Tuesday, June 11, 2024 10am to 11:30am
About this Event
Tao Wu, a doctoral candidate in computer science, will defend their dissertation titled “Adversarial Transferability and Generalization in Robust Deep Learning.” Their advisor, Dr. Donald Wunsch, is the Mary Finley Missouri Professor in Computer Engineering and Director of the Kummer Institute Center for AI and Autonomous Systems. Their co-advisor, Dr. Tie Luo, is an associate professor of computer science. The dissertation abstract is provided below:
Despite its remarkable achievements across a multitude of benchmark tasks, deep learning (DL) models exhibit significant fragility to adversarial examples, i.e., subtle modifications applied to inputs during testing yet effective in misleading DL models. These meticulously crafted perturbations possess the remarkable property of transferability: an adversarial example that effectively fools one model often retains its effectiveness against another model, even if the two models were trained independently. This dissertation delves into the characteristics influencing the transferability of adversarial examples from three distinct and complementary perspectives: data, model, and optimization. Firstly, from the data perspective, we propose a new method of crafting transferable AE based on random erasure (RE) which erase part of image with random noise which increases the diversity of adversarial perturbations and helps stabilize gradient fluctuations. Secondly, we explore from optimization perspective by penalizing the input gradient norm when optimizing the objective for generating AE, aim to find AE within flat regions of the loss landscape. Thirdly, we investigate from the model perspective and propose a novel strategy centered on transforming surrogate models by Lipschitz regularization. Finally, we introduce the normalized Hessian trace, a metric capable of accurately and consistently characterizing the curvature of loss landscapes, based on which we propose CR-SAM, a novel optimization technique that integrates curvature regularization into the Sharpness-Aware Minimization (SAM) optimizer aims to bolster the generalizability of deep neural networks across a range of image classification tasks.
In summary, this dissertation presents three complementary techniques that provide a comprehensive and practical approach to generating highly transferable adversarial examples. Furthermore, our exploration of metrics aimed at describing the curvature of the loss landscape contributes to a deeper understanding of the optimization process and facilitates the enhancement of deep learning models' generalizability.
0 people are interested in this event
User Activity
No recent activity