[DL輪読会]Understanding Measures of Uncertainty for Adversarial Example Detection

>100 Views

April 06, 18

deep learning

スライド概要

2018/04/06
Deep Learning JP:
http://deeplearning.jp/seminar-2/

profile-image
スライド一覧

DL輪読会資料

シェア

またはPlayer版

埋め込む »CMSなどでJSが使えない場合

(ダウンロード不可)

関連スライド

slide-thumbnail

【DL輪読会】KAN: Kolmogorov–Arnold Networks
user-img Deep Learning JP 63.5K
slide-thumbnail

【DL輪読会】Evolutionary Optimization of Model Merging Recipes モデルマージの進化的最適化
user-img Deep Learning JP 46.5K
slide-thumbnail

【拡散モデル勉強会】拡散モデルの数理
user-img Deep Learning JP 24.5K
slide-thumbnail

【拡散モデル勉強会】Introduction to Diffusion Models
user-img Deep Learning JP 19.9K
slide-thumbnail

【DL輪読会】Generative Agents: Interactive Simulacra of Human Behavior
user-img Deep Learning JP 18.9K
slide-thumbnail

【DL輪読会】LLMベースの自律型エージェントシステムのサーベイ
user-img Deep Learning JP 17.3K
各ページのテキスト
1.

DEEP LEARNING JP [DL Papers] Understanding Measures of Uncertainty for Adversarial Example Detection Makoto Kawano, Keio Univ. http://deeplearning.jp/

2.
[beta] 
.*/>
●

!Understanding measures of Uncertainty for
Adversarial Example Detection

●4-Lewis Smith, Yarin Gal

• Department of Engineering Science, University of Oxford

●8)92018:3'229
●15@?twitter(

• Adversarial examples627+A/;#,03 
• GalB<
• =%
$" & 
3.
[beta] 
#D
●Gal:!MC,
• ;8<.G 7+ %"9
• ?$/4

%'4

;8<.G (0



• ?$/46->  B6 5*2AE
C
• MCC

39

• MNIST&Kaggle )=@F
• /

(1
4.
[beta] 




●Adversarial examples

• Basic Iterative Method
• Fast Gradient Method
• Momentum Iterative Method

●Measures of uncertainty

• =5 /3)/;>
• Softmax Variance
$&0

●Bayesian Neural Networks/MC Dropout
• @<

Bayesian Neural Network 

●Experiments

• 82 !4  :"-0
• 1+%#  :"-0
• -(9  76?

'.

,*
5.

Adversarial Examples / % ●Szegedy(2013) # ●! DNN    $ ●   $ " 

6.

 ● ●  [Kurakin, 2016] [Sharif, 2016]

7.

&$'-"! [Szegedy et al., 2013] ●#(    *  x̃ = x + ⌘  ckx − x̃k22 + Loss(x̃, y) ●A &$'-B ●    %, )+

8.
[beta] 
Fast Gradient Method [Goodfellow et al., 2014]

●NN%"*0
x̃ = x + ⌘ k⌘k1 < ✏

wT x̃ = wT x + wT ⌘

●$+)   "
●.-1 ,"&
●# ( ' & /1
x̃ = x + ✏sign(rx Loss(x, y))

!
9.
[beta] 
Basic Iterative Method [Kurakin et al., 2016]

●FGM0&2



x̃0 = x, x̃N +1 = Clipx,✏ {x̃N + ↵sign(rx J(x̃N , ytrue ))}

●41-*)+#3!
• JPEG/$
• ',.%  

 "

(


10.

 

11.

 

12.

Momentum Iterative Method [Dong et al., 2017] ●FGM/BIM  ●NIPS  ●Carlini   •  

13.
[beta] 




●Adversarial examples

• Basic Iterative Method
• Fast Gradient Method
• Momentum Iterative Method

●Measures of uncertainty

• =5 /3)/;>
• Softmax Variance
$&0

●Bayesian Neural Networks/MC Dropout
• @<

Bayesian Neural Network 

●Experiments

• 82 !4  :"-0
• 1+%#  :"-0
• -(9  76?

'.

,*
14.

" ●     !  

15.
[beta] 
?>@1N,8FG
●<J=(K+;
• /)HG
• 

• IB

(K0$@M2B6

#L

• ":C4.3-*&

●EM'



D#59+;

• %7!A

D#59.

!'$(-"+#,
*

'$(-)&







%


16.
[beta] 
?,69
●




aleatoric uncertainty

• ! 4 8,C9 ≒ ! . #
• ! D
#+"*%2
• +B>A;

●



p(B)=p(>)=0.5-7



epistemic uncertainty

• =5?<
: 
• ! ?<
'!)$(&
• $(& 30,C@1



/


 
17.

