| Garciarena U, Santana R and Mendiburu A (2020), "EvoFlow: A Python library for evolving deep neural network architectures in tensorflow", In Proceedings of the 2020 IEEE Symposium Series on Computational Intelligence (SSCI-2020). Camberra, Australia , pp. 2288-2295.
[Abstract] [BibTeX] [URL]
|
| Abstract: Neuroevolutionary algorithms are one of most effective and extensively applied methods for neural architecture search. While several neuroevolutionary approaches have been proposed, the availability of software that allows a fast development of code to solve problems and test research questions is limited. In this paper we introduce EvoFlow, a Python library for evolving shallow and deep neural network (DNN) architectures. EvoFlow optimizes network structures for DNNs implemented in tensorflow. Single and multi-component DNN architectures are represented by means of descriptors, and the instantiation of the network occurs in the evaluation of the architecture. Genetic operators work by modifying the descriptors. We show how EvoFlow allows efficient architecture optimization of single-component DNNs, such as deep multi-layer perceptrons, but also of multi-component DNNs, such as generative adversarial nets. |
BibTeX:
@inproceedings{Garciarena_et_al:2020,
author = {Unai Garciarena and Roberto Santana and Alexander Mendiburu},
title = {EvoFlow: A Python library for evolving deep neural network architectures in tensorflow},
booktitle = {Proceedings of the 2020 IEEE Symposium Series on Computational Intelligence (SSCI-2020)},
year = {2020},
pages = {2288--2295},
url = {https://ieeexplore.ieee.org/document/9308214}
}
|
| Garciarena U, Mendiburu A and Santana R (2020), "Analysis of the transferability and robustness of GANs evolved for Pareto set approximations", Neural Networks. Vol. 132, pp. 281-296. Elsevier.
[Abstract] [BibTeX] [URL]
|
| Abstract: The generative adversarial network (GAN) is a good example of a strong-performing, neural network-based generative model, even though it does have some drawbacks of its own. Mode collapsing and the difficulty in finding the optimal network structure are two of the most concerning issues. In this paper, we address these two issues at the same time by proposing a neuro-evolutionary approach with an agile evaluation method for the fast evolution of robust deep architectures that avoid mode collapsing. The computation of Pareto set approximations with GANs is chosen as a suitable benchmark to evaluate the quality of our approach. Furthermore, we demonstrate the consistency, scalability, and generalization capabilities of the proposed method, which shows its potential applications to many areas. We finally readdress the issue of designing this kind of models by analyzing the characteristics of the best performing GAN specifications, and conclude with a set of general guidelines. This results in a reduction of the many-dimensional problem of structural manual design or automated search. |
BibTeX:
@article{Garciarena_et_al:2020a,
author = {Garciarena, Unai and Mendiburu, Alexander and Santana, Roberto},
title = {Analysis of the transferability and robustness of GANs evolved for Pareto set approximations},
journal = {Neural Networks},
publisher = {Elsevier},
year = {2020},
volume = {132},
pages = {281--296},
url = {https://www.sciencedirect.com/science/article/pii/S0893608020303269}
}
|
| Garciarena U, Mendiburu A and Santana R (2020), "Envisioning the Benefits of Back-Drive in Evolutionary Algorithms", In 2020 IEEE Congress on Evolutionary Computation (CEC). , pp. 1-8.
