DOCSLIB.ORG

White-Box Vs Black-Box: Bayes Optimal Strategies for Membership Inference

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
White-Box Vs Black-Box: Bayes Optimal Strategies for Membership Inference White-box vs Black-box: Bayes Optimal Strategies for Membership Inference Alexandre Sablayrolles 12 Matthijs Douze 2 Yann Ollivier 2 Cordelia Schmid 1 HerveJ´ egou´ 2 Abstract both the privacy and intellectual property associated with data. For neural networks, the privacy issue was recently Membership inference determines, given a sam- considered by Yeom et al. (2018) for the MNIST and CI- ple and trained parameters of a machine learn- FAR datasets. The authors evidence the close relationship ing model, whether the sample was part of the between overfitting and privacy of training images. This is training set. In this paper, we derive the optimal reminiscent of prior membership inference attacks, which strategy for membership inference with a few as- employ the output of the classifier associated with a particu- sumptions on the distribution of the parameters. lar sample to determine whether it was used during training We show that optimal attacks only depend on the or not (Shokri et al., 2017). loss function, and thus black-box attacks are as good as white-box attacks. As the optimal strat- At this stage, it is worth defining the different levels of egy is not tractable, we provide approximations of information to which the “attacker”, i.e., the membership it leading to several inference methods, and show inference system, has access to. We assume that the attacker that existing membership inference methods are knows the data distribution and the specifications of the coarser approximations of this optimal strategy. model (training procedure, architecture of the network, etc), Our membership attacks outperform the state of even though they are not necessarily required for all meth- the art in various settings, ranging from a simple ods. We refer to the white-box setting as the case where the logistic regression to more complex architectures attacker knows all the network parameters. On a side note, and datasets, such as ResNet-101 and Imagenet. the setup commonly adopted in differential privacy (Dwork et al., 2006) corresponds to the white-box setting, where the attacker additionally knows all the training samples except 1. Introduction the one to be tested. Ateniese et al. (2015) state that “it is unsafe to release The black-box setting is when these parameters are unknown. trained classifiers since valuable information about the For classification models, the attacker has only access to the training set can be extracted from them”. The problem output for a given input, in one of the following forms: that we address in this paper, i.e., to determine whether a (i) the classifier decision; sample has been used to train a given model, is related to (ii) the loss of the correct label; the privacy implications of machine learning systems. They (iii) the full response for all classes. were first discussed in the context of support vector ma- Prior works on membership inference commonly assume chines (Rubinstein et al., 2009; Biggio et al., 2014). The (i) or (iii). Our paper focuses on the black-box case (ii), problem of “unintended memorization” (Carlini et al., 2018) in which we know the loss incurred by the correct label. appears in most applications of machine learning, such as The state of the art in this setting are the shadow models natural language processing systems (Carlini et al., 2018) proposed by Shokri et al. (2017). or image classification (Yeom et al., 2018). In our work, we use a probabilistic framework to derive More specifically, we consider the problem of membership a formal analysis of the optimal attack. This framework inference, i.e., we aim at determining if a specific image was encompasses both Bayesian learning, and noisy training, used to train a model, given only the (image, label) pair and where the noise is injected (Welling & Teh, 2011) or comes the model parameters. This question is important to protect from the stochasticity of SGD. Under mild assumptions on 1University Grenoble Alpes, Inria, CNRS, Grenoble INP, LJK the distribution of the parameters, we derive the optimal 2Facebook AI Research. Correspondence to: Alexandre Sablay- membership inference strategy. This strategy only depends rolles <[email protected]>. on the classifier through evaluation of the loss, thereby show- th ing that black-box attacks will perform as well as white-box Proceedings of the 36 International Conference on Machine attacks in this optimal asymptotic setting. This result may Learning, Long Beach, California, PMLR 97, 2019. Copyright 2019 by the author(s). explain why, to the best of our knowledge, the literature White-box vs Black-box: Bayes Optimal Strategies for Membership Inference does not report white-box attacks outperforming the state- popular neural nets can perfectly fit them in simple cases, of-the-art black-box-(ii) attacks. such as small datasets (CIFAR10) or Imagenet without data augmentation. Krueger et al. (2017) extend their analysis The aforementioned