Bachelor and Master Theses

To apply for conducting this thesis, please contact the thesis supervisor(s).
Title: Geometry-Aware Synthetic Data Optimization to Achieve better Accuracy vs Robustness Trade-Off
Subject: Computer science, Applied Artificial Intelligence
Level: Advanced
Description:

Overall Description

By adding invisible noise to natural data, adversarial data can readily fool standard-trained deep models, leading to security vulnerabilities in applications such as autonomous driving. A wide range of defence techniques, such as adversarial training (AT), have been proposed to mitigate the adversarial susceptibility of DNNs. However, the AT methods increases the robustness of DNNs, albeit at a significant loss in accuracy and prone to robust over-fitting. Therefore, it has been debated whether robustness and accuracy have a trade-off. Despite these recent advancements, closing the large gap between accuracy and robustness still remains an open challenge. This work aims to take a step towards investigating and improving the trade-off mentioned above and prevent the model to robust over-fitting. To achieve this, we focus on the significance of data in adversarial training. Our hypothesis is that the data points are not equally important in adversarial training. Then, based on the geometry of the DNN’s decision boundary, we proposed a novel method to obtain some valuable synthetic data and incorporate them into adversarial training to enhance the trade-off between accuracy and robustness.

Background

In many safety-critical applications such as autonomous driving, robustness against adversarial examples is a critical metric. The primary method for increasing the robustness of the model is adversarial training. However, there are two main issues with AT: (i) standard accuracy drop and (ii) robust over-fitting To address the first problem, a trade-off between standard accuracy and the robustness of DNN models has been introduced. The robust over-fitting issue in adversarial training is directly related to the significance of data points in adversarial training. Data points are not equally weighted in adversarial training because of the geometry of the DNN’s decision boundary. In the other direction, there are some approaches that generate a small set of synthetic data given a deep learning model and a dataset that performs almost as well as the original dataset [4]. These methods focus on learning to synthesize informative samples that are optimized to train neural networks. In order to address the problems mentioned above, this proposal suggests a novel Geometry-Aware Synthetic Data Optimization framework (GASDO) to improve the accuracy vs robustness trade-off.

Goal and Objectives

The primary objective of this research is as follows:

  1. Analyzing the function of the data points to establish a trade-off between accuracy and robustness and avoid robust over-fitting
  2. Create a novel learning process based on the decision boundary’s geometry to produce synthetic data that enhances the trade-off between accuracy and robustness.
Start date:
End date:
Prerequisites:
  1. Capability of reading scientific literature.
  2. Knowledge of Python. 
  3. Familiarity with Machine learning. 
IDT supervisors: Hamid Mousavi
Examiner: Masoud Daneshtalab
Comments:
Company contact:

This is a collaborative thesis between MDU and Zenseact AB.