Tuesday, Feb 26, 2019. 12:00 PM. NSH 3305

Back to Seminar Schedule

Eric Wong -- Provable defenses against adversarial attacks: from linear programming to dual networks

Abstract: In this talk, I will present recent progress on duality-based certified defenses against adversarial attacks for neural networks. Using convex relaxations of network architectures, we are able to: 1) provide a certified bound on the worst case adversarial output of a network over a perturbation region in the input space 2) the bound can be computed as a pass through a "dual network" which has structure similar to the backwards pass of the original architecture 3) training against this bound learns networks which are provably safe against any adversarial attack in the given threat model