optimal strategy is not tractable, and argue in particular that the effective capacity of neural therefore we introduce approximations to derive an nets depends on the dataset considered. In a privacy con- explicit method for membership inference. As a text, Yeom et al. (2018) exploit this memorizing property byproduct of this derivation, we show that state-of-the- to watermark networks. As a side note, random labeling art approaches (Shokri et al., 2017; Yeom et al., 2018) are and data augmentation have been used for the purpose of coarser approximations of the optimal strategy. One of training a network without any annotated data (Dosovitskiy the approximation drastically simplifies the membership et al., 2014; Bojanowski & Joulin, 2017). inference procedure by simply relying on the loss and a cal- ibration term. We employ this strategy to the more complex In the context of differential privacy (Dwork et al., 2006), case of neural networks, and show that it outperforms all recent works (Wang et al., 2016; Bassily et al., 2016) sug- approaches we are aware of. gest that guaranteeing privacy requires learning systems to generalize well, i.e., to not overfit. Wang et al. (2015) show In summary, our main contributions are as follows: that Bayesian posterior sampling offers differential privacy guarantees. Abadi et al. (2016) introduce noisy SGD to We show, under a few assumptions on training, that the • learn deep models with differential privacy. optimal inference only depends on the loss function, and not on the parameters of the classifier. In other Membership Inference. A few recent works (Hayes terms, white-box attacks don’t provide any additional et al., 2017; Shokri et al., 2017; Long et al., 2018) have ad- information and result in the same optimal strategy. dressed membership inference. Yeom et al. (2018) propose a series of membership attacks and derive their performance. We employ different approximations to derive three • Long et al. (2018) observe that some training images are explicit membership attack strategies. We show that more vulnerable than others and propose a strategy to iden- state-of-the-art methods constitute other approxima- tify them. Hayes et al. (2017) analyze privacy issues arising tions. Simple simulations show the superiority of our in generative models. Dwork et al. (2015) and Sankarara- approach on a simple regression problem. man et al. (2009) provide optimal strategies for membership We apply a simplified, tractable, strategy to infer the inference in genomics data. • membership of images to the train set in the case of Shadow models. Shadow models were introduced by the public image classification benchmarks CIFAR and Shokri et al. (2017) in the context of black-box attacks. Imagenet. It outperforms the state of the art for mem- In this setup, an attacker has black-box-(iii) access (full re- bership inference, namely the shadow models. sponse for all classes) to a model trained on a private dataset, and to a public dataset that follows the same distribution as The paper is organized as follows. Section 2 reviews related the private dataset. The attacker wishes to perform member- work. Section 3 introduces our probabilistic formulation ship inference using black-box outputs of the private model. and derives our main theoretical result. This section also For this, the attacker simulates models by training shadow discusses the connection between membership inference models on known splits from the public set. On this simu- and differential privacy. Section 4 considers approximations lated models, the attacker can analyze the output patterns for practical use-cases, which allow us to derive inference corresponding to samples from the training set and from a strategies in closed-form, some of which are connected with held-out set. Shokri et al. (2017) propose to train an attack existing methods from the literature. Section 5 summarizes model that learns to predict, given an output pattern, whether the practical algorithms derived from our analysis. Finally, it corresponds to a training or held-out sample. If the attack Section 6 considers the more difficult case of membership model simply predicts “training” when the output activa- inference for real-life neural networks and datasets. tions fire on the correct class, this strategy is equivalent to Yeom et al. (2018)’s adversary. Salem et al. (2019) further 2. Related work show that shadow models work under weaker assumptions than those of Shokri et al. (2017). Leakage of information from the training set. Our work is related to the topics of overfitting and memorization 3. Membership inference model capabilities of classifiers. Determining what neural net- works actually memorize from their training set is not trivial. In this section, we derive the Bayes optimal performance A few recent works (Zhang et al., 2017; Yeom et al., 2018) for membership inference (Theorem 1). We then make evaluate how a network can fit random labels. Zhang et al. the connection with differential privacy and propose looser (2017) replace true labels by random labels and show that guarantees that prevent membership inference.
