Machine Learning Street Talk (MLST) #040 - Adversarial Examples (Dr. Nicholas Carlini, Dr. Wieland Brendel, Florian Tramèr)
Jan 31, 2021
Join Dr. Nicholas Carlini, a Google Brain research scientist specializing in machine learning security, Dr. Wieland Brendel from the University of Tübingen, and PhD student Florian Tramèr from Stanford as they dive into the world of adversarial examples. They explore how tiny data changes can drastically impact model predictions and discuss the inherent challenges of ensuring robust defenses in neural networks. Insights on the balance between model accuracy and security, alongside the biases present in CNNs, offer a captivating look into this crucial field of AI research.
AI Snips
Chapters
Transcript
Episode notes
Neural Network Brittleness
- Adversarial examples are easily created by slightly changing input data, fooling classifiers.
- This reveals that neural networks learn differently from humans, achieving high accuracy without true understanding.
Multiple Causes of Adversarial Examples
- Pinpointing a single cause for adversarial examples is difficult, as successful defenses based on singular explanations are rare.
- Multiple factors like high dimensionality and non-robust features likely contribute.
Memorization vs. Feature Learning
- Neural networks might learn imperceptible textures, but the alternative, pure memorization, is worse.
- Some believe networks are superpositions of training data, raising concerns about true learning.