DOCSLIB.ORG

Adversarial Attacks and Defenses: an Interpretation Perspective

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Adversarial Attacks and Defenses: an Interpretation Perspective Adversarial Attacks and Defenses: An Interpretation Perspective Ninghao Liuy, Mengnan Duy, Ruocheng Guoz, Huan Liuz, Xia Huy Department of Computer Science and Engineering, Texas A&M University, TX, USA Computer Science & Engineering, Arizona State University, Tempe, AZ, USA yfnhliu43, dumengnan, [email protected], zfrguo12, [email protected] ABSTRACT Interpretation Despite the recent advances in a wide spectrum of appli- cations, machine learning models, especially deep neural networks, have been shown to be vulnerable to adversar- Developer Attacker ial attacks. Attackers add carefully-crafted perturbations to input, where the perturbations are almost imperceptible to humans, but can cause models to make wrong predic- tions. Techniques to protect models against adversarial in- put are called adversarial defense methods. Although many How to improve How to attack approaches have been proposed to study adversarial attacks robustness? the model? and defenses in different scenarios, an intriguing and crucial challenge remains that how to really understand model vul- Figure 1: Interpretation can either provide directions for nerability? Inspired by the saying that \if you know your- improving model robustness or attacking on its weakness. self and your enemy, you need not fear the battles", we may tackle the challenge above after interpreting machine learn- ing models to open the black-boxes. The goal of model in- ceptible to adversarial attacks [1; 2]. That is, after adding terpretation, or interpretable machine learning, is to extract certain well-designed but human imperceptible perturbation human-understandable terms for the working mechanism of or transformation to a clean data instance, we are able to models. Recently, some approaches start incorporating in- manipulate the prediction of the model. The data instances terpretation into the exploration of adversarial attacks and after being attacked are called adversarial samples. The defenses. Meanwhile, we also observe that many existing phenomenon is intriguing since clean samples and adversar- methods of adversarial attacks and defenses, although not ial samples are usually not distinguishable to humans. Ad- explicitly claimed, can be understood from the perspective versarial samples may be predicted dramatically differently of interpretation. In this paper, we review recent work on from clean samples, but the predictions usually do not make adversarial attacks and defenses, particularly from the per- sense to a human. spective of machine learning interpretation. We categorize The model vulnerability to adversarial attacks has been dis- interpretation into two types, feature-level interpretation, covered in various applications or under different constraints. and model-level interpretation. For each type of interpreta- For examples, approaches for crafting adversarial samples tion, we elaborate on how it could be used for adversarial have been proposed in tasks such as classification (e.g., on attacks and defenses. We then briefly illustrate additional image data [3], text data [4], tabular data [5], graph data [6; correlations between interpretation and adversaries. Finally, 7]), object detection [8], and fraud detection [9]. Adver- we discuss the challenges and future directions for tackling sarial attacks could be initiated under different constraints, adversary issues with interpretation. such as assuming limited knowledge of attackers on target models [10; 11], assuming higher generalization level of at- Keywords tack [12; 13], posing different real-world constraints on at- tack [14; 15]. Given the advances, several questions could be Adversarial attacks, adversarial defenses, interpretation, ex- posted. First, are these advances relatively independent of plainability, deep learning each other, or is there an underlying perspective from which we can discover the commonality behind them? Second, 1. INTRODUCTION should adversarial samples be seen as the negligent corner Machine learning (ML) techniques, especially recent deep cases that could be fixed by putting patches to models, or learning models, are progressing rapidly and have been in- are they deeply rooted in the internal working mechanism creasingly applied in various applications. Nevertheless, con- of models that it is not easy to get rid of? cerns have been posed about the security and reliability is- Motivated by the idiom that \if you know yourself and your sues of ML models. In particular, many deep models are sus- enemy, you need not fear the battles" from The Art of War, in this paper, we answer the above questions and review the recent advances of adversarial attack and defense approaches from the perspective of interpretable machine learning. The relation between model interpretation and model robustness Output is illustrated in Figure 1. On the one hand, if adversaries know how the target model works, they may utilize it to 2 find model weakness and initiate attacks accordingly. On Model-level Interpretation the other hand, if model developers know