Load more

Recommended publications
  • Existing Cybernetics Foundations - B
    SYSTEMS SCIENCE AND CYBERNETICS – Vol. III - Existing Cybernetics Foundations - B. M. Vladimirski EXISTING CYBERNETICS FOUNDATIONS B. M. Vladimirski Rostov State University, Russia Keywords: Cybernetics, system, control, black box, entropy, information theory, mathematical modeling, feedback, homeostasis, hierarchy. Contents 1. Introduction 2. Organization 2.1 Systems and Complexity 2.2 Organizability 2.3 Black Box 3. Modeling 4. Information 4.1 Notion of Information 4.2 Generalized Communication System 4.3 Information Theory 4.4 Principle of Necessary Variety 5. Control 5.1 Essence of Control 5.2 Structure and Functions of a Control System 5.3 Feedback and Homeostasis 6. Conclusions Glossary Bibliography Biographical Sketch Summary Cybernetics is a science that studies systems of any nature that are capable of perceiving, storing, and processing information, as well as of using it for control and regulation. UNESCO – EOLSS The second title of the Norbert Wiener’s book “Cybernetics” reads “Control and Communication in the Animal and the Machine”. However, it is not recognition of the external similaritySAMPLE between the functions of animalsCHAPTERS and machines that Norbert Wiener is credited with. That had been done well before and can be traced back to La Mettrie and Descartes. Nor is it his contribution that he introduced the notion of feedback; that has been known since the times of the creation of the first irrigation systems in ancient Babylon. His distinctive contribution lies in demonstrating that both animals and machines can be combined into a new, wider class of objects which is characterized by the presence of control systems; furthermore, living organisms, including humans and machines, can be talked about in the same language that is suitable for a description of any teleological (goal-directed) systems.
    [Show full text]
  • Building the Observer Into the System: Toward a Realistic
    Building the Observer into the System: Toward a Realistic Description of Human Interaction with the World Chris Fields 243 West Spain Street Sonoma, CA 95476 USA fi[email protected] November 11, 2016 Abstract Human beings do not observe the world from the outside, but rather are fully embedded in it. The sciences, however, often give the observer both a “god’s eye” perspective and substantial a priori knowledge. Motivated by W. Ross Ashby’s state- ment, “the theory of the Black Box is merely the theory of real objects or systems, when close attention is given to the question, relating object and observer, about what information comes from the object, and how it is obtained” (Introduction to Cyber- netics, 1956, p. 110), I develop here an alternate picture of the world as a black box to which the observer is coupled. Within this framework I prove purely-classical analogs of the “no-go” theorems of quantum theory. Focussing on the question of identifying macroscopic objects, such as laboratory apparatus or even other observers, I show arXiv:1411.3405v6 [quant-ph] 10 Nov 2016 that the standard quantum formalism of superposition is required to adequately rep- resent the classical information that an observer can obtain. I relate these results to supporting considerations from evolutionary biology, cognitive and developmental psychology, and artificial intelligence. Subject Classification: 03.65.Yz; 04.60.Bc Keywords:black box; classicality; environment as witness; Landauer’s principle; pragmatic information; quantum Darwinism; separability; superposition; time 1 The theory of the Black Box is merely the theory of real objects or systems, when close attention is given to the question, relating object and observer, about what information comes from the object, and how it is obtained.
