Adversarial robustness meets imperfect training set

对抗鲁棒性满足不完善的训练集

• 批准号: 22K17955
• 负责人: Zhang Jingfeng
• 金额: $ 3万
• 依托单位: Institute of Physical and Chemical Research
• 依托单位国家: 日本
• 项目类别: Grant-in-Aid for Early-Career Scientists
• 财政年份: 2022
• 资助国家: 日本
• 起止时间: 2022-04-01 至 2024-03-31
• 项目状态: 已结题
• 来源: https://kaken.nii.ac.jp/en/grant/KAKENHI-PROJECT-22K17955/
• 关键词: adversarial robustness; imperfect data; robust algorithm; Adversarial robustness; imperfect training set

The AI algorithms can be adversarially fooled, which urgently requires developing adversarially robust learning algorithms in safety-critical applications. On the other hand, learning AI algorithms generally requires massive and high-quality data, which is costly and sometimes unrealistic; thus, an imperfect (e.g., noisy-label or poisoned) data unavoidably co-exists in the learning phase.In FY2022, we have developed adversarially robust learning algorithms with the support of the JSPS KAKENHI Grant, which can handle imperfect training sets, including noisy labels [1] and complementary labels [2]. Additionally, we have utilized a collaborative scheme with multiple models to further improve adversarial robustness [3]. Our research findings have been published in high-profile machine learning conferences and journals.[1] NoiLin: Improving Adversarial Training and Correcting Stereotype of Noisy Labels. J. Zhang*, X. Xu, B. Han, T. Liu, N. Gang, L. Cui, M. Sugiyama. Transactions on Machine Learning Research (TMLR 2022)[2] Adversarial Training with Complementary Labels: On the Benefit of Gradually Informative Attacks. J. Zhou, J. Zhou, J. Zhang*, T. Liu, G. Niu, B. Han, M. Sugiyama. 36th Annual Conference on Neural Information Processing Systems (NeurIPS 2022)[3] Synergy-of-Experts: Collaborate to Improve Adversarial Robustness. S. Cui, J. Zhang*, J. Liang, B. Han, M. Sugiyama, C. Zhang. 36th Annual Conference on Neural Information Processing Systems (NeurIPS 2022)

人工智能算法可能会被恶意愚弄，这迫切需要在安全关键应用中开发恶意健壮的学习算法。另一方面，学习人工智能算法通常需要大量高质量的数据，这是昂贵的，有时甚至是不现实的，因此在学习阶段不可避免地存在不完美的(例如，噪声标签或有毒的)数据。在2022财年，我们在JSPS KAKENHI Grant的支持下开发了相对健壮的学习算法，它可以处理不完美的训练集，包括噪声标签[1]和互补标签[2]。此外，我们还利用了具有多个模型的协作方案来进一步提高对手攻击的健壮性[3]。我们的研究成果已经发表在备受瞩目的机器学习会议和期刊上。[1]NoiLin：改进对抗性训练，纠正对嘈杂标签的刻板印象。首页--期刊主要分类--期刊细介绍，期刊题录与文摘--期刊详细文摘内容机器学习研究汇刊(TMLR 2022)[2]具有补充标签的对抗性训练：关于逐渐提供信息的攻击的好处。周军，周军，张军*，刘涛，牛刚，韩斌，杉山。第36届神经信息处理系统年会(NeurIPS 2022)[3]专家协作：合作提高对手的稳健性。崔世安，张军*，梁军，韩斌，杉山，张振中。第36届神经信息处理系统年会(NeurIPS 2022)

项目成果

University of Melbourn(オーストラリア)

墨尔本大学（澳大利亚）

Bilateral Dependency Optimization: Defending Against Model-inversion Attacks

• DOI: 10.1145/3534678.3539376
• 发表时间: 2022-06
• 期刊: Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining
• 作者: Xiong Peng;Feng Liu;Jingfeng Zhang;Long Lan;Junjie Ye-;Tongliang Liu;Bo Han

Synergy-of-Experts: Collaborate to Improve Adversarial Robustness

• 发表时间: 2022
• 作者: Sen Cui;Jingfeng Zhang;Jian Liang;Bo Han;Masashi Sugiyama;Changshui Zhang

Tsinghua University/HongKong Baptist University(中国)

清华大学/香港浸会大学（中国）

NoiLin: Improving adversarial training and correcting stereotype of noisy labels

• 发表时间: 2021-05
• 期刊: Trans. Mach. Learn. Res.
• 作者: Jingfeng Zhang;Xilie Xu;Bo Han;Tongliang Liu;Gang Niu;Li-zhen Cui;Masashi Sugiyama