how the model Latent Space works, they could identify the vulnerability and work on remediation in advance. Interpretation refers to the human- understandable information explaining what a model has learned or how a model makes predictions. Exploration of model interpretability has attracted many interests in re- cent years, because recent machine learning techniques, es- pecially deep learning models, have been criticized due to lack of transparency. Some recent work starts to involve in- terpretability in the analysis of adversarial robustness. Also, Model although not being explicitly specified, in this survey, we will show that many existing adversary-related work can be 1 Feature-level Interpretation comprehended from another perspective as an extension of model interpretation. Input Before connecting the two domains, we first briefly intro- duce the subjects of interpretation to be covered in this pa- Figure 2: Illustration of feature-level interpretation and per. Interpretability is defined as \the ability to explain or to model-level interpretation for a deep model. present in understandable terms to a human [16]". Although a formal definition of interpretation still remains elusive [16; 17; 18; 19], the overall goal is to obtain and transform infor- it attempts to mislead a model's prediction to a specific class mation from models or their behaviors into a domain that given an instance. Let f denote the target model exposed human can make sense of [20]. For a more structured analy- to adversarial attack. A clean data instance is x0 2 X, and sis, we categorize existing work into two categories: feature- X is the input space. We consider classification tasks, so level interpretation and model-level interpretation, as shown f(x0) = c; c 2 f1; 2; :::; Cg. One way of formulating the task in Figure 2. Feature-level interpretation targets to find the of targeted attack is as below [2]: most important features in a data sample for its predic- 0 min d(x; x0); s.t. f(x) = c (1) tion. Model-level interpretation explores the functionality x2X of model components, and their internal states after being where c0 6= c, and d(x; x ) measures the distance between fed with input. This categorization is based on whether the 0 the two instances. A typical choice of distance measure is internal working mechanism of models is involved in inter- l norms, where d(x; x ) = kx − x k . The core idea is to pretation. p 0 0 p add small perturbation to the original instance x to make Following the above categorization, the overall structure of 0 it being classified as c0. However, in some cases, it is impor- this article is organized as below. To begin with, we briefly tant to increase the confidence of perturbed samples being introduce different types of adversarial attack and defense misclassified, so the task may also be formulated as: strategies in Section 2. Then, we introduce different cate- gories of interpretation approaches, and demonstrate in de- max fc0 (x); s.t. d(x; x0) ≤ δ (2) tail how interpretation correlates to the attack and defense x2X strategies. Specifically, we discuss feature-level interpreta- where fc0 (x) denotes the probability or confidence that x is tion in Section 3 and model-level interpretation in Section 4. classified as c0 by f, and δ is a threshold limiting perturba- After that, we extend the discussion to additional relations tion magnitude. For untargeted attack, its goal is to prevent between interpretation and adversarial aspects of models in a model from assigning a specific label to an instance. The Section 5. Finally, we discuss some opening challenges for objective of untargeted attack could be formulated in a sim- future work in Section 6. ilar way as targeted attack, where we just need to change the constraint as f(x) 6= c in Equation 1, or change the 2. ADVERSARIAL MACHINE LEARNING objective as minx2X fc(x) in Equation 2. Before understanding how interpretation helps adversarial In some scenarios, the two types of attacks above are also attack and defense, we first provide an overview of existing called false positive attack and false negative attack. The attack and defense methodologies. former aims to make models misclassify negative instances as positive, while the latter tries to mislead models to clas- 2.1 Adversarial Attacks sify positive instances as negative. False positive attacks In this subsection, we introduce different types of threat and false negative attacks sometimes are also called Type-I models for adversarial attacks. The overall threat models attacks and Type-II attacks, respectively. may be categorized under different criteria. Based on dif- ferent application scenarios, conditions, and adversary ca- 2.1.2 One-Shot vs Iterative Attack pabilities, specific attack strategies will be deployed. According to practical constraints, adversaries may initiate one-shot or iterative attacks to target models. In one-shot 2.1.1 Untargeted vs Targeted Attack attack, they have only one chance to generate adversarial Based on the goal of attackers, the threat models can be clas- samples, while iterative attack could take multiple steps to sified into targeted and untargeted ones. For targeted attack, find the better perturbation direction.
