGAN AMGAN igan Introduction to GANs IAN SAGAN McGAN Ian Goodfellow, Staff Research Scientist, Google Brain