TY - JOUR
TI - Automatic differentiation in machine learning: a survey
AU - Baydin, Atilim Gunes
AU - Pearlmutter, Barak A.
AU - Radul, Alexey Andreyevich
AU - Siskind, Jeffrey Mark
T2 - arXiv:1502.05767 [cs, stat]
AB - Derivatives, mostly in the form of gradients and Hessians, are ubiquitous in machine learning. Automatic differentiation (AD), also called algorithmic differentiation or simply "autodiff", is a family of techniques similar to but more general than backpropagation for efficiently and accurately evaluating derivatives of numeric functions expressed as computer programs. AD is a small but established field with applications in areas including computational fluid dynamics, atmospheric sciences, and engineering design optimization. Until very recently, the fields of machine learning and AD have largely been unaware of each other and, in some cases, have independently discovered each other's results. Despite its relevance, general-purpose AD has been missing from the machine learning toolbox, a situation slowly changing with its ongoing adoption under the names "dynamic computational graphs" and "differentiable programming". We survey the intersection of AD and machine learning, cover applications where AD has direct relevance, and address the main implementation techniques. By precisely defining the main differentiation techniques and their interrelationships, we aim to bring clarity to the usage of the terms "autodiff", "automatic differentiation", and "symbolic differentiation" as these are encountered more and more in machine learning settings.
DA - 2018/02/05/
PY - 2018
DP - arXiv.org
ST - Automatic differentiation in machine learning
UR - http://arxiv.org/abs/1502.05767
Y2 - 2019/11/22/22:28:45
KW - Automatic differentiation
KW - Classical ML
KW - Differentiation
KW - Machine learning
ER -
TY - JOUR
TI - Adversarial Patch
AU - Brown, Tom B.
AU - Mané, Dandelion
AU - Roy, Aurko
AU - Abadi, Martín
AU - Gilmer, Justin
T2 - arXiv:1712.09665 [cs]
AB - We present a method to create universal, robust, targeted adversarial image patches in the real world. The patches are universal because they can be used to attack any scene, robust because they work under a wide variety of transformations, and targeted because they can cause a classifier to output any target class. These adversarial patches can be printed, added to any scene, photographed, and presented to image classifiers; even when the patches are small, they cause the classifiers to ignore the other items in the scene and report a chosen target class. To reproduce the results from the paper, our code is available at https://github.com/tensorflow/cleverhans/tree/master/examples/adversarial_patch
DA - 2018/05/16/
PY - 2018
DP - arXiv.org
UR - http://arxiv.org/abs/1712.09665
Y2 - 2019/11/23/14:10:12
KW - Adversarial attacks
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - Robust Physical-World Attacks on Deep Learning Models
AU - Eykholt, Kevin
AU - Evtimov, Ivan
AU - Fernandes, Earlence
AU - Li, Bo
AU - Rahmati, Amir
AU - Xiao, Chaowei
AU - Prakash, Atul
AU - Kohno, Tadayoshi
AU - Song, Dawn
T2 - arXiv:1707.08945 [cs]
AB - Recent studies show that the state-of-the-art deep neural networks (DNNs) are vulnerable to adversarial examples, resulting from small-magnitude perturbations added to the input. Given that that emerging physical systems are using DNNs in safety-critical situations, adversarial examples could mislead these systems and cause dangerous situations.Therefore, understanding adversarial examples in the physical world is an important step towards developing resilient learning algorithms. We propose a general attack algorithm,Robust Physical Perturbations (RP2), to generate robust visual adversarial perturbations under different physical conditions. Using the real-world case of road sign classification, we show that adversarial examples generated using RP2 achieve high targeted misclassification rates against standard-architecture road sign classifiers in the physical world under various environmental conditions, including viewpoints. Due to the current lack of a standardized testing method, we propose a two-stage evaluation methodology for robust physical adversarial examples consisting of lab and field tests. Using this methodology, we evaluate the efficacy of physical adversarial manipulations on real objects. Witha perturbation in the form of only black and white stickers,we attack a real stop sign, causing targeted misclassification in 100% of the images obtained in lab settings, and in 84.8%of the captured video frames obtained on a moving vehicle(field test) for the target classifier.
DA - 2018/04/10/
PY - 2018
DP - arXiv.org
UR - http://arxiv.org/abs/1707.08945
Y2 - 2019/11/23/14:08:00
KW - Adversarial attacks
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - Probabilistic machine learning and artificial intelligence
AU - Ghahramani, Zoubin
T2 - Nature
DA - 2015/05//
PY - 2015
DO - 10/gdxwhq
DP - Crossref
VL - 521
IS - 7553
SP - 452
EP - 459
LA - en
SN - 0028-0836, 1476-4687
UR - http://www.nature.com/articles/nature14541
Y2 - 2019/11/28/12:16:49
KW - Bayesian inference
KW - Classical ML
KW - Machine learning
KW - Probabilistic programming
ER -
TY - JOUR
TI - Generative Adversarial Networks
AU - Goodfellow, Ian J.
