Tuesday, September 14, 2021 - 09:00 to 10:30
SCHOOL OF COMPUTER SCIENCE
The School of Computer Science is pleased to present…
MSc Thesis Proposal by: Chris Khalil
Date: Tuesday September 14, 2021
Time: 09:00am to 10:30am
Meeting URL: https://us06web.zoom.us/j/84874781626?from=addon
Passcode: If interested in attending this event, contact the Graduate Secretary days in advance of the event at csgradinfo@uwindsor.ca
Abstract:
In this research we discuss the weakness of machine learning algorithms in particular machine learning vulnerability to adversarial attacks. An adversarial attack is a cyber-attack in the form of modified input to a machine learning algorithm that has been carefully computed to be misclassified by machine learning algorithms. In a lot of cases of adversarial attacks, the modified input is indistinguishable to a human observer from the original input. We also suggest a defense based on Two Precision input discretization. We show that models with Two Precision input discretization consistently have higher accuracy on adversarial examples, without decreasing generalization. State-of-the-art accuracy under the strongest known white-box attack was increased from 93.20% to 94.30% on MNIST and 50.00% to 79.16% on CIFAR-10.
Keywords: CNN, adversarial attack, discretization, linearity
MSc Thesis Committee:
Internal Reader: Dr Sherif Saad
External Reader: Dr. Mohammad Hassanzadeh
Advisor: Dr. Alioune Ngom
MSc Thesis Proposal Announcement
5113 Lambton Tower 401 Sunset Ave. Windsor ON, N9B 3P4 (519) 253-3000 Ext. 3716 csgradinfo@uwindsor.ca (working remotely)