    [Show full text]
  • Black Box, Black Bloc” a Lecture Given at the New School in New York City on April 12, 2010 Alexander R
    “Black Box, Black Bloc” A lecture given at the New School in New York City on April 12, 2010 Alexander R. Galloway Facial recognition and autoblur software, Google Street View, 20 Rue de la Vicarie, Saint Brieuc, France. Of all the revivals in recent years--a period of history in which the revival itself has been honed to such a degree that it persists as mere “blank parody”--the revival of Hegel is the most startling, although certainly not for those involved. Hegelianisms of all shapes and sizes prevail today, from Catherine Malabou's dutiful reconstruction of the “plastic” dialectical transformations, to the hysterical antimaterialism of Slavoj Žižek and his convocation of the inescapable bind between the “determinate negation” and the “wholly Other,” from which explodes the terror of proletarian power. Is not Woody Allen's character Alvy Singer in Annie Hall the perfect summation of Žižek's political project: Okay I'm a bigot, but for the left! Or consider the unrepentant Hegelian Alain Badiou who stakes everything on being as a pure formalism that only ever realizes itself through the event, an absolute departure from the state of the situation. Only the Hegelian dialectic, and not the Marxist one, can snap back so cleanly to its origins like this, suggesting in essence that Aufhebung was always forever a spectralization and not a mediation in general, that in other words the 1 ultimate truth of the Hegelian dialectic is spirit, not negation or becoming or anything so usefully mechanical. The negation is thus revoked during synthesis, much more than it is resolved.
    [Show full text]
  • Opening the Black Box: the Contextual Drivers of Social Accountability
    Opening the Black B Opening the Black The Con new fronTiers of s oCial PoliCy Citizens across the world are calling for greater citizen-state engagement. Social accountability (SA) has steadily gained prominence for its intrinsic value as well as for its potential to bring about a range of development outcomes. But how and when does social T accountability support service delivery as well as institutional outcomes such as state ex T legitimacy and citizen trust? This book provides a framework to assess the contextual ual Drivers of drivers of social accountability effectiveness based on a definition of SA as the interplay of citizen action and state action, supported by civic mobilization, interface, and information. The proposed framework provides practitioners with a systematic way to assess context for SA in order to design, implement, and monitor SA approaches tailored to a specific context and issue. The book also applies the framework to challenging country contexts. In doing so, it addresses key knowledge gaps on how policy makers, practitioners, and development O institutions can best support development outcomes through social accountability and s o citizen engagement. x C ial “At last, we have in one place, a comprehensive picture of our current knowledge about Acc social accountability! This book presents cutting-edge analysis, provides a synthesis of the evidence, and advances our thinking on three key fronts. Foremost, the authors take oun the whole issue of context seriously, examine in micro detail the various contextual T factors that matter for social accountability work, what we know about them, and how abili they unfold in a variety of empirical cases.
    [Show full text]
  • The Cybernetic Brain
    THE CYBERNETIC BRAIN THE CYBERNETIC BRAIN SKETCHES OF ANOTHER FUTURE Andrew Pickering THE UNIVERSITY OF CHICAGO PRESS CHICAGO AND LONDON ANDREW PICKERING IS PROFESSOR OF SOCIOLOGY AND PHILOSOPHY AT THE UNIVERSITY OF EXETER. HIS BOOKS INCLUDE CONSTRUCTING QUARKS: A SO- CIOLOGICAL HISTORY OF PARTICLE PHYSICS, THE MANGLE OF PRACTICE: TIME, AGENCY, AND SCIENCE, AND SCIENCE AS PRACTICE AND CULTURE, A L L PUBLISHED BY THE UNIVERSITY OF CHICAGO PRESS, AND THE MANGLE IN PRAC- TICE: SCIENCE, SOCIETY, AND BECOMING (COEDITED WITH KEITH GUZIK). THE UNIVERSITY OF CHICAGO PRESS, CHICAGO 60637 THE UNIVERSITY OF CHICAGO PRESS, LTD., LONDON © 2010 BY THE UNIVERSITY OF CHICAGO ALL RIGHTS RESERVED. PUBLISHED 2010 PRINTED IN THE UNITED STATES OF AMERICA 19 18 17 16 15 14 13 12 11 10 1 2 3 4 5 ISBN-13: 978-0-226-66789-8 (CLOTH) ISBN-10: 0-226-66789-8 (CLOTH) Library of Congress Cataloging-in-Publication Data Pickering, Andrew. The cybernetic brain : sketches of another future / Andrew Pickering. p. cm. Includes bibliographical references and index. ISBN-13: 978-0-226-66789-8 (cloth : alk. paper) ISBN-10: 0-226-66789-8 (cloth : alk. paper) 1. Cybernetics. 2. Cybernetics—History. 3. Brain. 4. Self-organizing systems. I. Title. Q310.P53 2010 003’.5—dc22 2009023367 a THE PAPER USED IN THIS PUBLICATION MEETS THE MINIMUM REQUIREMENTS OF THE AMERICAN NATIONAL STANDARD FOR INFORMATION SCIENCES—PERMA- NENCE OF PAPER FOR PRINTED LIBRARY MATERIALS, ANSI Z39.48-1992. DEDICATION For Jane F. CONTENTS Acknowledgments / ix 1. The Adaptive Brain / 1 2. Ontological Theater / 17 PART 1: PSYCHIATRY TO CYBERNETICS 3.
