MIT Research News' Journal
 
 [Most Recent Entries] [Calendar View]

Friday, May 10th, 2019

    Time Event
    12:00a
    How to tell whether machine-learning systems are robust enough for the real world

    MIT researchers have devised a method for assessing how robust machine-learning models known as neural networks are for various tasks, by detecting when the models make mistakes they shouldn’t.

    Convolutional neural networks (CNNs) are designed to process and classify images for computer vision and many other tasks. But slight modifications that are imperceptible to the human eye — say, a few darker pixels within an image — may cause a CNN to produce a drastically different classification. Such modifications are known as “adversarial examples.” Studying the effects of adversarial examples on neural networks can help researchers determine how their models could be vulnerable to unexpected inputs in the real world.

    For example, driverless cars can use CNNs to process visual input and produce an appropriate response. If the car approaches a stop sign, it would recognize the sign and stop. But a 2018 paper found that placing a certain black-and-white sticker on the stop sign could, in fact, fool a driverless car’s CNN to misclassify the sign, which could potentially cause it to not stop at all.

    However, there has been no way to fully evaluate a large neural network’s resilience to adversarial examples for all test inputs. In a paper they are presenting this week at the International Conference on Learning Representations, the researchers describe a technique that, for any input, either finds an adversarial example or guarantees that all perturbed inputs — that still appear similar to the original — are correctly classified. In doing so, it gives a measurement of the network’s robustness for a particular task.

    Similar evaluation techniques do exist but have not been able to scale up to more complex neural networks. Compared to those methods, the researchers’ technique runs three orders of magnitude faster and can scale to more complex CNNs.

    The researchers evaluated the robustness of a CNN designed to classify images in the MNIST dataset of handwritten digits, which comprises 60,000 training images and 10,000 test images. The researchers found around 4 percent of test inputs can be perturbed slightly to generate adversarial examples that would lead the model to make an incorrect classification.

    “Adversarial examples fool a neural network into making mistakes that a human wouldn’t,” says first author Vincent Tjeng, a graduate student in the Computer Science and Artificial Intelligence Laboratory (CSAIL). “For a given input, we want to determine whether it is possible to introduce small perturbations that would cause a neural network to produce a drastically different output than it usually would. In that way, we can evaluate how robust different neural networks are, finding at least one adversarial example similar to the input or guaranteeing that none exist for that input.”

    Joining Tjeng on the paper are CSAIL graduate student Kai Xiao and Russ Tedrake, a CSAIL researcher and a professor in the Department of Electrical Engineering and Computer Science (EECS).

    CNNs process images through many computational layers containing units called neurons. For CNNs that classify images, the final layer consists of one neuron for each category. The CNN classifies an image based on the neuron with the highest output value. Consider a CNN designed to classify images into two categories: “cat” or “dog.” If it processes an image of a cat, the value for the “cat” classification neuron should be higher. An adversarial example occurs when a tiny modification to that image causes the “dog” classification neuron’s value to be higher.

    The researchers’ technique checks all possible modifications to each pixel of the image. Basically, if the CNN assigns the correct classification (“cat”) to each modified image, no adversarial examples exist for that image.

    Behind the technique is a modified version of “mixed-integer programming,” an optimization method where some of the variables are restricted to be integers. Essentially, mixed-integer programming is used to find a maximum of some objective function, given certain constraints on the variables, and can be designed to scale efficiently to evaluating the robustness of complex neural networks.

    The researchers set the limits allowing every pixel in each input image to be brightened or darkened by up to some set value. Given the limits, the modified image will still look remarkably similar to the original input image, meaning the CNN shouldn’t be fooled. Mixed-integer programming is used to find the smallest possible modification to the pixels that could potentially cause a misclassification.

    The idea is that tweaking the pixels could cause the value of an incorrect classification to rise. If cat image was fed in to the pet-classifying CNN, for instance, the algorithm would keep perturbing the pixels to see if it can raise the value for the neuron corresponding to “dog” to be higher than that for “cat.”

    If the algorithm succeeds, it has found at least one adversarial example for the input image. The algorithm can continue tweaking pixels to find the minimum modification that was needed to cause that misclassification. The larger the minimum modification — called the “minimum adversarial distortion” — the more resistant the network is to adversarial examples. If, however, the correct classifying neuron fires for all different combinations of modified pixels, then the algorithm can guarantee that the image has no adversarial example.

    “Given one input image, we want to know if we can modify it in a way that it triggers an incorrect classification,” Tjeng says. “If we can’t, then we have a guarantee that we searched across the whole space of allowable modifications, and found that there is no perturbed version of the original image that is misclassified.”

    In the end, this generates a percentage for how many input images have at least one adversarial example, and guarantees the remainder don’t have any adversarial examples. In the real world, CNNs have many neurons and will train on massive datasets with dozens of different classifications, so the technique’s scalability is critical, Tjeng says.

    “Across different networks designed for different tasks, it’s important for CNNs to be robust against adversarial examples,” he says. “The larger the fraction of test samples where we can prove that no adversarial example exists, the better the network should perform when exposed to perturbed inputs.”

    “Provable bounds on robustness are important as almost all [traditional] defense mechanisms could be broken again,” says Matthias Hein, a professor of mathematics and computer science at Saarland University, who was not involved in the study but has tried the technique. “We used the exact verification framework to show that our networks are indeed robust … [and] made it also possible to verify them compared to normal training.”

