Adi Shamir, Weizmann Institute of Tech: A Simple Explanation for the Mysterious Existence of Adversarial Examples with Small Hamming Distance

Speaker: Adi Shamir, Weizmann Institute of Tech

Date: Tuesday, February 18, 2020

Time: 4:00 PM to 5:00 PM Note: all times are in the Eastern Time Zone

Public: Yes

Location: Patil/Kiva G449

Event Type: Seminar

Room Description:

Host: Ron Rivest

Contact: Deborah Goodwin, 617.324.7303, dlehto@csail.mit.edu

Relevant URL:

Speaker URL: None

Speaker Photo:
Adi shamir royal society

Reminders to: seminars@csail.mit.edu, theory-seminars@csail.mit.edu, LIDS-all@mit.edu, cis-seminars@csail.mit.edu

Reminder Subject: TALK: Adi Shamir, Weizmann Institute of Tech: A Simple Explanation for the Mysterious Existence of Adversarial Examples with Small Hamming Distance

Abstract:
The existence of adversarial examples in which tiny changes in the input can fool well trained neural networks has many applications and implications in object recognition, autonomous driving, cyber security, etc.

However, it is still far from being understood why such examples exist, and which parameters determine the number of input coordinates one has to change in order to mislead the network.

In this talk I will describe a simple mathematical framework which enables us to think about this problem from a fresh perspective, turning the existence of adversarial examples from a baffling phenomenon into a natural consequence of the geometry of $R^n$ with the $L_0$ (Hamming) metric, which can be quantitatively analyzed. An important benefit of our analysis is that it enables us to show that many proposed immunization techniques against adversarial attacks are unlikely to succeed, while proposing other techniques which are based on novel geometric principles.

Research Areas:

Impact Areas:

See other events that are part of the Theory of Computation (ToC) Seminar 2020.

Created by Deborah Goodwin Email at Friday, February 07, 2020 at 7:25 AM.