학술행사
- 발표자 김자광 박사(PIMS, UBC)
- 개최일시 2023-12-07 11:00-13:00
- 장소 국가수리과학연구소 산업수학혁신센터(판교)
-
일시: 2023년 12월 7일(목), 11:00-13:00
-
장소: 판교 테크노밸리 산업수학혁신센터 세미나실
- 경기 성남시 수정구 대왕판교로 815, 기업지원허브 231호 국가수리과학연구소
- 무료주차는 2시간 지원됩니다.
-
발표자: 김자광 박사(PIMS, UBC)
-
주요내용: Understanding adversarial robustness via optimal transport perspective: theory and numeric
In this talk, I will present the recent progress of understanding adversarial multiclass classification problems, motivated by the empirical observation of the sensitivity of neural networks by small adversarial attacks. Based on 'distributional robust optimization' framework, we obtain reformulations of adversarial training problem: 'generalized barycenter problem' and a family of multimarginal optimal transport problems. These new theoretical results reveal a rich geometric structure of adversarial training problems in multiclass classification and extend recent results restricted to the binary classification setting. From this optimal transport perspective understanding, we prove the existence of robust classifiers by using the duality of the reformulations. Furthermore, based on these optimal transport reformulations, we provide two efficient approximate methods which provide a lower bound of the optimal adversarial risk. The basic idea is the truncation of effective interactions between classes: with small adversarial budget, high-order interactions(high-order barycenters) disappear, which helps consider only lower order tensor computations.
*유튜브 스트리밍 예정입니다.
-
일시: 2023년 12월 7일(목), 11:00-13:00
-
장소: 판교 테크노밸리 산업수학혁신센터 세미나실
- 경기 성남시 수정구 대왕판교로 815, 기업지원허브 231호 국가수리과학연구소
- 무료주차는 2시간 지원됩니다.
-
발표자: 김자광 박사(PIMS, UBC)
-
주요내용: Understanding adversarial robustness via optimal transport perspective: theory and numeric
In this talk, I will present the recent progress of understanding adversarial multiclass classification problems, motivated by the empirical observation of the sensitivity of neural networks by small adversarial attacks. Based on 'distributional robust optimization' framework, we obtain reformulations of adversarial training problem: 'generalized barycenter problem' and a family of multimarginal optimal transport problems. These new theoretical results reveal a rich geometric structure of adversarial training problems in multiclass classification and extend recent results restricted to the binary classification setting. From this optimal transport perspective understanding, we prove the existence of robust classifiers by using the duality of the reformulations. Furthermore, based on these optimal transport reformulations, we provide two efficient approximate methods which provide a lower bound of the optimal adversarial risk. The basic idea is the truncation of effective interactions between classes: with small adversarial budget, high-order interactions(high-order barycenters) disappear, which helps consider only lower order tensor computations.