    2:10p
    Building a community for statistics and data science at MIT and beyond

    As a focal point for statistics at MIT, the Statistics and Data Science Center (SDSC) reflects the unique nature of statistics at MIT: steeped in cutting-edge computation, with both theoretical explorations and novel applications across departments and domains. As part of the Institute for Data, Systems, and Society (IDSS), the SDSC also fosters multi-disciplinary collaborations that bring new approaches to complex societal challenges.

    These themes — computation, cross-disciplinary collaboration, creative problem-solving — were all on display at the SDSC’s third annual SDSCon, a celebration of the statistics and data science community at MIT and beyond.

    SDSCon brought together over 200 participants from academia and industry, with talks ranging from tactics and techniques like machine learning to statistical applications in biology and business. “The purpose of SDSCon is to bring together folks ... interested in statistics and data science, to both celebrate as well as build community,” said SDSC director and professor of electrical engineering and computer science (EECS) Devavrat Shah in his opening remarks. School of Engineering Dean Anantha Chandrakasan commented on the work the SDSC has done in building that community by “coalescing a community of scholars across campus around the shared mission to use statistical tools to advance research and education.”

    “I feel somewhat like an interloper because I am not a statistician,” joked Esther Duflo in a plenary talk that highlighted how statistical methods are being used in new cross-disciplinary ways to address societal challenges. Duflo is the Abdul Latif Jameel Professor of Poverty Alleviation and Development Economics at MIT. Her research uses machine learning to analyze the results of randomized control trials. Combined with data collection and the leveraging of social networks, she seeks to raise the number of children in developing countries who receive crucial, life-saving immunizations.

    A panel of talks exploring statistics in the social sciences addressed other key societal challenges. Alberto Abadie, an MIT professor of economics and associate director of IDSS, discussed how data science is driving changes in social science research and policy making. Stanford University’s Ashish Goel looked at tools for public decision making, while Aaron Roth of the University of Pennsylvania explored how social values and ethics can be better embedded into algorithms that make autonomous decisions.

    Members of the community of scholars employing advanced statistics tools at MIT gave presentations on their work, ranging from mechanical engineering and IDSS Professor Anette “Peko” Hosoi’s investigation of luck versus skill in fantasy sports, to biology professor and SDSC affiliate Aviv Regev’s design for better experiments in solving large scale challenges in cellular biology. Nike Sun, an MIT math professor, described progress toward a solution in a theoretical geometric problem in classic probability called the Ising perceptron, while John Tsitsiklis, an EECS professor who directs MIT’s Laboratory for Information and Decision Systems, gave a plenary talk focused on gaps between theory and practice in a kind of machine learning known as reinforcement learning.

    SDSCon also featured talks from data science practitioners in industry. Dawn Woodard, an adjunct professor at Cornell University who is also director of data science for maps at Uber, demonstrated methods for dynamic pricing and matching in ride hailing. Lester Mackey, an adjunct professor at Stanford and statistical machine learning researcher for Microsoft Research, discussed how machine learning tools are being used to improve weather and climate forecasting that is "subseasonal," a time period from two to six weeks in the future where precipitation prediction can have a big impact on water management.

    The Statistics and Data Science Center, along with IDSS, will join the new MIT Stephen A. Schwarzman College of Computing in the fall. The new college, like IDSS, crosses all five schools at MIT, and should serve as a fitting home for what Chandrakasan called the “deep interdisciplinary nature of statistics and data science.”

    Said Chandrakasan: “I commend SDSC for providing a shared space among disciplines, and shaping the practice of statistics at MIT in a manner that focuses on multi-disciplinary collaborations that examine some of the most complex societal challenges we face today.”

    5:15p
    MIT, Blue Origin to cooperate on sending research experiment to the moon

    MIT and Blue Origin have signed a memorandum outlining plans to pursue mutual interests in space exploration. MIT will develop one or more payload experiments to be launched aboard Blue Origin’s Blue Moon, a flexible lander delivering a wide variety of small, medium, and large payloads to the lunar surface.

    MIT Apollo Professor of Astronautics and former NASA Deputy Director Dava Newman, who developed the agreement with Blue Origin, says that over the coming months, MIT researchers will invite input from the MIT community to help determine the nature of the flight opportunity experiment. “Some potential areas include smart habitats, rovers, life support and autonomous systems, human-machine interaction, science of the moon, lunar poles, sample return, and future astronaut performance and suit technologies,” Newman says.

    Blue Origin’s business development director, A.C. Charania, has said the company’s lunar transportation program is its “first step to developing a lunar landing capability for the country, for other customers internationally, to be able to land multimetric tons on the lunar surface.” Blue Moon payloads could include science experiments, rovers, power systems, and sample return stages.

    MIT has a long history of aerospace engineering development and lunar science related to space exploration, including receiving the first major contract of the Apollo program, which involved the design and development of the lunar missions’ guidance and navigation computers. MIT experiments have flown on Space Shuttle missions, and been conducted aboard Skylab, Mir, and the International Space Station. MIT also led the GRAIL (Gravity Recovery And Interior Laboratory) mission to explore the moon’s gravity field and geophysical structure.

    << Previous Day 2019/05/10
    [Calendar]     		Next Day >>

MIT Research News   About LJ.Rossia.org