Projects

Geometry meets robustness in deep networks

Available!

Deep networks have shown a great performance in classification tasks. However, they are proved to be vulnerable to small and often imperceptible noise called “adversarial perturbations”. It becomes extremely crucial when they are deployed in safety-critical applications such as driverless cars. So far, no definite methods have been found to counter this vulnerability effectively.

Nevertheless, the adversarial perturbations are recently revealed to be tightly related to the geometry of the decision boundary of deep networks. In this project, we characterize these perturbations in terms of the geometrical properties of the decision boundary. Based on this understanding, we eventually design efficient algorithms to detect adversarial perturbations.

Requirements: 

Good knowledge of Python and MATLAB, sufficient familiarity with machine learning and image processing, having experience with PyTorch (or similar deep learning frameworks) is a plus.

Robustness to geometric transformations

Ongoing!

 

Convolutional Neural Networks have achieved great performance in image classification tasks. However, it has been recently shown that they are less robust than previously thought. The problem of robustness becomes extremely important especially when these classifiers are deployed in real-world (and possibly hostile) environments, such as autonomous cars.

The geometric transformations are among the most important sources of variations in natural images. Therefore, invariance to such transformations is a highly desirable property of automatic classifiers in many image recognition tasks. There is however a lack of efficient methods that properly measure such an invariance. In this work, we focus on measuring the robustness of deep networks to the geometric transformations. It allows us to evaluate and compare classifiers based on their invariance and help improving the invariance of existing classifiers.

Requirements:

Good knowledge of C++ and MATLAB. Notions of machine learning and image processing are a plus.

Black-box adversarial perturbations

Taken!

Recent studies have shown that it is possible to obtain an adversarial perturbation, i.e. a noise tuned to a particular image and classifier, so that the perturbed, or modified image, is imperceptible from the original image yet the classifier yields a (sometimes completely) different label [1]. These studies raise concerns on the robustness of such classifiers. Can they be trusted if an imperceptible noise can completely throw off its results?

The goal is to port the already implemented DeepFool algorithm [2] from Matlab to Python and to develop an implementation of a blackbox approach, i.e. a situation in which we do not have full access to the classifier structure, as well as applying this blackbox approach to “academic” networks, such as those submitted for the ILSVRC competition, it will be also applied it to a commercial classifier – Clarifai – to gauge the robustness of products in the area of image classification and object recognition.

References:

[1] Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, Rob Fergus, “Intriguing properties of neural networks”, arXiv:1312.6199v4 [cs.CV]

[2] S. M. Moosavi-Dezfooli, A. Fawzi and P. Frossard. “DeepFool: a simple and accurate method to fool deep neural networks”. IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, Nevada, USA, 2016.

Requirements:

Good knowledge of Python and MATLAB. Notions of machine learning and image processing are a plus.

Who improves more

Available!

DeepFool

Convolutional Neural Networks have achieved great performance in image classification tasks. However, it has been recently shown that they are less robust than previously thought. A number of methods have been deployed to address this important issue and improve robustness of these classifiers, though there is not a unified way to assess their success in building more robust classifiers.

In this work, we focus on adversarial robustness, thus we adopt an efficient method called DeepFool [1] to evaluate the effectiveness of different methods to improve robustness. First, the student should do an exhaustive literature review on the current methods and to implement them in a unified framework (e.g. TensorFlow), and then evaluate them using DeepFool. The final goal is to develop a deeper understanding of such methods in order to improve robustness in state-of-the-art systems.

References:

[1] S. M. Moosavi-Dezfooli, A. Fawzi and P. Frossard. “DeepFool: a simple and accurate method to fool deep neural networks”. IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, Nevada, USA, 2016.

Requirements:

Good knowledge of C++/Python, sufficient familiarity with machine learning and image processing, having experience with TensorFlow is a plus.

Even the best image classifiers can be wrong

Taken!

image

Due to the huge research efforts that have been recently deployed in computer vision and machine learning, image classification systems are now reaching performances that are close to those of the human visual system in terms of accuracy. Questions emerge to what differences remain between human visual system and state-of-the-art classifiers.

In the recent years, it has been shown that image classifiers are not robust enough to some type of perturbations [1]. In this project, the student will implement a method to find such perturbations and compare different image classifiers, particularly deep networks, in terms of robustness. The final goal will be to identify which parameters of networks are mostly influencing the robustness of classifiers, and to develop a deeper understanding of such architectures in order to improve robustness in state-of-the-art systems.

References:

[1] Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, Rob Fergus, “Intriguing properties of neural networks”, arXiv:1312.6199v4 [cs.CV]

Requirements:

Good knowledge of C++ and MATLAB. Notions of machine learning and image processing are a plus.