Finding Equilibrium in Adversarial Machine Learning - Intrinsic Trade-offs between the Robustness and Accuracy or Classifiers and Feature Extractors
Restricted (Penn State Only)
Author:
Roy, Parama
Graduate Program:
Electrical Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
June 12, 2024
Committee Members:
Daniel Cullina, Thesis Advisor/Co-Advisor Swaroop Ghosh, Committee Member Madhavan Swaminathan, Program Head/Chair
Keywords:
Machine Learning Linear Programming Adversarial Attacks Robustness Optimal Transport CVXOPT
Abstract:
Machine learning models are increasingly used to solve various real-life problems. In order to trust the results of these models, ensuring a model’s performance against adversarial attacks is paramount. In this thesis, a new method to compute the robustness of a machine learning feature extractor has been explored. A feature extractor is evaluated based on the adversarial budget required to induce approximate collisions in feature space between input examples from different classes. This notion leads to distance between examples that can can be efficiently computed by solving a convex optimization problem. The distance structure of an example distribution can be summarized via a particular optimal transport distance between the classes. Through various experiments it was shown that this method accurately calculates the robustness of the first layer of a pre-trained convolutional neural network. More work needs to be done to use this method to evaluate deeper layers of a machine learning model.