    [Show full text]
  • Second Order Cybernetics 31/08/2008 10:08
    SECOND ORDER CYBERNETICS 31/08/2008 10:08 Search Print this chapter Cite this chapter SECOND ORDER CYBERNETICS Ranulph Glanville, CybernEthics Research, UK and Royal Melbourne Institute of Technology University, Australia Keywords: actor, analogy, argument, automata, autopoiesis, behavior, biology, Black_Box, causality, circularity, coding, cognition, communication, computation, concept, consciousness, control, conversation, cybernetics, description, design, distinction, ecology, education, environment, epistemology, error, ethics, feedback, form, function, generosity, goal, homeostasis, idea, identity, individual, information, interaction, internet, knowing, language, learning, logic, management, mathematics, meaning, mechanism, memory, meta-, metaphor, moment, mutualism, network, object, observe, organizational_closure, oscillation, person, phenomenon, philosophical, physics, positivist, (post-)_modernism, praxis, process, program, psychology, purpose, quality, reality, reason, recursion, relative, responsibility, science, second_order_cybernetics, (self-)_reference, semiotics, social, structure, subject, support, system, theory, thinking, time, truth, understanding, variety, whole_(and_part) Contents 1. Introduction: What Second Order Cybernetics is, and What it Offers 2. Background—the Logical Basis for Second Order Cybernetics 3. Second Order Cybernetics—Historical Overview 4. Theory of Second Order Cybernetics 5. Praxis of Second Order Cybernetics 6. A Note on Second Order Cybernetics and Constructivism 7. Cybernetics, Second Order
    [Show full text]
  • Copying Black-Box Models Using Generative Evolutionary Algorithms
    Black-Box Ripper: Copying black-box models using generative evolutionary algorithms Antonio Barb˘ al˘ au˘ 1;∗, Adrian Cosma2, Radu Tudor Ionescu1, Marius Popescu1 1University of Bucharest, Romania 2University Politehnica of Bucharest, Romania ∗[email protected] Abstract We study the task of replicating the functionality of black-box neural models, for which we only know the output class probabilities provided for a set of input images. We assume back-propagation through the black-box model is not possible and its training images are not available, e.g. the model could be exposed only through an API. In this context, we present a teacher-student framework that can distill the black-box (teacher) model into a student model with minimal accuracy loss. To generate useful data samples for training the student, our framework (i) learns to generate images on a proxy data set (with images and classes different from those used to train the black-box) and (ii) applies an evolutionary strategy to make sure that each generated data sample exhibits a high response for a specific class when given as input to the black box. Our framework is compared with several baseline and state-of-the-art methods on three benchmark data sets. The empirical evidence indicates that our model is superior to the considered baselines. Although our method does not back-propagate through the black-box network, it generally surpasses state-of-the-art methods that regard the teacher as a glass-box model. Our code is available at: https://github.com/antoniobarbalau/black-box-ripper. 1 Introduction In the last couple of years, AI has gained a lot of attention in industry, due to the latest research developments in the field, e.g.