[Abstract] [BibTeX] [URL]
|
| Abstract: Reliable deployment of machine learning models such as neural networks continues to be challenging due to several limitations. Some of the main shortcomings are the lack of interpretability and the lack of robustness against adversarial examples or out-of-distribution inputs. In this paper, we explore the possibilities and limits of adversarial attacks for explainable machine learning models. First, we extend the notion of adversarial examples to fit in explainable machine learning scenarios, in which the inputs, the output classifications and the explanations of the model's decisions are assessed by humans. Next, we propose a comprehensive framework to study whether (and how) adversarial examples can be generated for explainable models under human assessment, introducing novel attack paradigms. In particular, our framework considers a wide range of relevant (yet often ignored) factors such as the type of problem, the user expertise or the objective of the explanations in order to identify the attack strategies that should be adopted in each scenario to successfully deceive the model (and the human). These contributions intend to serve as a basis for a more rigorous and realistic study of adversarial examples in the field of explainable machine learning. |
BibTeX:
@inproceedings{Garciarena_et_al:2020b,
author = {Garciarena, Unai and Mendiburu, Alexander and Santana, Roberto},
title = {Envisioning the Benefits of Back-Drive in Evolutionary Algorithms},
booktitle = {2020 IEEE Congress on Evolutionary Computation (CEC)},
year = {2020},
pages = {1--8},
url = {https://arxiv.org/abs/2107.01943}
}
|
| Garciarena U, Mendiburu A and Santana R (2020), "Automatic Structural Search for Multi-task Learning VALPs", In International Conference on Optimization and Learning. , pp. 25-36.
[Abstract] [BibTeX] [URL]
|
| Abstract: The neural network research field is still producing novel and improved models which continuously outperform their predecessors. However, a large portion of the best-performing architectures are still fully hand-engineered by experts. Recently, methods that automatize the search for optimal structures have started to reach the level of state-of-the-art hand-crafted structures. Nevertheless, replacing the expert knowledge requires high efficiency from the search algorithm, and flexibility on the part of the model concept. This work proposes a set of model structure-modifying operators designed specifically for the VALP, a recently introduced multi-network model for heterogeneous multi-task problems. These modifiers are employed in a greedy multi-objective search algorithm which employs a non dominance-based acceptance criterion in order to test the viability of a structure-exploring method built on the operators. The results obtained from the experiments carried out in this work indicate that the modifiers can indeed form part of intelligent searches over the space of VALP structures, which encourages more research in this direction. |
BibTeX:
@inproceedings{Garciarena_et_al:2020c,
author = {Garciarena, Unai and Mendiburu, Alexander and Santana, Roberto},
title = {Automatic Structural Search for Multi-task Learning VALPs},
booktitle = {International Conference on Optimization and Learning},
year = {2020},
pages = {25--36},
url = {https://link.springer.com/chapter/10.1007/978-3-030-41913-4_3}
}
|
| Khargharia HS, Santana R, Shakya S, Ainslie R and Owusu G (2020), "Investigating RNNs for vehicle volume forecasting in service stations", In Proceedings of the 2020 IEEE Symposium Series on Computational Intelligence (SSCI-2020). Camberra, Australia , pp. 2625-2632.
[Abstract] [BibTeX] [URL]
|
| Abstract: Accurate forecasting of customer demand can be critical for increasing operational efficiency and augmenting customer satisfaction, particularly in scenarios that involve multiple service units. In this paper, we focus on the problem of predicting the volume of vehicles in a network of gas stations and conduct an exhaustive investigation of different classes of recurrent neural networks for this problem. Particularly, we investigate the tradeoff between the accuracy and the overall complexity of sets of RNNs that employ varying number of models. We compare higher granularity models, where an RNN is learned from a particular dataset, to more general models sets, where a single neural network is learned from different but related datasets. Our results show that creating less specific models that integrate information from different related problems can decrease the computational cost of model learning with only a small decrease in terms of model accuracy. |
BibTeX:
@inproceedings{Khargharia_et_al:2020,
author = {Khargharia, Himadri Sikhar and Santana, Roberto and Shakya, Siddhartha and Ainslie, Russell and Owusu, Gilbert},
title = {Investigating RNNs for vehicle volume forecasting in service stations},
booktitle = {Proceedings of the 2020 IEEE Symposium Series on Computational Intelligence (SSCI-2020)},
year = {2020},
pages = {2625--2632},
url = {https://ieeexplore.ieee.org/document/9308368}
}
|
| Lima RHR, Fontoura V, Pozo ATR, Mendiburu A and Santana R (2020), "A symmetric grammar approach for designing segmentation models", In 2020 IEEE Congress on Evolutionary Computation (CEC). , pp. 1-8.