-0 &(/ #. ● x3 $y2* X H[P (y|x)] =  P (y|x) log P (y|x) y2Y ●  -1')!+(% I(X, Y ) = H[P (X)] = H[P (Y )] EP (y) H[P (X|Y )] EP (x) H[P (Y |X)] I(w, y|D, x) = H[p(y|x, D)] xy2*  w, Ep(w|D) H[p(y|x, w)] % "y 2* 

18.
[beta] 
C8&"%#5-2BG
I(w, y|D, x) = H[p(y|x, D)]






Ep(w|D) H[p(y|x, w)]




●9D:E5-2BGC8&"%#7<
• 9D:,

A

)60C8&"%#7<

• MNIST17→

&"%#.

●>;?/H'3?@=

$!+F 

• C8&"%#( 
• 5-2BG1*C8&"%#4=
• C8&"%#(*5-2BG4=
• 5-2BG.0C8&"%#(





19.

   Softmax ˆ2 = 1 C C X j=1 1 T 0 C 1 @X = C j=1 T X (pij  Iˆ = H(p̂) p̂i )2 i=1 T 1X 2 pij T i=1 ! 1 p̂2j A  = X j = X j = X j = C X j 1X H(pi ) T i 1 X pij log pij T i   ! p̂j log p̂j ! X 1 pij (pij 1) p̂j (p̂j 1) + . . . T i ! ! X 1 X 2 1 p̂2j pij pij + p̂j + . . . T i T i ! T X 1 p2ij p̂2j + . . . T i

20.
[beta] 




●Adversarial examples

• Basic Iterative Method
• Fast Gradient Method
• Momentum Iterative Method

●Measures of uncertainty

• =5 /3)/;>
• Softmax Variance
$&0

●Bayesian Neural Networks/MC Dropout
• @<

Bayesian Neural Network 

●Experiments

• 82 !4  :"-0
• 1+%#  :"-0
• -(9  76?

'.

,*
21.
[beta] 
!
●



• 41%+ (*"

• L2,."'0#
 /
X
X
ŵ = arg min
E(f (xi ; w), y) +
kWl k2
w

i

p(w)

l



●!





• $wZ )-32p(w)&

p(y|x, D) =



p(y|x, w)p(w|D)dw

w


22.
[beta] 
;:3=



●;:3='-:9q,Z
• ;:")+1# LV I :=

2:9p'-/<
q✓ (w) log p(D|w)dw − DKL (q✓ kp(w))

●L4 %4.( Ki ⇥ Ki
●q ✓ = {Ml , pl |l = [1..L]}

1

l
Wl = Ml · diag([zl,j ]K
j=1 )

where zl,j ⇠ Bernoulli(pl ), l = 1..L, j = 1..Kl
※!86

pl*5

&0

,

1

$7
23.

MC ●"! •   ●$    Ep(w|D) [f w (x)] = #% T X 1 p(y|D, x) ' p(y|wi , x) T i=1 ' Z Z p(w|D)f w (x)dw q✓ (w)f w (x)dw T 1X w ' f (x), w1..T ⇠ q✓ (w) T i=1 := pM C (y|D, x) H[p(y|D, x)] ' H[pM C (y|D, x)] T 1X I(w, y|D, x) ' H[pM C (y|D, x)] − H[p(y|wi , x)] wi ⇠ q(w|D) T i=1

24.
[beta] 




●Adversarial examples

• Basic Iterative Method
• Fast Gradient Method
• Momentum Iterative Method

●Measures of uncertainty

• =5 /3)/;>
• Softmax Variance
$&0

●Bayesian Neural Networks/MC Dropout
• @<

Bayesian Neural Network 

●Experiments

• 82 !4  :"-0
• 1+%#  :"-0
• -(9  76?

'.

,*
25.

  ). 0$'  & -,.!3 *1+   2  %  ( & & /#4. 0$' &" -,.!3  *1+  

26.

  ●   ●  

27.

 ● ●        

28.

 ● ●      

29.

 ● ●       

30.

 ●VAE          

31.

 ●VAE    

32.

          

33.
[beta] 
A60.*7)
●$.<:C4=PR
• IB,D92H

●'Q

1+

E 

L-9@E 

• ON?T /8NMK3SG
• KL!&5(JF;@
• >NME

'  %"' # E

     !
34.

        

35.
[beta] 
"8;@

(#

●MNIST (#(&
●KaggleASSIRA"8?>
• "8;@
• =3.4



9<

$17

●ResNet50%)0DropoutFC
●526'A!*ROC/ :
•

4B6NN PE/dropout PE/dropout MI

●526'A-,BIM/FGM/MIM



+
36.
[beta] 
3=@C!

"542-

●'*$&*,/
●%!( DA176?056><

.8

;

• B:*")#False-Positive 9 AUC + 
37.
[beta] 
($4+-

●>%/14

F@H29#

()

• %EDA5 )!
• ,*3@H=C:7G ?
• 8&0.AB6
•(

 +

<Dropout1;"'

)
38.
[beta] 

●C>D6NNNEL*85IK?

• C>D6N> '$"*8K?2
• C>D6NM<B49
'$"

●#'!%"@FC>D6N1.J
• /BODNN,
• :+A)=

●0-C>D6NJ
• H3M



&

G(7;, 

C>D6N,