[Seminar] Adversarial Learning: Foundations and Applications

As machine learning (ML) models are reaching accuracy levels suitable for real-world applications, it is crucial to recognize that accuracy is not the only benchmark that matters. Developers must actively prepare ML models to be robust enough in the wild against any attempts to hack them. However, the ML models obtained by standard training (ST) cannot handle adversarial data that are algorithmically generated by adversarial attacks. An adversarial attack is an algorithm that applies specially designed tiny perturbations on natural data to transform them into adversarial data to mislead a trained model and let it give wrong predictions. Adversarial robustness aims to improve the robust accuracy of ML models on adversarial data, which can be achieved by adversarial training (AT). Specifically, AT has two purposes: (1) correctly classify the data (the same as ST) and (2) ensure no data fall nearby the decision boundaries (different from ST). Given that the test data may be adversarial, AT carefully simulates some adversarial attacks during training. Thus, the model has already seen many adversarial training data in the past with the purpose of generalizing to adversarial test data in the wild. 

This talk will introduce the three improvements of AT and two case studies on leveraging adversarial attack/training for evaluating/enhancing reliabilities of ML-powered methods.