Date(s) - 22 Nov 2019
1:10 PM - 2:00 PM
3043 ECpE Building Addition
Title: Adversarial Attacks on Machine Learning Systems: Information-Theoretic Limits and Explanations
Abstract: We present a simple hypothesis about a compression property of artificial intelligence (AI) classifiers and present theoretical (geometric) arguments to show that this hypothesis successfully accounts for the observed fragility of AI classifiers to small adversarial perturbations. We also propose a new method for detecting when small input perturbations cause classifier errors, and show theoretical guarantees for the performance of this detection method. We present experimental results to demonstrate the effectiveness of this defense mechanism. We further study the information-theoretic limits of adversarial attacks.
Bio: Weiyu Xu received his B.E. in Information Engineering from Beijing University of Posts and Telecommunications in 2002, and a M.S. degree in Electronic Engineering from Tsinghua University in 2005. He received a M.S. and a Ph.D. degree in Electrical Engineering in 2006 and 2009 from California Institute of Technology (Caltech), with a minor in Applied and Computational Mathematics. He is currently an associate professor at the Department of Electrical and Computer Engineering at the University of Iowa. His research interests are signal processing, optimization, and high high dimensional geometry for signal processing.
ECpE Seminar Host: Zhengdao Wang