ºÚÁÏÍø

Events

Public defence in Computer Science, M.Sc. Blerta Lindqvist

Public defences
Improving Classifier Robustness - A Study on Adversarial Robustness in Modern Classifiers

Public defence from the Aalto University School of Science, Department of Computer Science.
Doctoral hat floating above a speaker's podium with a microphone.

When

Where

A Grid
A208d

Event language(s)

English

Title of the thesis: Improving Classifier Robustness - A Study on Adversarial Robustness in Modern Classifiers

Thesis defender: Blerta Lindqvist
Opponent: Professor Wade Trappe, Rutgers University, USA
Custos: Professor Antti Yli-Jääski, Aalto University School of Science

Machine learning classifiers are the state-of-the-art in classification and increasingly deployed in domains where safety and security are critical. Such domains include banking, autonomous driving, malware detection, and cancer detection. Unlike humans, machine learning classifiers can be easily fooled by attacks that perturb samples slightly to cause misclassifications. The use of vulnerable machine learning classifiers in domains without much room for error is concerning for those that rely on classifier outputs.

In this thesis, we aim for an overarching goal of increasing machine learning classifier robustness. We investigated the use of symmetry to defend against adversarial perturbation attacks in different types of classifiers against adversaries with and without knowledge of the defense. In addition, we investigated how to increase classifier adversarial robustness and generalization by increasing classifier function smoothness, which is known to be closely related to generalization and robustness. Furthermore, we also explored the increasing of classifier generalization using regression-based features that capture mutual information among standard features.

As a result, we show that adversarial perturbation attacks can be countered in neural networks using symmetry. We also show that the symmetry defense can be applied to decision trees, after showing that these trees also lack invariance with respect to symmetries. 
We find that additional training samples decrease adversarial robustness in decision trees, which is contrary to conventional wisdom. We explain why this happens in decision trees.

Keywords: Adversarial perturbation defense, Symmetry, CNN adversarial robustness

Contact information: blerta.lindqvist@aalto.fi and  

Thesis available for public display 7 days prior to the defence at . 

Doctoral theses of the School of Science

A large white 'A!' sculpture on the rooftop of the Undergraduate centre. A large tree and other buildings in the background.

Doctoral theses of the School of Science are available in the open access repository maintained by Aalto, Aaltodoc.

Piece of code on the computer screen, colourful text

Science-IT

Infrastructure for high-level computational research.

Services
Zoom Quick Guide
To the guide
  • Updated:
  • Published:
Share
URL copied!