[Abstract] [BibTeX] [URL]
|
| Abstract: Image segmentation is a relevant problem in computer vision present in multiple application domains. One of the most used methods for image segmentation is U-net, a type of convolutional network with additional constraints in its architecture. Studies regarding the U-net usually rely on well-known architectures, which leads to a narrow exploration of the possibilities, and possibly impacting the performance. Genetic Programming approaches have become increasingly popular for designing neural networks due to studies where the generated models were able to achieve results comparable to humans. These approaches can evolve the structure at different levels of abstraction, reducing the need for a specialist. In this paper, we propose the use of Grammatical Evolution for evolving U-net architectures. We propose a mirror grammar, which is capable of generating a variety of flexible U-nets that better explores the search space. We show that the proposed grammar can capture the complex constraints that define the U-nets and achieve comparable results in terms of accuracy, on a benchmark of segmentation problems of varying difficulty. |
BibTeX:
@inproceedings{Lima_et_al:2020,
author = {R. H. R. Lima and V. Fontoura and A. T. R. Pozo and A. Mendiburu and R. Santana},
title = {A symmetric grammar approach for designing segmentation models},
booktitle = {2020 IEEE Congress on Evolutionary Computation (CEC)},
year = {2020},
pages = {1--8},
url = {https://ieeexplore.ieee.org/abstract/document/9185760}
}
|
| Montenegro C, Santana R and Lozano JA (2020), "Transfer learning in hierarchical dialogue topic classification with neural networks", In Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN-2020). Glasgow, UK , pp. 1-8.
[Abstract] [BibTeX] [URL]
|
| Abstract: Knowledge transfer between tasks can significantly improve the efficiency of machine learning algorithms. In supervised natural language understanding problems, this sort of improvement is critical since the availability of labelled data is usually scarce. In this paper we address the question of transfer learning between related topic classification tasks. A characteristic of our problem is that the tasks have a hierarchical relationship. Therefore, we introduce and validate how to implement the transfer exploiting this hierarchical structure. Our results for a real-world topic classification task show that the transfer can produce improvements in the behavior of the classifiers for some particular problems. |
BibTeX:
@inproceedings{Montenegro_et_al:2020,
author = {C. Montenegro and R. Santana and J. A. Lozano},
title = {Transfer learning in hierarchical dialogue topic classification with neural networks},
booktitle = {Proceedings of the 2020 International Joint Conference on Neural Networks (IJCNN-2020)},
year = {2020},
pages = {1--8},
url = {https://ieeexplore.ieee.org/abstract/document/9206680}
}
|
| Murua M, Suárez A, Galar D, Santana R and Wretland A (2020), "Tool-Path Problem in Direct Energy Deposition Metal-Additive Manufacturing: Sequence Strategy Generation", IEEE Access. Vol. 8(9093820), pp. 91574-91585. IEEE Press.
[Abstract] [BibTeX] [URL]
|
| Abstract: The tool-path problem has been extensively studied in manufacturing technologies, as it has a considerable impact on production time. Additive manufacturing is one of these technologies; it takes time to fabricate parts, so the selection of optimal tool-paths is critical. This research analyzes the tool-path problem in the direct energy deposition technology; it introduces the main processes, and analyzes the characteristics of tool-path problem. It explains the approaches applied in the literature to solve the problem; as these are mainly geometric approximations, they are far from optimal. Based on this analysis, this paper introduces a mathematical framework for direct energy deposition and a novel problem called sequence strategy generation. Finally, it solves the problem using a benchmark for several different parts. The results reveal that the approach can be applied to parts with different characteristics, and the solution to the sequence strategy problem can be used to generate tool-paths. |
BibTeX:
@article{Murua_et_al:2020,
author = {M. Murua and A. Suárez and D. Galar and R. Santana and A. Wretland},
title = {Tool-Path Problem in Direct Energy Deposition Metal-Additive Manufacturing: Sequence Strategy Generation},
journal = {IEEE Access},
publisher = {IEEE Press},
year = {2020},
volume = {8},
number = {9093820},
pages = {91574-91585},
url = {https://ieeexplore.ieee.org/document/9093820}
}
|
| Murua M, Galar D and Santana R (2020), "Adaptation of a Branching Algorithm to Solve the Multi-Objective Hamiltonian Cycle Problem", In Operations Research Proceedings 2019. , pp. 231-237. Springer.