Load more

Recommended publications
  • Spectrally-Based Audio Distances Are Bad at Pitch
    I’m Sorry for Your Loss: Spectrally-Based Audio Distances Are Bad at Pitch Joseph Turian Max Henry [email protected] [email protected] Abstract Growing research demonstrates that synthetic failure modes imply poor generaliza- tion. We compare commonly used audio-to-audio losses on a synthetic benchmark, measuring the pitch distance between two stationary sinusoids. The results are sur- prising: many have poor sense of pitch direction. These shortcomings are exposed using simple rank assumptions. Our task is trivial for humans but difficult for these audio distances, suggesting significant progress can be made in self-supervised audio learning by improving current losses. 1 Introduction Rather than a physical quantity contained in the signal, pitch is a percept that is strongly correlated with the fundamental frequency of a sound. While physically elusive, pitch is a natural dimension to consider when comparing sounds. Children as young as 8 months old are sensitive to melodic contour [65], implying that an early and innate sense of relative pitch is important to parsing our auditory experience. This basic ability is distinct from the acute pitch sensitivity of professional musicians, which improves as a function of musical training [36]. Pitch is important to both music and speech signals. Typically, speech pitch is more narrowly circumscribed than music, having a range of 70–1000Hz, compared to music which spans roughly the range of a grand piano, 30–4000Hz [31]. Pitch in speech signals also fluctuates more rapidly [6]. In tonal languages, pitch has a direct influence on the meaning of words [8, 73, 76]. For non-tone languages such as English, pitch is used to infer (supra-segmental) prosodic and speaker-dependent features [19, 21, 76].
    [Show full text]
  • Arxiv:2008.01352V3 [Cs.LG] 23 Mar 2021 Spatiotemporal Disentanglement in the PDE Formalism
    Published as a conference paper at ICLR 2021 PDE-DRIVEN SPATIOTEMPORAL DISENTANGLEMENT Jérémie Donà,y∗ Jean-Yves Franceschi,y∗ Sylvain Lampriery & Patrick Gallinariyz ySorbonne Université, CNRS, LIP6, F-75005 Paris, France zCriteo AI Lab, Paris, France [email protected] ABSTRACT A recent line of work in the machine learning community addresses the problem of predicting high-dimensional spatiotemporal phenomena by leveraging specific tools from the differential equations theory. Following this direction, we propose in this article a novel and general paradigm for this task based on a resolution method for partial differential equations: the separation of variables. This inspiration allows us to introduce a dynamical interpretation of spatiotemporal disentanglement. It induces a principled model based on learning disentangled spatial and temporal representations of a phenomenon to accurately predict future observations. We experimentally demonstrate the performance and broad applicability of our method against prior state-of-the-art models on physical and synthetic video datasets. 1 INTRODUCTION The interest of the machine learning community in physical phenomena has substantially grown for the last few years (Shi et al., 2015; Long et al., 2018; Greydanus et al., 2019). In particular, an increasing amount of works studies the challenging problem of modeling the evolution of dynamical systems, with applications in sensible domains like climate or health science, making the understanding of physical phenomena a key challenge in machine learning. To this end, the community has successfully leveraged the formalism of dynamical systems and their associated differential formulation as powerful tools to specifically design efficient prediction models. In this work, we aim at studying this prediction problem with a principled and general approach, through the prism of Partial Differential Equations (PDEs), with a focus on learning spatiotemporal disentangled representations.
