2024 Q1

Research Team Status

  • Names of researchers and position 
  • Michael Mahoney PI; Ben Erichson SP; Serge Egelman SP
     
  • Any new collaborations with other universities/researchers?
  • No

Project Goals

  • What is the current project goal?
  • Our current focus is on developing strong data augmentation schemes for training more robust image classification models. Specifically, we are concerned with robustness with respect to common corruption and adversarial examples.
     
  • How does the current goal factor into the long-term goal of the project?
  • Developing robust training methods will enable us to train models with various degrees of robustness which then can be used to evaluate our AI safety metrics.

Accomplishments

  • Address whether project milestones were met. If milestones were not met, explain why, and what are the next steps.
  • We met the first milestone on subtask 1.2: Noisy Vicinal Risk Minimization. We demonstrated that our proposed NoisyMix scheme improve robustness with respect to a range of common corruptions. The technical paper has been accepted in AISTATS 2024.
     
  • What is the contribution to foundational cybersecurity research? Was there something discovered or confirmed?
  • Current robust training schemes feature a trade-off between robustness for common corruption and adversarial examples. The reason is that robust adversarial training methods remove high-frequency features from the weights, while strong data augmentations aim to remove low-frequency features. This results in adversarial trained models being more sensitive to common corruptions, and vice versa. Our NoisyMix method shows that it is possible to improve both robustness to common corruptions and adversarial examples, though the robustness to adversarial examples is not as strong as a fully adversarial trained model.
     
  • Impact of research
    • Internal to the university (coursework/curriculum)
    • No
    • External to the university (transition to industry/government (local/federal); patents, start-ups, software, etc.)
    • No
    • Any acknowledgements, awards, or references in media?
    • No

 

Publications and presentations

  • Add publication reference in the publications section below. An authors copy or final should be added in the report file(s) section. This is for NSA's review only.

  • Erichson, N. Benjamin, et al. "Boosting Model Robustness to Common Corruptions with Noisy Data Augmentations." Accepted at International Conference on Artificial Intelligence and Statistics (2024).

     

  • Optionally, upload technical presentation slides that may go into greater detail. For NSA's review only.

  • No

     

Lead PI:
Michael Mahoney
Co-Pi(s):
N. Benjamin Erichson
Serge Egelman