    [Show full text]
  • Black Box Activities for Grades Seven-Nine Science Programs And
    DOCUMENT RESUME ED 371 950 SE 054 618 AUTHOR Schlenker, Richard M., Comp. TITLE BlacE Box Activities for GradesSeven-Nine Science Programs and Beyond. A Supplement forScience 1, 2, &3. INSTITUTION Dependents Schools (DOD), Washington, DC.Pacific Region. PUB DATE 93 NOTE 157p. PUB TYPE Guides Classroom Use Instructional Materials (For Learner) (051) Guides Classroom Use Teaching Guides (For Teacher) (052) EDRS PRICE MF01/PC07 Plus Postage. DESCRIPTORS Astronomy; *Electric Circuits; InserviceEducation; Junior High Schools; *ScienceActivities; *Science Instruction; *Science Process Skills;Science Teachers; Scientific Methodology IDENTIFIERS *Black Box Activities;Dependents Schools; Handson Science ABSTRACT Many times science does not provideus with exact descriptions of phenomena or answers to questions but only allowsus to make educated guesses. Blackbox activities encourage thismethod of scientific thinking because the activity is performed insidl.a sealed container requiring thestudents to hypothesize on the contents and operation of the activity.This collection of hands-on activities was developed by inserviceteachers employed by the Department of Defense Dependents SchoolsPacific Region and were designed to help students achievethese realizations. The activities included are as follows: (1) "TheMystery Box";(2) "A Black Box"; (3) "Black Box ActiviLya Project in Inferring"; (4) Black Box Creating Your Own Constellations"; (5) "Black Box Shadows";(6) Black Box Activity Electrical Circui,t's"; (7) "Black Box Grades 6-9"; (7) "Ways of Knowing-Activity 2The Black Box"; (8) "Black Box Experiment"; (9) "The Hands DownMethod of Random Sampling of Icebergs for Polar Bears and IceHoles. A Black Box Activity"; (10) "Black Box Materials Identification";and (11) "Milk Carton Madness." Each activity contains an overview, purpose, objectives,procedures, brief discussion of the resultsobtained in the classroom, and additional suggestions for classroomuse.
    [Show full text]
  • The Black Box Society
    THE BLACK BOX SOCIETY The Secret Algorithms That Control Money and Information FRANK PASQUALE Cambridge, Massachusetts London, En gland !"#$ CONTENTS ! Introduction—The Need to Know ! " Digital Reputation in an Era of Runaway Data !# $ The Hidden Logics of Search %# & Finance’s Algorithms: The Emperor’s New Codes !'! % Watching (and Improving) the Watchers !&' ( Toward an Intelligible Society !)# Notes ""! Ac know ledg ments $'% Index $'* [T]here is one world in common for those who are awake, but [when] men are asleep each turns away into a world of his own. —Heracleitus Million- fuelèd, ൏ nature’s bon+ re burns on. But quench her bonniest, dearest ൏ to her, her clearest-selvèd spark Man, how fast his + redint, ൏ his mark on mind, is gone! Both are in an unfathomable, all is in an enormous dark Drowned. —Gerard Manley Hopkins 1 INTRODUCTION—THE NEED TO KNOW EVERYBODY KNOWS the story about the man crawling intently around a lamppost on a dark night. When a police of+ cer comes along and wants to know what he’s doing, he says he’s looking for his keys. “You lost them here?” asks the cop. “No,” the seeker replies, “but this is where the light is.” This bromide about futility has lately taken on a whole new meaning as a meta phor for our increasingly enigmatic technologies. There’s a noble tradition among social scientists of trying to clar- ify how power works: who gets what, when, where, and why., Our common life is explored in books like The Achieving Society, The Winner-Take-All Society, The Good Society, and The Decent Society.