    [Show full text]
  • Large Margin Deep Networks for Classification
    Large Margin Deep Networks for Classification Gamaleldin F. Elsayed ∗ Dilip Krishnan Hossein Mobahi Kevin Regan Google Research Google Research Google Research Google Research Samy Bengio Google Research {gamaleldin, dilipkay, hmobahi, kevinregan, bengio}@google.com Abstract We present a formulation of deep learning that aims at producing a large margin classifier. The notion of margin, minimum distance to a decision boundary, has served as the foundation of several theoretically profound and empirically suc- cessful results for both classification and regression tasks. However, most large margin algorithms are applicable only to shallow models with a preset feature representation; and conventional margin methods for neural networks only enforce margin at the output layer. Such methods are therefore not well suited for deep networks. In this work, we propose a novel loss function to impose a margin on any chosen set of layers of a deep network (including input and hidden layers). Our formulation allows choosing any lp norm (p ≥ 1) on the metric measuring the margin. We demonstrate that the decision boundary obtained by our loss has nice properties compared to standard classification loss functions. Specifically, we show improved empirical results on the MNIST, CIFAR-10 and ImageNet datasets on multiple tasks: generalization from small training sets, corrupted labels, and robustness against adversarial perturbations. The resulting loss is general and complementary to existing data augmentation (such as random/adversarial input transform) and regularization techniques such as weight decay, dropout, and batch norm. 2 1 Introduction The large margin principle has played a key role in the course of machine learning history, producing remarkable theoretical and empirical results for classification (Vapnik, 1995) and regression problems (Drucker et al., 1997).
    [Show full text]
  • Generative Adversarial Transformers
    Generative Adversarial Transformers Drew A. Hudsonx 1 C. Lawrence Zitnick 2 Abstract We introduce the GANsformer, a novel and effi- cient type of transformer, and explore it for the task of visual generative modeling. The network employs a bipartite structure that enables long- range interactions across the image, while main- taining computation of linear efficiency, that can readily scale to high-resolution synthesis. It itera- tively propagates information from a set of latent variables to the evolving visual features and vice versa, to support the refinement of each in light of the other and encourage the emergence of compo- sitional representations of objects and scenes. In contrast to the classic transformer architecture, it utilizes multiplicative integration that allows flexi- Figure 1. Sample images generated by the GANsformer, along ble region-based modulation, and can thus be seen with a visualization of the model attention maps. as a generalization of the successful StyleGAN network. We demonstrate the model’s strength and prior knowledge inform the interpretation of the par- and robustness through a careful evaluation over ticular (Gregory, 1970). While their respective roles and a range of datasets, from simulated multi-object dynamics are being actively studied, researchers agree that it environments to rich real-world indoor and out- is the interplay between these two complementary processes door scenes, showing it achieves state-of-the- that enables the formation of our rich internal representa- art results in terms of image quality and diver- tions, allowing us to perceive the world in its fullest and sity, while enjoying fast learning and better data- create vivid imageries in our mind’s eye (Intaite˙ et al., 2013).
    [Show full text]
  • Adversarial Examples in the Physical World
    Workshop track - ICLR 2017 ADVERSARIAL EXAMPLES IN THE PHYSICAL WORLD Alexey Kurakin Ian J. Goodfellow Samy Bengio Google Brain OpenAI Google Brain [email protected] [email protected] [email protected] ABSTRACT Most existing machine learning classifiers are highly vulnerable to adversarial examples. An adversarial example is a sample of input data which has been mod- ified very slightly in a way that is intended to cause a machine learning classifier to misclassify it. In many cases, these modifications can be so subtle that a human observer does not even notice the modification at all, yet the classifier still makes a mistake. Adversarial examples pose security concerns because they could be used to perform an attack on machine learning systems, even if the adversary has no access to the underlying model. Up to now, all previous work has assumed a threat model in which the adversary can feed data directly into the machine learn- ing classifier. This is not always the case for systems operating in the physical world, for example those which are using signals from cameras and other sensors as input. This paper shows that even in such physical world scenarios, machine learning systems are vulnerable to adversarial examples. We demonstrate this by feeding adversarial images obtained from a cell-phone camera to an ImageNet In- ception classifier and measuring the classification accuracy of the system. We find that a large fraction of adversarial examples are classified incorrectly even when perceived through the camera. 1 INTRODUCTION (a) Image from dataset (b) Clean image (c) Adv. image, = 4 (d) Adv.
