Watch a 13-minute conference talk from USENIX Security '24 exploring a novel approach to adversarial training in deep neural networks. Learn how researchers from Ben-Gurion University tackle the challenge of adversarial examples by splitting each class into "clean" and "adversarial" categories, effectively doubling the number of classes but simplifying decision boundaries. Discover how this innovative method achieves robust models while maintaining optimal or near-optimal natural accuracy, demonstrated through experiments on CIFAR-10 dataset achieving 95.01% accuracy. Understand the theoretical framework behind this approach and its practical implications for real-world applications where natural accuracy is crucial. Explore how this general method provides significant robustness to classifiers while minimizing degradation of their natural accuracy, offering a promising solution to one of deep learning's fundamental weaknesses.
Splitting the Difference on Adversarial Training - A Method for Robust Neural Networks
Overview
Syllabus
USENIX Security '24 - Splitting the Difference on Adversarial Training
Taught by
USENIX
Related Courses
-
Advanced Generative Adversarial Networks (GANs)
-
Getting Robust - Securing Neural Networks Against Adversarial Attacks
-
Explaining and Harnessing Adversarial Examples in Machine Learning - Spring 2021
-
DNN-GP: Diagnosing and Mitigating Model's Faults Using Latent Concepts
-
One Pixel Adversarial Attacks via Sketched Programs
-
Neural Nets for NLP 2021 - Adversarial Methods
