Magnet seminars are usually held in room B21 on Thursdays, 11am. Check below for upcoming seminars and potential changes of schedule/location. You may also import the Magnet seminars public feed into your favorite calendar app. For further information, contact Aurélien.
Thu, February 13, 2020
Where? Inria B21
R. Pinot (Dauphine): Robustness through randomization: from differential privacy to adversarial examples
Deep neural networks achieve state of the art performances in a variety of domains such as image recognition and graph processing. However, it has been shown that such neural networks are vulnerable to adversarial examples, i.e. imperceptible variations of natural examples, crafted to deliberately mislead the models. Since their discovery, a variety of algorithms have been developed to defend neural networks against such threats. Our work focuses on techniques injecting noise to the network at inference time. These techniques have proven effective in many contexts, but lack theoretical arguments.
We present a theoretical analysis of these approaches, hence explaining why they perform well in practice. More precisely, we notice that being robust to adversarial examples and ensuring differential privacy are similar problems. We, then, leverage this similarity to show that noise injection can, in some cases, give provable robustness against adversarial examples. Finally we present experiments for an image classification task, and discuss further work on graph classification.
Thursday, February 13, 2020 - 11:00 to 12:00