    [Show full text]
  • Meaningful Explanations of Black Box AI Decision Systems
    The Thirty-Third AAAI Conference on Artificial Intelligence (AAAI-19) Meaningful Explanations of Black Box AI Decision Systems Dino Pedreschi,1 Fosca Giannotti,2 Riccardo Guidotti,2 Anna Monreale,1 Salvatore Ruggieri,1 Franco Turini1 1University of Pisa, 2ISTI-CNR Pisa, Italy [email protected], [email protected] Abstract health status, personality profile. Black boxes map user fea- tures into a class or a score without explaining why, be- Black box AI systems for automated decision making, often based on machine learning over (big) data, map a user’s fea- cause the decision model is not comprehensible to stake- tures into a class or a score without exposing the reasons why. holders, even to expert data scientists. This is worrying not This is problematic not only for lack of transparency, but also only for the lack of transparency, but also for the possible bi- for possible biases inherited by the algorithms from human ases hidden in the algorithms. Machine learning constructs prejudices and collection artifacts hidden in the training data, predictive models and decision-making systems based on which may lead to unfair or wrong decisions. We focus on the data, i.e., the digital records of human activities and deci- urgent open challenge of how to construct meaningful expla- sions, such as opinions, movements, preferences, judicial nations of opaque AI/ML systems, introducing the local-to- sentences, medical diagnoses, performance scores, etc. Con- global framework for black box explanation, articulated along sequently, ML models may reflect human biases and preju- three lines: (i) the language for expressing explanations in dices, as well as collection artifacts and sample selection bi- terms of logic rules, with statistical and causal interpretation; (ii) the inference of local explanations for revealing the deci- ases, possibly leading to unfair or simply wrong decisions.
    [Show full text]
  • ORGANIZATIONAL PATH DEPENDENCE: OPENING the BLACK BOX JO¨ RG SYDOW GEORG SCHREYO¨ GG Freie Universität Berlin JOCHEN KOCH European University Viadrina
    ஽ Academy of Management Review 2009, Vol. 34, No. 4, 1–000. ORGANIZATIONAL PATH DEPENDENCE: OPENING THE BLACK BOX JO¨ RG SYDOW GEORG SCHREYO¨ GG Freie Universität Berlin JOCHEN KOCH European University Viadrina To enable a better understanding of the underlying logic of path dependence, we set forth a theoretical framework explaining how organizations become path dependent. At its core are the dynamics of self-reinforcing mechanisms, which are likely to lead an organization into a lock-in. By drawing on studies of technological paths, we conceptualize the emergent process of path dependence along three distinct stages. We also use the model to explore breakouts from organizational path dependence and discuss implications for managing and researching organizational paths. The discourse on organizational innovation supposed to mean exactly? In organizational re- and change has become more complex. On the search the term is used mostly as a broad label one hand, there is an ever-increasing demand indicating all kinds of imprinting effects of the for more flexible or even fluid “new” organiza- past on organizational behavior (e.g., recently, tional forms. On the other hand, studies stress- Beckman & Burton, 2008). A closer examination ing organizational inertia and the historical im- quickly reveals that the predominant usage is printing of decision making (“history matters”) more metaphorical than theoretical in nature. A have come to the fore in management and or- clear specification is usually missing. This ganizational theory. There seems to be a means, at the same time, that no indicators are broadly shared feeling that we need to under- available that allow for examining whether or stand better how organizations can lose their not the organizational phenomena in question flexibility and become inert or even locked in.
    [Show full text]
  • Deep Learning Black Box Problem Master Thesis Research Project
    Deep Learning Black Box Problem Master Thesis Research Project Jabbar Hussain Subject: Information Systems Corresponds to: 30 hp Presented: VT 2019 Supervisor: Prof. Dr. Andreas Hamfelt Examiner: Prof. Dr. Pär Ågerfalk Department of Informatics and Media Jabbar Hussain Master Thesis Spring 2019 Abstract Application of neural networks in deep learning is rapidly growing due to their ability to outperform other machine learning algorithms in different kinds of problems. But one big disadvantage of deep neural networks is its internal logic to achieve the desired output or result that is un-understandable and unexplainable. This behavior of the deep neural network is known as “black box”. This leads to the following questions: how prevalent is the black box problem in the research literature during a specific period of time? The black box problems are usually addressed by so- called rule extraction. The second research question is: what rule extracting methods have been proposed to solve such kind of problems? To answer the research questions, a systematic literature review was conducted for data collection related to topics, the black box, and the rule extraction. The printed and online articles published in higher ranks journals and conference proceedings were selected to investigate and answer the research questions. The analysis unit was a set of journals and conference proceedings articles related to the topics, the black box, and the rule extraction. The results conclude that there has been gradually increasing interest in the black box problems with the passage of time mainly because of new technological development. The thesis also provides an overview of different methodological approaches used for rule extraction methods.
    [Show full text]