Adversarial Robustness of Deep Neural Networks - overview
Deep neural networks (DNNs) are achieving state-of-the-art accuracy on a wide range of cognitive tasks, including object recognition and natural language processing. However, DNNs have been shown to be vulnerable to adversarial examples — malicious inputs crafted by adversaries to induce erroneous outputs in the trained model that run counter to human interpretation. This is of concern in sensitive and safety-critical applications such as healthcare or autonomous vehicles.
The scope of this internship is to investigate the vulnerability of DNNs with respect to adversarial inputs and develop principled methods for assessing and improving their robustness. This could include the proposal of new measures relating to properties of DNNs, geometric measures of decision boundaries, as well as the development of new, robust training procedures.
Upon successful completion, this internship will have helped to develop principled methodologies that advance the understanding of adversarial robustness in particular and of DNNs in general; it will have demonstrated the effectiveness of that methodology by systematic experimental evaluation; and it will have led to a prototype implementation demonstrating how the adversarial robustness of DNNs can be assessed and improved in a real-world setting.
- Working knowledge in deep neural networks and applications such as image or text classification.
- Strong Python programming skills
- Experience of working with deep learning libraries, e.g. TensorFlow, Pytorch, Keras
- Solid understanding of mathematical concepts such as probabilities, statistics and linear algebra.