[Abstract] [BibTeX] [URL]
|
| Abstract: The Hamiltonian cycle problem (HCP) consists of finding a cycle of length N in an N-vertices graph. In this investigation, a graph G is considered with an associated set of matrices, in which each cell in the matrix corresponds to the weight of an arc. Thus, a multi-objective variant of the HCP is addressed and a Pareto set of solutions that minimizes the weights of the arcs for each objective is computed. To solve the HCP problem, the Branch-and-Fix algorithm is employed, a specific branching algorithm that uses the embedding of the problem in a particular stochastic process. To address the multi-objective HCP, the Branch-and-Fix algorithm is extended by computing different Hamiltonian cycles and fathoming the branches of the tree at earlier stages. The introduced anytime algorithm can produce a valid solution at any time of the execution, improving the quality of the Pareto Set as time increases. |
BibTeX:
@incollection{Murua_et_al:2020a,
author = {Murua, Maialen and Galar, Diego and Santana, Roberto},
title = {Adaptation of a Branching Algorithm to Solve the Multi-Objective Hamiltonian Cycle Problem},
booktitle = {Operations Research Proceedings 2019},
publisher = {Springer},
year = {2020},
pages = {231--237},
url = {https://link.springer.com/chapter/10.1007/978-3-030-48439-2_28}
}
|
| Roman I, Santana R, Mendiburu A and Lozano JA (2020), "In-depth analysis of SVM kernel learning and its components", Neural Computing and Applications. , pp. 1-20. Springer.
[Abstract] [BibTeX] [URL]
|
| Abstract: The performance of support vector machines in nonlinearly separable classification problems strongly relies on the kernel function. Toward an automatic machine learning approach for this technique, many research outputs have been produced dealing with the challenge of automatic learning of good-performing kernels for support vector machines. However, these works have been carried out without a thorough analysis of the set of components that influence the behavior of support vector machines and their interaction with the kernel. These components are related in an intricate way and it is difficult to provide a comprehensible analysis of their joint effect. In this paper, we try to fill this gap introducing the necessary steps in order to understand these interactions and provide clues for the research community to know where to place the emphasis. First of all, we identify all the factors that affect the final performance of support vector machines in relation to the elicitation of kernels. Next, we analyze the factors independently or in pairs and study the influence each component has on the final classification performance, providing recommendations and insights into the kernel setting for support vector machines. |
BibTeX:
@article{Roman_et_al:2020,
author = {Roman, Ibai and Santana, Roberto and Mendiburu, Alexander and Lozano, Jose A},
title = {In-depth analysis of SVM kernel learning and its components},
journal = {Neural Computing and Applications},
publisher = {Springer},
year = {2020},
pages = {1--20},
url = {https://link.springer.com/article/10.1007/s00521-020-05419-z}
}
|
| Santana R and Shakya S (2020), "Dynamic programming operators for bi-objective TTP problem", In 2020 IEEE Congress on Evolutionary Computation (CEC). Glasgow, UK , pp. 1-8.
[Abstract] [BibTeX] [URL]
|
| Abstract: The traveling thief problem (TTP) has emerged as a realistic multi-component problem that poses a number of challenges to traditional optimizers. In this paper we propose different ways to incorporate dynamic programming (DP) as a local optimization operator of population-based approaches to the biobjective TTP. The DP operators use different characterizations of the TTP instance to search for packing plans that improve the best current solutions. We evaluate the efficiency of the DP-based operators using TTP instances of up to 33810 cities and 338100 items, and compare the results of the DP operators with state-of-the-art algorithms for these instances. Our results show that DP-based approaches, applied individually and in combination with other types of operators, can produce good approximations of the Pareto sets for these problems. |
BibTeX:
@inproceedings{Santana_and_Shakya:2020,
author = {R. Santana and S. Shakya},
title = {Dynamic programming operators for bi-objective TTP problem},
booktitle = {2020 IEEE Congress on Evolutionary Computation (CEC)},
year = {2020},
pages = {1-8},
url = {https://ieeexplore.ieee.org/abstract/document/9185829}
}
|
| Santana T, Moreno J, Petzold G, Santana R and Saez-Trautmann G (2020), "Evaluation of the Temperature and Time in Centrifugation-Assisted Freeze Concentration", Applied Sciences. Vol. 10(24), pp. 9130. MPDI.
