Show simple item record

dc.contributor.authorKubo, Yoshimasa
dc.date.accessioned2019-12-02T14:18:31Z
dc.date.available2019-12-02T14:18:31Z
dc.identifier.urihttp://hdl.handle.net/10222/76737
dc.description.abstractAdding small perturbations to test images can drastically change the classification accuracy of machine learning models. These perturbed examples are called adversarial examples (Szegedy et al., 2013). Studying these examples may shed light on the learned structure in the network, as well as on the potential security threat that they pose for practical machine learning applications (Kurakin et al., 2016}. Furthermore, since human observers can be fooled by adversarial examples (Elsayed et al., 2018), this study may aid in preventing the manipulation of human observers' reactions. In this thesis, at first, we focus on gaining an understanding of the cause of adversarial examples. We argue, adding to the view of Galloway et al., that overfitting is a factor of adversarial examples, while the other researchers found the cause of adversarial examples is not related to overfitting. To make this argument, we include two directions in our study, the first is to evaluate several standard regularization techniques with adversarial attacks, and the second is to evaluate stochastic binarized neural networks on adversarial examples. We report that strong regularizations including stochastic binarized neural networks do not only improve overfitting but also help the networks in fighting against adversarial attacks. Furthermore, we introduce a model called the Stochastic-Gated Partially Binarized Network (SGBN), which incorporates binarization and input dependent stochasticity. In particular, a gate module learns the probability that individual weights in corresponding convolutional filters should be masked (turned on or off). The gate module itself consists of a shallow convolutional neural network, and its sigmoid outputs are stochastically binarized and pointwise multiplied with corresponding filters in the convolutional layer of the main network. We test and compare our model with several related approaches on both white- and black-box attacks, and to try to gain an understanding of our model, we visualize activations of some of the gating network outputs and their corresponding filters. Moreover, we apply a simple version of SGBN to a toy experiment to gain an understanding of how changeable the activations of the gate modules may be.en_US
dc.language.isoenen_US
dc.subjectDeep learningen_US
dc.subjectStochastic binarized networken_US
dc.subjectAdversarial examplesen_US
dc.titleLearning Stochastic Weight Masking to Resist Adversarial Attacksen_US
dc.date.defence2019-11-18
dc.contributor.departmentFaculty of Computer Scienceen_US
dc.contributor.degreeDoctor of Philosophyen_US
dc.contributor.external-examinerDr. Pawan Lingrasen_US
dc.contributor.graduate-coordinatorDr. Michael McAllisteren_US
dc.contributor.thesis-readerDr. Fernando Paulovichen_US
dc.contributor.thesis-readerDr. Malcolm Heywooden_US
dc.contributor.thesis-supervisorDr. Thomas Trappenbergen_US
dc.contributor.thesis-supervisorDr. Sageev Ooreen_US
dc.contributor.ethics-approvalNot Applicableen_US
dc.contributor.manuscriptsYesen_US
dc.contributor.copyright-releaseYesen_US
 Find Full text

Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record