    [Show full text]
  • Arxiv:1611.08903V1 [Cs.LG] 27 Nov 2016 20 Percent Increases in Cash Collections [20]
    Should I use TensorFlow? An evaluation of TensorFlow and its potential to replace pure Python implementations in Machine Learning Martin Schrimpf1;2;3 1 Augsburg University 2 Technische Universit¨atM¨unchen 3 Ludwig-Maximilians-Universit¨atM¨unchen Seminar \Human-Machine Interaction and Machine Learning" Supervisor: Elisabeth Andr´e Advisor: Dominik Schiller Abstract. Google's Machine Learning framework TensorFlow was open- sourced in November 2015 [1] and has since built a growing community around it. TensorFlow is supposed to be flexible for research purposes while also allowing its models to be deployed productively [7]. This work is aimed towards people with experience in Machine Learning consider- ing whether they should use TensorFlow in their environment. Several aspects of the framework important for such a decision are examined, such as the heterogenity, extensibility and its computation graph. A pure Python implementation of linear classification is compared with an im- plementation utilizing TensorFlow. I also contrast TensorFlow to other popular frameworks with respect to modeling capability, deployment and performance and give a brief description of the current adaption of the framework. 1 Introduction The rapidly growing field of Machine Learning has been gaining more and more attention, both in academia and in businesses that have realized the added value. For instance, according to a McKinsey report, more than a dozen European banks switched from statistical-modeling approaches to Machine Learning tech- niques and, in some cases, increased their sales of new products by 10 percent and arXiv:1611.08903v1 [cs.LG] 27 Nov 2016 20 percent increases in cash collections [20]. Intelligent machines are used in a variety of domains, including writing news articles [5], finding promising recruits given their CV [9] and many more.
    [Show full text]
  • Submission Data for 2020-2021 CORE Conference Ranking Process International Conference on Learning Representations
    Submission Data for 2020-2021 CORE conference Ranking process International Conference on Learning Representations Alexander Rush, Hugo LaRochelle Conference Details Conference Title: International Conference on Learning Representations Acronym : ICLR Requested Rank Rank: A* Primarily CS Is this conference primarily a CS venue: True Location Not commonly held within a single country, set of countries, or region. DBLP Link DBLP url: https://dblp.uni-trier.de/db/conf/iclr/index.html FoR Codes For1: 4611 For2: SELECT For3: SELECT Recent Years Proceedings Publishing Style Proceedings Publishing: self-contained Link to most recent proceedings: https://openreview.net/group?id=ICLR.cc/2020/Conference Further details: We don’t have a publisher. Instead we host our publications on OpenReview Most Recent Years Most Recent Year Year: 2019 URL: https://iclr.cc/Conferences/2019 Location: New Orleans, Louisiana, USA Papers submitted: 1591 Papers published: 500 Acceptance rate: 31 Source for numbers: https://github.com/lixin4ever/Conference-Acceptance-Rate General Chairs 1 Name: Tara Sainath Affiliation: Google Gender: F H Index: 50 GScholar url: https://scholar.google.com/citations?hl=en&user=aMeteU4AAAAJ DBLP url: https://dblp.org/pid/28/7825.html Program Chairs Name: Alexander Rush Affiliation: Cornell University Gender: M H Index: 34 GScholar url: https://scholar.google.com/citations?user=LIjnUGgAAAAJ&hl=en&oi=ao DBLP url: https://dblp.org/pid/67/9012.html Name: Sergey Levine Affiliation: University of California Berkeley, Google Gender: M H Index: 84
    [Show full text]
  • Magmadnn: Accelerated Deep Learning Using MAGMA
    MagmaDNN: Accelerated Deep Learning Using MAGMA Daniel Nichols Kwai Wong Stan Tomov [email protected] [email protected] [email protected] University of Tennessee, Knoxville University of Tennessee, Knoxville University of Tennessee, Knoxville Lucien Ng Sihan Chen Alex Gessinger [email protected] [email protected] [email protected] The Chinese University of Hong Kong The Chinese University of Hong Kong Slippery Rock University ABSTRACT 1 INTRODUCTION MagmaDNN [17] is a deep learning framework driven using the Machine Learning is becoming an increasingly vital aspect of to- highly optimized MAGMA dense linear algebra package. The library day’s technology, yet traditional techniques prove insucient for oers comparable performance to other popular frameworks, such complex problems [9]. Thus, Deep Learning (DL) is introduced, as TensorFlow, PyTorch, and Theano. C++ is used to implement the which is a methodology for learning data with multiple levels of framework providing fast memory operations, direct cuda access, abstraction [15]. DL is driven by Deep Neural Networks (DNN), and compile time errors. Common neural network layers such as which are Articial Neural Networks (ANN) comprised of multiple Fully Connected, Convolutional, Pooling, Flatten, and Dropout are layers and often convolutions and recurrence. DNNs are used to included. Hyperparameter tuning is performed with a parallel grid model complex data in numerous elds such as autonomous driving search engine. [5], handwriting recognition [16], image classication [14], speech- MagmaDNN uses several techniques to accelerate network train- to-text algorithms [11], and playing computationally dicult games ing. For instance, convolutions are performed using the Winograd [18]. algorithm and FFTs.
