当前位置:网站首页>U.S. Air Force Research Laboratory, "exploring the vulnerability and robustness of deep learning systems", the latest 85 page technical report in 2022
U.S. Air Force Research Laboratory, "exploring the vulnerability and robustness of deep learning systems", the latest 85 page technical report in 2022
2022-07-07 03:24:00 【Zhiyuan community】
Deep neural network makes the performance of modern computer vision system reach a new level in various challenging tasks . Although it has great benefits in accuracy and efficiency , But the highly parameterized nonlinear properties of deep networks make them very difficult to explain , It is easy to fail when there are opponents or abnormal data . This vulnerability makes it disturbing to integrate these models into our real-world systems . This project has two main lines :(1) We explore the vulnerability of deep neural networks by developing the most advanced adversarial attacks ;(2) We are in a challenging operating environment ( For example, in the scene of target recognition and joint learning in the open world ) Improve the robustness of the model . A total of nine articles have been published in this study , Each article has promoted the latest progress in their respective fields .
Deep neural networks in the field of machine learning , In particular, great progress has been made in the field of computer vision . Although most of the recent research on these models is to improve the accuracy and efficiency of tasks , But people don't know much about the robustness of deep Networks . The highly parameterized nature of deep networks is both a blessing and a curse . One side , It makes the performance level far beyond the traditional machine learning model . On the other hand ,DNN Very difficult to explain , Cannot provide an accurate concept of uncertainty . therefore , Before integrating these powerful models into our most trusted systems , It is important to continue to study and explore the vulnerabilities of these models .
We The first main line of research is to explore by making powerful adversarial attacks against various models DNN The fragility of From the perspective of attack , Confrontational attacks are not only eye-catching , And they are also a tool , So that we can better understand and explain the complex model behavior . Adversarial attacks also provide a challenging robustness benchmark , We can test it in the future . Our philosophy is , To create a highly robust model , We must start by trying to fully understand all the ways in which they may fail at present . In the 3.1 In the festival , Each job has its own motivation and explanation . In the 3.1.1 In the festival , We first discussed an early project on efficient model poisoning attacks , The project highlights a key weakness of the exposed training pipeline model . Next , We introduced a series of research projects , These projects introduce and build on the new idea of feature space attack . Such attacks have proved to be much more powerful than existing output space attacks in a more realistic black box attack environment . These papers are published in 3.1.2-3.2.4 This section deals with . In the 3.1.5 In the festival , We considered an attack background that we hadn't considered before , There is no class distribution overlap between the black box target model and the target model . We show that , Even in this challenging situation , We can also use the adjustment of our feature distribution attack to pose a major threat to the black box model . Last , The first 3.1.6 Section covers A new class of black box antagonistic attacks against reinforcement learning agents , This is an unexplored field , It is becoming more and more popular in control based applications . Please note that , The experiments of these projects 、 The results and analysis will be presented in 4.0 In the corresponding chapter of section .
We The goal of the second research direction is to directly enhance DNN The soundness of . As we detailed in the first line , At present, adversarial attacks are based on DNN Our system poses a major risk . Before we trust these models enough and integrate them into our most trusted system ( Such as defense technology ) Before , We must ensure that we take into account all possible forms of data corruption and variation . In the 3.2.1 In the festival , The first case we consider is to formulate a principled defense against data reversal attacks in a distributed learning environment . after , In the 3.2.2 In the festival , We have greatly improved automatic target recognition (ATR) The accuracy and robustness of the model in an open environment , Because we cannot guarantee that the incoming data will contain the categories in the training distribution . In the 3.2.3 In the festival , We go further , An online learning algorithm with limited memory is developed , By using samples in the deployment environment , Enhanced in an open world environment ATR The robustness of the model . Again , Experiments of these works 、 The results and discussion are included in section 4.0 Section .
https://apps.dtic.mil/sti/pdfs/AD1170105.pdf
边栏推荐
- HMS Core 机器学习服务打造同传翻译新“声”态,AI让国际交流更顺畅
- Development of wireless communication technology, cv5200 long-distance WiFi module, UAV WiFi image transmission application
- New benchmark! Intelligent social governance
- RestClould ETL 社区版六月精选问答
- 杰理之播内置 flash 提示音控制播放暂停【篇】
- Laravel php artisan 自动生成Model+Migrate+Controller 命令大全
- Flutter3.0了,小程序不止于移动应用跨端运行
- VHDL实现任意大小矩阵乘法运算
- About Confidence Intervals
- 22.(arcgis api for js篇)arcgis api for js圆采集(SketchViewModel)
猜你喜欢
input_ delay
2022.6.28
Stored procedures and functions (MySQL)
Appx code signing Guide
When you go to the toilet, you can clearly explain the three Scheduling Strategies of scheduled tasks
R数据分析:cox模型如何做预测,高分文章复现
Not All Points Are Equal Learning Highly Efficient Point-based Detectors for 3D LiDAR Point
制作(转换)ico图标
Variables, process control and cursors (MySQL)
About Tolerance Intervals
随机推荐
美国空军研究实验室《探索深度学习系统的脆弱性和稳健性》2022年最新85页技术报告
[tools] basic concept of database and MySQL installation
【达梦数据库】备份恢复后要执行两个sql语句
Flutter3.0了,小程序不止于移动应用跨端运行
22.(arcgis api for js篇)arcgis api for js圆采集(SketchViewModel)
【colmap】已知相机位姿情况下进行三维重建
Decoration design enterprise website management system source code (including mobile source code)
unrecognized selector sent to instance 0x10b34e810
DOMContentLoaded和window.onload
Centerx: open centernet in the way of socialism with Chinese characteristics
sshd[12282]: fatal: matching cipher is not supported: aes256- [email protected] [preauth]
New benchmark! Intelligent social governance
MOS transistor realizes the automatic switching circuit of main and auxiliary power supply, with "zero" voltage drop and static current of 20ua
Room rate system - login optimization
2022.6.28
The first symposium on "quantum computing + application of financial technology" was successfully held in Beijing
【Swift】学习笔记(一)——熟知 基础数据类型,编码风格,元组,主张
leetcode
Install torch 0.4.1
mos管實現主副電源自動切換電路,並且“零”壓降,靜態電流20uA