AU - Pouget-Abadie, Jean
AU - Mirza, Mehdi
AU - Xu, Bing
AU - Warde-Farley, David
AU - Ozair, Sherjil
AU - Courville, Aaron
AU - Bengio, Yoshua
T2 - arXiv:1406.2661 [cs, stat]
AB - We propose a new framework for estimating generative models via an adversarial process, in which we simultaneously train two models: a generative model G that captures the data distribution, and a discriminative model D that estimates the probability that a sample came from the training data rather than G. The training procedure for G is to maximize the probability of D making a mistake. This framework corresponds to a minimax two-player game. In the space of arbitrary functions G and D, a unique solution exists, with G recovering the training data distribution and D equal to 1/2 everywhere. In the case where G and D are defined by multilayer perceptrons, the entire system can be trained with backpropagation. There is no need for any Markov chains or unrolled approximate inference networks during either training or generation of samples. Experiments demonstrate the potential of the framework through qualitative and quantitative evaluation of the generated samples.
DA - 2014/06/10/
PY - 2014
DP - arXiv.org
UR - http://arxiv.org/abs/1406.2661
Y2 - 2019/11/28/11:44:28
KW - Adversarial attacks
KW - Classical ML
KW - Implementation
KW - Machine learning
ER -
TY - JOUR
TI - Explaining and Harnessing Adversarial Examples
AU - Goodfellow, Ian J.
AU - Shlens, Jonathon
AU - Szegedy, Christian
T2 - arXiv:1412.6572 [cs, stat]
AB - Several machine learning models, including neural networks, consistently misclassify adversarial examples---inputs formed by applying small but intentionally worst-case perturbations to examples from the dataset, such that the perturbed input results in the model outputting an incorrect answer with high confidence. Early attempts at explaining this phenomenon focused on nonlinearity and overfitting. We argue instead that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature. This explanation is supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets. Moreover, this view yields a simple and fast method of generating adversarial examples. Using this approach to provide examples for adversarial training, we reduce the test set error of a maxout network on the MNIST dataset.
DA - 2015/03/20/
PY - 2015
DP - arXiv.org
UR - http://arxiv.org/abs/1412.6572
Y2 - 2019/11/23/14:10:23
KW - Adversarial attacks
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - Neural Turing Machines
AU - Graves, Alex
AU - Wayne, Greg
AU - Danihelka, Ivo
T2 - arXiv:1410.5401 [cs]
AB - We extend the capabilities of neural networks by coupling them to external memory resources, which they can interact with by attentional processes. The combined system is analogous to a Turing Machine or Von Neumann architecture but is differentiable end-to-end, allowing it to be efficiently trained with gradient descent. Preliminary results demonstrate that Neural Turing Machines can infer simple algorithms such as copying, sorting, and associative recall from input and output examples.
DA - 2014/12/10/
PY - 2014
DP - arXiv.org
UR - http://arxiv.org/abs/1410.5401
Y2 - 2019/11/21/21:09:35
KW - Abstract machines
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - A Tutorial on Learning With Bayesian Networks
AU - Heckerman, David
AB - A Bayesian network is a graphical model that encodes probabilistic relationships among variables of interest. When used in conjunction with statistical techniques, the graphical model has several advantages for data analysis. One, because the model encodes dependencies among all variables, it readily handles situations where some data entries are missing. Two, a Bayesian network can …
DA - 1995/03/01/
PY - 1995
DP - www.microsoft.com
LA - en-US
UR - https://www.microsoft.com/en-us/research/publication/a-tutorial-on-learning-with-bayesian-networks/
Y2 - 2019/11/22/19:09:15
KW - Bayesianism
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - Adversarial examples in the physical world
AU - Kurakin, Alexey
AU - Goodfellow, Ian
AU - Bengio, Samy
T2 - arXiv:1607.02533 [cs, stat]
AB - Most existing machine learning classifiers are highly vulnerable to adversarial examples. An adversarial example is a sample of input data which has been modified very slightly in a way that is intended to cause a machine learning classifier to misclassify it. In many cases, these modifications can be so subtle that a human observer does not even notice the modification at all, yet the classifier still makes a mistake. Adversarial examples pose security concerns because they could be used to perform an attack on machine learning systems, even if the adversary has no access to the underlying model. Up to now, all previous work have assumed a threat model in which the adversary can feed data directly into the machine learning classifier. This is not always the case for systems operating in the physical world, for example those which are using signals from cameras and other sensors as an input. This paper shows that even in such physical world scenarios, machine learning systems are vulnerable to adversarial examples. We demonstrate this by feeding adversarial images obtained from cell-phone camera to an ImageNet Inception classifier and measuring the classification accuracy of the system. We find that a large fraction of adversarial examples are classified incorrectly even when perceived through the camera.
