We cordially invite you to the first CS Colloquium of the year with Prof. Shamir on „A New Theory of Adversarial Examples in Machine Learning.“ in HS1 of the faculty building at Währinger Straße 29.
CS-Colloquium mit Prof. Adi Shamir (Weizmann Institute of Science)
A New Theory of Adversarial Examples in Machine Learning
WHEN
17.5.2022, 13:30
WHERE
HS1
Währinger Straße 29, 1090 Wien
„Adi Shamir is an internationally recognized cryptographer. He has a number of claims to fame including being a co-inventor of the RSA public-key cryptography algorithm for encoding and decoding messages, co-inventor of a zero-knowledge proof scheme that allows one individual to show they know certain information without actually divulging it, and a major contributor to what has become known as differential cryptanalysis as well as other significant contributions to computer science.“ (Source: ACM A.M. Turing Award Laureates)
Abstract
The extreme fragility of deep neural networks when presented with tiny perturbations in their inputs was independently discovered by several research groups in 2013. Due to their mysterious properties and major security implications, these adversarial examples had been studied extensively over the last eight years, but in spite of enormous effort they remained a baffling phenomenon with no clear explanation. In particular, it was not clear why a tiny distance away from almost any cat image there are images which are recognized with a very high level of confidence as cars, planes, frogs, horses, or any other desired class, why the adversarial modification which turns a cat into a car does not look like a car at all, and why a network which as adversarially trained with randomly permuted labels (so that it never saw any image which looks like a cat being called a cat) still recognizes most cat images as cats. The goal of this talk is to introduce a new theory of adversarial examples, which we call the Dimpled Manifold Model. It can easily explain in a simple and intuitive way why they exist and why they have all the bizarre properties mentioned above, by using the weird geometry of high imensional spaces.
Experimental support for this theory, obtained jointly with Odelia Melamed and Oriel BenShmuel, will be presented and discussed in the last part of the talk.
Bio
Prof. Adi Shamir is one of the founders of modern cryptography and has made significant contributions to many of its branches.
He received his PhD from the Weizmann Institute of Science in 1977. Also in 1977, he co-invented (together with Ron L. Rivest and Leonard M. Adleman) the RSA cryptosystem, which remains the best known and most commonly used public-key encryption and signature scheme. Among his other inventions are secret sharing schemes, identity-based schemes, zero-knowledge identification, and signature schemes, ring signatures, and a variety of both classical and side-channel attacks on cryptosystems including differential cryptanalysis, cache attacks, bug attacks, and acoustic attacks. For these contributions, he received the Pius XI Gold Medal in 1992, the Turing Award in 2002, the Israel Prize in 2008, and the Japan Prize in 2017. He is a member of the Israeli Academy of Science, the US National Academy of Science, the Academia Europaea, the French Academy of Science, the Royal Society, and the American Philosophical Society. (Sources: The Royal Society, ACM A.M. Turing Award Laureates & Wikipedia)