Home
Event

PhD defence of Marine Picot - Protecting Deep Learning Systems Against Attacks: Enhancing Adversarial Robustness and Detection

Tuesday, March 7, 2023 10:00to12:00
James Administration Building 301, 845 rue Sherbrooke Ouest, Montreal, QC, H3A 2t5, CA

Abstract


Over the last decade, Deep Learning has been the source of breakthroughs in many different fields, such as Natural Language Processing, Computer Vision, and Speech Recognition. However, Deep Learning-based models have now been recognized to be extremely sensitive to perturbations, especially when the perturbation is well-designed and generated by a malicious agent. This weakness of Deep Neural Networks tends to prevent their use in critical applications, where sensitive information is available, or when the system interacts directly with people's everyday life. In this thesis, we focus on protecting Deep Neural Networks against malicious agents in two main ways.
The first method aims at protecting a model from attacks by increasing its robustness, i.e., the ability of the model to predict the right class even under threats. We observe that the output of a Deep Neural Network forms a statistical manifold and that the decision is taken on this manifold. We leverage this knowledge by using the Fisher-Rao measure, which computes the geodesic distance between two probability distributions on the statistical manifold to which they belong. We exploit the Fisher-Rao measure to regularize the training loss to increase the model robustness. We then adapt this method to another critical application: the Smart Grids, which, due to monitoring and various service needs, rely on cyber components, such as a state estimator, making them sensitive to attacks. We, therefore, build robust state estimators using Variational AutoEncoders and the extension of our proposed method to the regression case.
The second method we focus on that intends to protect Deep-Learning-based models is the detection of adversarial samples. By augmenting the model with a detector, it is possible to increase the reliability of decisions made by Deep Neural Networks. Multiple detection methods are available nowadays but often rely on heavy training and ad-hoc heuristics. In our work, we make use of a simple statistical tool called the data-depth to build efficient supervised (i.e., attacks are provided during training) and unsupervised (i.e., training can only rely on clean samples) detection methods.

Marine Picot

Marine Picot is a PhD candidate at Université Paris Saclay (UPS), France, and at McGill University, Canada, supervised by Prof. Pablo Piantanida and Prof. Fabrice Labeau. She graduated from Ecole Normale Supérieure de Cachan, France, in electrical engineering and received a MSc in wireless communication from Université Paris Saclay. Her research interests include Machine Learning, Information Theory, the reliability of Neural Networks, and their application to Computer Vision and Smart Grids.

Contact Information

Contact: 
Ashley Araneta
Email: 
grad.ece [at] mcgill.ca
Office Phone: 
514-398-7344
Category: 
Tags: 
Faculty
graduate research
Graduate Students
PhD defence
Staff
Students
Mon, 03/06/2023 - 16:33
Source Site: 
/ece
Back to top