    [Show full text]
  • Neurips 2020 Competition: Predicting Generalization in Deep Learning (Version 1.1)
    NeurIPS 2020 Competition: Predicting Generalization in Deep Learning (Version 1.1) Yiding Jiang ∗† Pierre Foret† Scott Yak† Daniel M. Roy‡§ Hossein Mobahi†§ Gintare Karolina Dziugaite¶§ Samy Bengio†§ Suriya Gunasekar‖§ Isabelle Guyon ∗∗§ Behnam Neyshabur†§ [email protected] December 16, 2020 Abstract Understanding generalization in deep learning is arguably one of the most impor- tant questions in deep learning. Deep learning has been successfully adopted to a large number of problems ranging from pattern recognition to complex decision making, but many recent researchers have raised many concerns about deep learning, among which the most important is generalization. Despite numerous attempts, conventional sta- tistical learning approaches have yet been able to provide a satisfactory explanation on why deep learning works. A recent line of works aims to address the problem by trying to predict the generalization performance through complexity measures. In this competition, we invite the community to propose complexity measures that can ac- curately predict generalization of models. A robust and general complexity measure would potentially lead to a better understanding of deep learning's underlying mecha- nism and behavior of deep models on unseen data, or shed light on better generalization bounds. All these outcomes will be important for making deep learning more robust and reliable. ∗Lead organizer: Yiding Jiang; Scott Yak and Pierre Foret help implement large portion of the infras- tructure and the remaining organizers' order is randomized. arXiv:2012.07976v1 [cs.LG] 14 Dec 2020 †Affiliation: Google Research ‡Affiliation: University of Toronto §Equal contribution: random order ¶Affiliation: Element AI ‖Affiliation: Microsoft Research ∗∗Affiliation: University Paris-Saclay and ChaLearn 1 Keywords Generalization, Deep Learning, Complexity Measures Competition type Regular.
    [Show full text]
  • Neural Network Tools: an Overview from Work on "Automatic Classification of Alzheimer’S Disease from Structural MRI" Report for Master’S Thesis
    Neural Network Tools: An Overview From work on "Automatic Classification of Alzheimer’s Disease from Structural MRI" Report for Master’s Thesis Eivind Arvesen Østfold University College [email protected] Abstract Machine learning has exploded in popularity during the last decade, and neural networks in particular have seen a resurgence due to the advent of deep learning. In this paper, we examine modern neural network software-libraries and describe the main differences between them, as well as their strengths and weaknesses. 1 Introduction at The University of Montreal, built with re- search in mind. It has a particular focus on The field of machine learning is now more al- deep learning. The library is focused on easy luring than ever, helping researchers and busi- configurability for expert users (i.e. machine nesses to tackle a variety of challenging prob- learning researchers) —unlike "black-box" li- lems such as development of autonomous vehi- braries, which provide good performance with- cles, visual recognition systems and computer- out demanding knowledge about underlying al- aided diagnosis. There is a plethora of different gorithms from users. One way to put it would tools and libraries available that aim to make be that the library values ease of experimenta- work on machine learning problems easier for tion over ease of use. users, and while most of the more general alter- natives are quite similar in terms of functional- Though Pylearn2 assumes some technical ity, they nonetheless differ in terms of approach sophistication on the part of users, the library and design goals. also has a focus on reusability, and the re- This report describes several popular ma- sulting modularity makes it possible to com- chine learning tools, attempts to showcase their bine and adapt several re-usable components strengths and characterizes situations in which to form working models, and to only learn they would be well suited for use.
