Learning Internal Representations Robust against Adversarial Attacks
| Project/Area Number |
20K19824
|
|---|
| Research Category |
Grant-in-Aid for Early-Career Scientists
|
| Allocation Type | Multi-year Fund |
|---|
| Review Section |
Basic Section 61010:Perceptual information processing-related
|
|---|
| Research Institution | Kyushu University |
|---|
Principal Investigator |
Vargas Danilo 九州大学, システム情報科学研究院, 准教授 (00795536)
|
|---|
| Project Period (FY) |
2020-04-01 – 2022-03-31
|
| Project Status |
Completed (Fiscal Year 2021)
|
| Budget Amount *help |
¥2,470,000 (Direct Cost: ¥1,900,000、Indirect Cost: ¥570,000)
Fiscal Year 2021: ¥910,000 (Direct Cost: ¥700,000、Indirect Cost: ¥210,000)
Fiscal Year 2020: ¥1,560,000 (Direct Cost: ¥1,200,000、Indirect Cost: ¥360,000)
|
|---|
| Keywords | Robust AI / Robust Machine Learning / Adversarial ML / Robust Representations / 敵対的機械学習 / Deep Neural Networks / 深層学習 / One pixel attack / GAN / ロバスト人工知能 / 敵対的学習 |
|---|
| Outline of Research at the Start |
Current DNNs are known to possess many vulnerabilities which make their applications unsafe. In our last investigations, it was understood that the problem lies in the fact that DNNs focus on the texture rather than the shape in their representation. GANs, however, learn to encode, decode as well as transform images and are known to learn internally complex models of the input that goes beyond texture. Here, I propose to tackle the robustness of DNNs by using the internal representation learned by GANs to create DNNs capable of classifying based on features that go beyond texture.
|
| Outline of Final Research Achievements |
Here, I proposed to tackle the robustness of DNNs by evaluating and improving the internal representation learned by DNNs. Regarding the evaluation of the internal representation of DNNs, we discovered that the transferability of features links to robustness to adversarial attacks. In other words, the better the transfer of features the better the robustness to adversarial attacks. We also proposed K-spectrum which can evaluate and visualize multiple layers of DNNs together in a graph, allowing for easy inspection of how their shapes are in multi-dimensional space. Regarding the improvement of the internal representation of DNNs, we have developed as described in the proposition a GAN based system to improve the network robustness. The system outperformed the state-of-the-art and is being submitted to a journal now.
Results of this research were published in journals and proceedings, more than 13 articles in total.
|
| Academic Significance and Societal Importance of the Research Achievements |
Critical systems such as autonomous driving and medical applications require robust machine learning algorithms. This research paves the way to better algorithms that will allow for such applications to become a reality.
|
Report
(3 results)
Research Products
(22 results)
