EURO-Online login
- New to EURO? Create an account
- I forgot my username and/or my password.
- Help with cookies
(important for IE8 users)
4032. Towards analyzing DNNs by robust adversarial examples created with MILPs
Invited abstract in session MA-28: Advancements of OR-analytics in statistics, machine learning and data science 1, stream Advancements of OR-analytics in statistics, machine learning and data science.
Monday, 8:30-10:00Room: 065 (building: 208)
Authors (first author is the speaker)
| 1. | Rónán Rian Carl Richter
|
| LS Wirtschaftsmathematik, Universität Bayreuth | |
| 2. | Jörg Rambau
|
| Fakultät für Mathematik, Physik und Informatik, LS Wirtschaftsmathematik |
Abstract
The interest in the use of Deep Neutral Networks (DNNs) has grown rapidly over the last few years. As an increasing number of people and businesses are using DNN-based systems and governments start to take actions to regulate the use of artificial intelligence, there is a growing demand for methods to analyze the trustworthiness of a DNN and the limits of its application. One classical illustration for showing weaknesses of DNNs, especially in the context of image recognition, are Adversarial Examples. These are slightly modified versions of input data, that lead a DNN into wrong classifications. As Fischetti and Jo (2018) have shown, Adversarial Examples can be generated by using mathematical programming methods. Thus, these Adversarial Examples are provably optimal in respect to a given criterion, e.g. the distance to some given input data. However, the structure of these examples highly depends on the parameters of the network. To address this point, we will present a mixed-integer programming model for generating Adversarial Examples, that are robust with respect to small changes in the weights and biases of a DNN. For relaxations of the model, we will illustrate the impact of robustification on Adversarial Examples. Furthermore, we present experimental results on the influence of training data on the distance of Adversarial Examples and on the transferability of our examples.
Keywords
- Artificial Intelligence
- Programming, Mixed-Integer
- Robust Optimization
Status: accepted
Back to the list of papers