    [Show full text]
  • Inductive Biases for Deep Learning of Higher-Level Cognition
    Higher-Level Cognitive Inductive Biases Inductive Biases for Deep Learning of Higher-Level Cognition Anirudh Goyal [email protected] Mila, University of Montreal Yoshua Bengio [email protected] Mila, University of Montreal Abstract A fascinating hypothesis is that human and animal intelligence could be explained by a few principles (rather than an encyclopedic list of heuristics). If that hypothesis was correct, we could more easily both understand our own intelligence and build intelligent machines. Just like in physics, the principles themselves would not be sufficient to predict the behavior of complex systems like brains, and substantial computation might be needed to simulate human-like intelligence. This hypothesis would suggest that studying the kind of inductive biases that humans and animals exploit could help both clarify these principles and provide inspiration for AI research and neuroscience theories. Deep learning already exploits several key inductive biases, and this work considers a larger list, focusing on those which concern mostly higher-level and sequential conscious processing. The objective of clarifying these particular principles is that they could potentially help us build AI systems benefiting from humans’ abilities in terms of flexible out-of-distribution and systematic generalization, which is currently an area where a large gap exists between state-of-the-art machine learning and human intelligence. 1. Has Deep Learning Converged? Is 100% accuracy on the test set enough? Many machine learning systems have achieved ex- cellent accuracy across a variety of tasks (Deng et al., 2009; Mnih et al., 2013; Schrittwieser et al., 2019), yet the question of whether their reasoning or judgement is correct has come under question, and answers seem to be wildly inconsistent, depending on the task, architecture, arXiv:2011.15091v3 [cs.LG] 17 Feb 2021 training data, and interestingly, the extent to which test conditions match the training distribution.
    [Show full text]
  • Accelerating Machine Learning Research with MI-Prometheus
    Accelerating Machine Learning Research with MI-Prometheus Tomasz Kornuta Vincent Marois Ryan L. McAvoy Younes Bouhadjar Alexis Asseman Vincent Albouy T.S. Jayram Ahmet S. Ozcan IBM Research AI, Almaden Research Center, San Jose, USA {tkornut, vmarois, mcavoy, byounes, jayram, asozcan}@us.ibm.com {alexis.asseman, vincent.albouy}@ibm.com Abstract The paper introduces MI-Prometheus (Machine Intelligence - Prometheus), an open-source framework aiming at accelerating Machine Learning Research, by fostering the rapid development of diverse neural network-based models and fa- cilitating their comparison. In its core, to accelerate the computations on their own, MI-Prometheus relies on PyTorch and extensively uses its mechanisms for the distribution of computations on CPUs/GPUs. The paper discusses the motivation of our work, the formulation of the requirements and presents the core concepts. We also briefly describe some of the problems and models currently available in the framework. 1 Motivation The AI community has developed a plethora of tools and libraries facilitating building and training models, e.g. Torch [CBM02], Theano [BLP+12], Chainer [TOHC15] or TensorFlow [ABC+16]. While those tools significantly accelerate computations (e.g. parallelization during data loading, utilization of GPUs for matrix algebra and distribution of computational graphs on many GPUs), they are still not sufficient, considering the evolution of the Machine Learning domain. Three partially unsolved issues worth mentioning are as follows. First, when developing a new model for a new problem, one should compare its performance against some baselines, i.e. other, well established models, ideally using the same experiment setup (e.g. standardization of the object detection API in TensorFlow [HRS+17]).
    [Show full text]