Profile picture
Nicolas Papernot
@NicolasPapernot
, 10 tweets, 4 min read Read on Twitter
CleverHans blog post with @nickfrosst: we explain how the Deep k-Nearest Neighbors (DkNN) and soft nearest-neighbor loss (SNNL) help recognize data that is not from the training distribution. The post includes an interactive figure (credit goes to Nick): cleverhans.io/security/2019/…
Models are deployed with little input validation, which boils down to expecting the classifier to correctly classify any input. This goes against one of the fundamental assumptions of ML: models should be presented at test time with inputs that fall on their training manifold.
If we deploy a model on inputs that may fall outside of this data manifold, we need mechanisms for figuring out whether a specific input/output pair is acceptable for a given ML model. In security, we sometimes refer to this as admission control (see arxiv.org/abs/1811.01134)
The DkN breaks the black-box myth around deep learning. Patterns extracted by hidden layers on a test input are compared to those found during training to ensure that when a label is predicted, patterns that led to this prediction can be found in the training data for this label.
This allows us to measure uncertainty in a way different from how neural nets typically compute class scores (we argue that the softmax is not ideal at test time). When patterns found in the training data agree with test-time patterns, the prediction has high credibility.
Adversarial examples typically gradually turn a small change in the input domain into a large change in the model’s output space. This results in layers closer to the input of the model having representations that are closer to the correct class of the input while
layers towards the output have representations that are closer to the wrong class. Credibility helps distinguish legitimate data from outlier data by forcing inputs to have more consistency across the network’s architecture.
We note that evaluations that do not take into account the credibility metric (as done in Sitawarin and Wagner arxiv.org/abs/1903.08333 to be presented at #sp19 's DLS workshop) are not sufficient to draw conclusions on the robustness of the DkNN.
Finally, with the SNNL, we modify the training objective of our neural net to improve the similarity structure of its hidden representations (which are then analyzed with the DkNN). This led us to a surprising observation:
encouraging hidden layers to entangle data (to bring points from different classes closer together) improved the similarity search performed by the DkNN more than encouraging representations to disentangle data, which would help achieve a large (SVM-like) margin between classes Logits of a normal model trained with cross-entropy (left); entangled model trained with both cross-entropy and the soft nearest-neighbor loss (right). The entangled model to the right better distinguishes outlier data (in blue) from legitimate data (in green) than the normal model to the left.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Nicolas Papernot
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#sp19

Related threads

Profile picture
Meenakshi Prabhune
@minu_pr
It's been 3 years since my first blog. I remember how terrified I was to hit "publish" on my first #blog post. Unleashing my words into the worldwide web was a scary thought. What if people hated my writing? Or worse, what if the article had mistakes? (1/5) #writingtips #SciComm
Importantly, this was supposed to be my first step towards transitioning into a career in #sciencewriting- a field that was a complete black box to my family and friends. Needless to say, everyone, including myself, was skeptical. (2/5)
Anyways, I tried, and learned 2 things over the years. 1) My writing didn't (positively or negatively) break the internet. At it's best and worst, readers moved on with their lives. (3/5)
Read 5 tweets
Profile picture
nick frosst
@nickfrosst
My new paper with @NicolasPapernot and @GeoffreyHinton is out on arXiv today. It’s about the similarity structure of representations space, outlier data (e.g. adversarial attacks) and generative models. Don’t have time to read the paper? Read this instead! arxiv.org/abs/1902.01889
Our paper focused on a loss we call Soft Nearest Neighbor Loss (SNNL). It measures the entanglement of labeled data points. Data with high SNNL has muddled up classes, while the classes of a data set with low SNNL are easy to separate.
We can measure the SNNL of the data in the hidden layers of a resnet during training and show that each layer separates the data slightly more than the previous layer. the last layer learns a representation of the data which separates the classes, so it has the lowest SNNL value
Read 9 tweets
Profile picture
Matthew Willemsen
@mwill_crypto
0/ 'Twas all happening on Wednesday in the world of #crypto/#blockchain! Below, I've put together a 25-part thread featuring all the best happenings in the space from the past day or so. Let's do this!
1a/ ⚖️ @MakerDAO [ $MKR / $DAI ] announced the MakerDAO Foundation underwent a major restructuring. Why? To "provide stronger support to help the Dai Credit system navigate an increasingly complex and ever-changing regulatory and competitive landscape." medium.com/makerdao/intro…
1b/ Ⓜ️ All Maker-related entities are part of the Maker Ecosystem Growth Group, a conglomerate of subsidiaries housed under the Cayman Islands-domiciled Maker Ecosystem Growth Foundation. It's temporary and "will dissolve once MakerDAO has achieved its decentralization goals."
Read 36 tweets
Profile picture
Vishal Vachhani
@vishal_gv
#MachineLearning in System #trading. Here is a simple idea to improve your system.

#MachineLearning(#ML,#DeepLearning) is used in stock trading algorithms/system intraday or EOD based system. Mostly these systems are predictive systems.

(1/n)
These predictive system are based on given OHLC and other indicators (like RSI,MA,etc) tries to predict the value of next close/open/...using Machine learning/AI algorithms. There are many simple statistic based systems(call it non-AI system) also... (2/n)
Aim: to improve win ratio using #MachineLearning specifically classification algorithms
Input: your historical system trade data with various system parameters(like, rsi, supertrend , atr, etc) along with status or trade(winning or losing)
(3/n)
Read 15 tweets
Profile picture
Matthew Willemsen
@mwill_crypto
0/ Investors breathed easier today as the price of large-cap digital assets like #bitcoin [ $BTC ] and #ether [ $ETH ] managed to hold steady.

Whilst many were glued to the charts, I was trawling through the interwebs for the latest from the world of #crypto. You're welcome 😉
1/ 📣 Fresh from launching v1.1.3 of its #mainnet, @NULSservice [ $NULS ] detailed the design architecture of NULS 2.0 in the below 23-page paper.

Allows #NULS to be more than just the underlying infrastructure of the #blockchain. Many more uses to come! nuls.io/api/v1/downloa…
2/ ⛏️ @UbiqSmart [ $UBQ ] has successfully hard-forked to #Ubqhash.

Having done so, Ubiq is now decoupled from #Ethash and, thus, is no longer vulnerable to rental hash attacks. This marks the first time an #Ethereum fork has forked to a PoW mining algorithm.
Read 19 tweets
Profile picture
Matthew Willemsen
@mwill_crypto
0/ A plethora of #crypto- and #blockchain-related events happening within the past 24 hours!

Below, a thread I've put together to help you keep track of it all. May it serve you well.
1/ 🌉 @POANetwork [ $POA ] announced the ERC20-to-ERC20 TokenBridge!

Now, projects can leverage separate #Ethereum-based networks to communicate with one another through the transformation of #ERC20 tokens. #Blockchain interoperability growing strong! medium.com/poa-network/in…
2/ 🚢 The @EthexMarket team shipped its Ethex Trade Wallet, a unique native mobile #dApp that features hassle-free #ether and #ERC20 token trading. Compliments their existing #Ethex browser dApp nicely! medium.com/ethex-market/i…
Read 23 tweets

Trending hashtags

#postofficetrial #human #data #Herzinfarkt #Smarch #cryptocurrency #Kang #0x #ERC20 #RalphStedman #LookNow #kuebelboeck #k #Brexit #45DaysOfElvisCostello #revenue #iOS #positivity #hours #value #Taproot #Dragonchain #truelove #SpiritualCoinOffering #NickPark
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!