DA - 2017/02/10/
PY - 2017
DP - arXiv.org
UR - http://arxiv.org/abs/1607.02533
Y2 - 2019/11/23/14:08:43
KW - Adversarial attacks
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - Attention and Augmented Recurrent Neural Networks
AU - Olah, Chris
AU - Carter, Shan
T2 - Distill
AB - A visual overview of neural attention, and the powerful extensions of neural networks being built on top of it.
DA - 2016/09/08/
PY - 2016
DO - 10/gf33sg
DP - distill.pub
VL - 1
IS - 9
SP - e1
J2 - Distill
LA - en
SN - 2476-0757
UR - http://distill.pub/2016/augmented-rnns
Y2 - 2019/11/22/20:09:48
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - Why does Deep Learning work? - A perspective from Group Theory
AU - Paul, Arnab
AU - Venkatasubramanian, Suresh
T2 - arXiv:1412.6621 [cs, stat]
AB - Why does Deep Learning work? What representations does it capture? How do higher-order representations emerge? We study these questions from the perspective of group theory, thereby opening a new approach towards a theory of Deep learning. One factor behind the recent resurgence of the subject is a key algorithmic step called pre-training: first search for a good generative model for the input samples, and repeat the process one layer at a time. We show deeper implications of this simple principle, by establishing a connection with the interplay of orbits and stabilizers of group actions. Although the neural networks themselves may not form groups, we show the existence of {\em shadow} groups whose elements serve as close approximations. Over the shadow groups, the pre-training step, originally introduced as a mechanism to better initialize a network, becomes equivalent to a search for features with minimal orbits. Intuitively, these features are in a way the {\em simplest}. Which explains why a deep learning network learns simple features first. Next, we show how the same principle, when repeated in the deeper layers, can capture higher order representations, and why representation complexity increases as the layers get deeper.
DA - 2015/02/28/
PY - 2015
DP - arXiv.org
ST - Why does Deep Learning work?
UR - http://arxiv.org/abs/1412.6621
Y2 - 2019/11/22/17:38:08
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - On the Computational Power of Neural Nets
AU - Siegelmann, H. T.
AU - Sontag, E. D.
T2 - Journal of Computer and System Sciences
AB - This paper deals with finite size networks which consist of interconnections of synchronously evolving processors. Each processor updates its state by applying a "sigmoidal" function to a linear combination of the previous states of all units. We prove that one may simulate all Turing machines by such nets. In particular, one can simulate any multi-stack Turing machine in real time, and there is a net made up of 886 processors which computes a universal partial-recursive function. Products (high order nets) are not required, contrary to what had been stated in the literature. Non-deterministic Turing machines can be simulated by non-deterministic rational nets, also in real time. The simulation result has many consequences regarding the decidability, or more generally the complexity, of questions about recursive nets.
DA - 1995/02/01/
PY - 1995
DO - 10/dvwtc3
DP - ScienceDirect
VL - 50
IS - 1
SP - 132
EP - 150
J2 - Journal of Computer and System Sciences
LA - en
SN - 0022-0000
UR - http://www.sciencedirect.com/science/article/pii/S0022000085710136
Y2 - 2019/11/28/17:50:06
KW - Classical ML
KW - Machine learning
ER -
TY - JOUR
TI - Understanding deep learning requires rethinking generalization
AU - Zhang, Chiyuan
AU - Bengio, Samy
AU - Hardt, Moritz
AU - Recht, Benjamin
AU - Vinyals, Oriol
T2 - arXiv:1611.03530 [cs]
AB - Despite their massive size, successful deep artificial neural networks can exhibit a remarkably small difference between training and test performance. Conventional wisdom attributes small generalization error either to properties of the model family, or to the regularization techniques used during training. Through extensive systematic experiments, we show how these traditional approaches fail to explain why large neural networks generalize well in practice. Specifically, our experiments establish that state-of-the-art convolutional networks for image classification trained with stochastic gradient methods easily fit a random labeling of the training data. This phenomenon is qualitatively unaffected by explicit regularization, and occurs even if we replace the true images by completely unstructured random noise. We corroborate these experimental findings with a theoretical construction showing that simple depth two neural networks already have perfect finite sample expressivity as soon as the number of parameters exceeds the number of data points as it usually does in practice. We interpret our experimental findings by comparison with traditional models.
DA - 2017/02/26/
PY - 2017
DP - arXiv.org
UR - http://arxiv.org/abs/1611.03530
Y2 - 2019/11/22/20:11:42
KW - Classical ML
KW - Machine learning
ER -