東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FindBook

Google Book

Amazon

博客來

Adversarially Robust Machine Learning with Guarantees.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Adversarially Robust Machine Learning with Guarantees./
作者:	Raghunathan, Aditi.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
面頁冊數:	226 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-05, Section: B.
Contained By:	Dissertations Abstracts International83-05B.
標題:	Linear programming. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28812911
ISBN:	9798494460288

Adversarially Robust Machine Learning with Guarantees.
Raghunathan, Aditi.

Adversarially Robust Machine Learning with Guarantees. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 226 p.

Source: Dissertations Abstracts International, Volume: 83-05, Section: B.

Thesis (Ph.D.)--Stanford University, 2021.

This item must not be sold to any third party vendors.

Machine learning (ML) systems are remarkably successful on a variety of benchmarks across several domains. In these benchmarks, the test data points, though not identical, are very similar to the training data. However, success in the real world requires good performance across a broad range of inputs that are potentially very different from the training data. Self-driving cars encounter unexpected construction zones, predictive health-care systems run into unforeseen changes in demographics, and real world systems are exposed to attackers who strategically generate inputs.Unfortunately, current ML systems fail catastrophically when the train and test distributions differ. This thesis focuses on an extreme version of this brittleness, adversarial examples, where even imperceptible (but carefully constructed) changes break ML models. Progress on this widelystudied topic has been limited by the following critical roadblocks which we address in this thesis.Challenge 1: Worst-case evaluation with guarantees. Stronger attacks routinely broke defenses leading to an arms race where it was impossible to reliably determine whether a defense was effective. We establish a methodology of certified defenses which provides robust networks with provable guarantees on their worst-case performance against any attack within the threat model. We also enable large-scale certification of the worst-case robustness of arbitrary networks including heuristic defenses not trained specifically to be certifiable.Challenge 2: Generalization. With reliable evaluation, it became clear that the accuracy against adversarial examples had saturated at an unsatisfactory level. We address a possible sample complexity barrier to high robust accuracy by introducing Robust Self-Training (RST) that leverages unlabeled data. Theoretically, unlabeled data closes the sample complexity gap in a stylized model and empirically, RST with unlabeled data consistently improves robustness to adversarial examples.Challenge 3: Tradeoffs. Robust training causes an undesirable drop in the accuracy on the original unperturbed inputs. We tease out the source of this counter-intuitive tradeoff by analyzing overparameterized linear regression and elucidate the role of the inductive bias of such models. We also show both theoretically and empirically that RST mitigates such tradeoffs, once again highlighting the benefits of unlabeled data for robustness.Overall, this thesis expands the statistical and computational foundations of robust ML by addressing various challenges and develops principled methods that are empirically successful. Finally, we discuss future directions that draw inspiration from the related fields of security and causality.

ISBN: 9798494460288Subjects--Topical Terms:

560448
Linear programming.

Adversarially Robust Machine Learning with Guarantees.
LDR:03737nmm a2200301 4500 001 2349877
005 20221010063646.5
008 241004s2021 ||||||||||||||||| ||eng d
020 $a 9798494460288
035 $a (MiAaPQ)AAI28812911
035 $a (MiAaPQ)STANFORDsw855vz6069
035 $a AAI28812911
040 $a MiAaPQ $c MiAaPQ
100 1 $a Raghunathan, Aditi. $3 3689301
245 1 0 $a Adversarially Robust Machine Learning with Guarantees.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 226 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-05, Section: B.
500 $a Advisor: Liang, Percy;Hashimoto, Tatsunori;Ma, Tengyu.
502 $a Thesis (Ph.D.)--Stanford University, 2021.
506 $a This item must not be sold to any third party vendors.
520 $a Machine learning (ML) systems are remarkably successful on a variety of benchmarks across several domains. In these benchmarks, the test data points, though not identical, are very similar to the training data. However, success in the real world requires good performance across a broad range of inputs that are potentially very different from the training data. Self-driving cars encounter unexpected construction zones, predictive health-care systems run into unforeseen changes in demographics, and real world systems are exposed to attackers who strategically generate inputs.Unfortunately, current ML systems fail catastrophically when the train and test distributions differ. This thesis focuses on an extreme version of this brittleness, adversarial examples, where even imperceptible (but carefully constructed) changes break ML models. Progress on this widelystudied topic has been limited by the following critical roadblocks which we address in this thesis.Challenge 1: Worst-case evaluation with guarantees. Stronger attacks routinely broke defenses leading to an arms race where it was impossible to reliably determine whether a defense was effective. We establish a methodology of certified defenses which provides robust networks with provable guarantees on their worst-case performance against any attack within the threat model. We also enable large-scale certification of the worst-case robustness of arbitrary networks including heuristic defenses not trained specifically to be certifiable.Challenge 2: Generalization. With reliable evaluation, it became clear that the accuracy against adversarial examples had saturated at an unsatisfactory level. We address a possible sample complexity barrier to high robust accuracy by introducing Robust Self-Training (RST) that leverages unlabeled data. Theoretically, unlabeled data closes the sample complexity gap in a stylized model and empirically, RST with unlabeled data consistently improves robustness to adversarial examples.Challenge 3: Tradeoffs. Robust training causes an undesirable drop in the accuracy on the original unperturbed inputs. We tease out the source of this counter-intuitive tradeoff by analyzing overparameterized linear regression and elucidate the role of the inductive bias of such models. We also show both theoretically and empirically that RST mitigates such tradeoffs, once again highlighting the benefits of unlabeled data for robustness.Overall, this thesis expands the statistical and computational foundations of robust ML by addressing various challenges and develops principled methods that are empirically successful. Finally, we discuss future directions that draw inspiration from the related fields of security and causality.
590 $a School code: 0212.
650 4 $a Linear programming. $3 560448
650 4 $a Neural networks. $3 677449
650 4 $a Artificial intelligence. $3 516317
690 $a 0800
710 2 $a Stanford University. $3 754827
773 0 $t Dissertations Abstracts International $g 83-05B.
790 $a 0212
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28812911