讲座名称:The Insecurity of Machine Learning: Problems and Solutions
讲座时间:2019-10-23 14:20:00
讲座地点:南校区办公楼210报告厅
讲座人:阿迪·萨莫尔
讲座人介绍:
Adi Shamir教授是当前著名的密码学专家,以色列魏兹曼科学研究所教授,美国外籍科学院院士,现代密码学奠基人之一。2002年,与R. L. Rivest、L. M. Adleman共同获得了第三十七届图灵奖。Adi Shamir教授在密码学领域做出了杰出贡献:与R. L.Rivest、L. M. Adleman设计了著名的公钥密码体制RSA;首次提出基于身份的密码体制和门限签名方案的思想;首次破解Merkle-Hellman背包密码体制并首次提出RSA公钥密码体制部分信息泄露下的分析;此外,他在侧信道攻击、多变元公钥密码体制分析和对称密码分析等方面,都做出了多项原创性工作。Adi Shamir教授曾获得Israel Prize(以色列国家最高奖),Paris Kanellakis Theory and Practice Award、Erdős Prize、IEEE W.R.G. Baker Prize、UAP Science Prize、PIUS XI Gold Medal、IEEE Koji Kobayashi Computers and Communications Award等。
讲座内容:
The development of deep neural networks in the last decade had revolutionized machine learning and led to major improvements in the precision with which we can perform many computational tasks. However, the discovery five years ago of adversarial examples in which tiny changes in the input can fool well trained neural networks makes it difficult to trust such results when the input can be manipulated by an adversary. This problem has many applications and implications in object recognition, autonomous driving, cyber security, etc, but it is still far from being understood. In particular, there had been no convincing explanations why such adversarial examples exist, and which parameters determine the number of input coordinates one has to change in order to mislead the network. In this talk I will describe a simple mathematical framework which enables us to think about this problem from a fresh perspective, turning the existence of adversarial examples in deep neural networks from a baffling phenomenon into an unavoidable consequence of the geometry of R^n under the Hamming distance, which can be quantitatively analyzed.
主办单位:计算机科学与技术学院