[Abstract] [BibTeX] [URL]
|
| Abstract: Centrifugation is a technique applied to assist in the freeze concentration of fruit juices and solutions. The aim of this work was to study the influence of the time–temperature parameters on the centrifugation process as a technique applied to assist in the first cycle of the freeze concentration of blueberry juice. A completely randomized 4 × 3 factorial design was performed using temperature and time as the factors, and the response variables included the percentage of concentrate, efficiency and solutes recovered. The results were evaluated using multiple linear regression, random forest regression, and Gaussian processes. The solid content in the concentrate doubled compared to the initial sample (18 °Brix) and approached 60% in the first cycle of blueberry juice freeze concentration. The combination of factors affected the percentage of the concentrate and solutes recovered, and the optimum of concentration was obtained at 15 °C with a centrifugation time of 20 min. Gaussian processes are suggested as suitable machine learning techniques for modelling the quantitative effect of the relevant factors in the centrifugation process. |
BibTeX:
@article{Santana_et_al:2020,
author = {T. Santana and J. Moreno and G. Petzold and R. Santana and G. Saez-Trautmann},
title = {Evaluation of the Temperature and Time in Centrifugation-Assisted Freeze Concentration},
journal = {Applied Sciences},
publisher = {MPDI},
year = {2020},
volume = {10},
number = {24},
pages = {9130},
url = {https://www.mdpi.com/2076-3417/10/24/9130}
}
|
| Sirbiladze G, Khutsishvili I, Sikharulidze A, Manjapharashvili T and Santana R (2020), "A new hesitant fuzzy TOPSIS approach in multi-attribute group decision making", Bulletin of the Georgian National Academy of Sciences. Vol. 14(3), pp. 17-22.
[Abstract] [BibTeX] [URL]
|
| Abstract: The proposed multi-attribute decision making methodology applies the TOPSIS (Technique for Order Performance by Similarity to Ideal Solution) approach under hesitant fuzzy environment. The case when the information on the attributes weights is completely unknown is considered. The identification of the weights of attributes which is based on De Luca-Termini information entropy is presented in the context of hesitant fuzzy sets. The ranking of alternatives is performed in accordance with the proximity of their distances to the both fuzzy positive ideal solution (FPIS) and fuzzy negative ideal solution (FNIS). |
BibTeX:
@article{Sirbiladze_et_al:2020,
author = {G. Sirbiladze and I. Khutsishvili and A. Sikharulidze and T. Manjapharashvili and R. Santana},
title = {A new hesitant fuzzy TOPSIS approach in multi-attribute group decision making},
journal = {Bulletin of the Georgian National Academy of Sciences},
year = {2020},
volume = {14},
number = {3},
pages = {17--22},
url = {http://science.org.ge/bnas/vol-14-3.html}
}
|
| Soto D, Sheikh UA, Mei N and Santana R (2020), "Decoding and encoding models reveal the role of mental simulation in the brain representation of meaning", Royal Society open science. Vol. 7(5), pp. 192043. The Royal Society.
[Abstract] [BibTeX] [URL]
|
| Abstract: How the brain representation of conceptual knowledge varies as a function of processing goals, strategies and task-factors remains a key unresolved question in cognitive neuroscience. In the present functional magnetic resonance imaging study, participants were presented with visual words during functional magnetic resonance imaging (fMRI). During shallow processing, participants had to read the items. During deep processing, they had to mentally simulate the features associated with the words. Multivariate classification, informational connectivity and encoding models were used to reveal how the depth of processing determines the brain representation of word meaning. Decoding accuracy in putative substrates of the semantic network was enhanced when the depth processing was high, and the brain representations were more generalizable in semantic space relative to shallow processing contexts. This pattern was observed even in association areas in inferior frontal and parietal cortex. Deep information processing during mental simulation also increased the informational connectivity within key substrates of the semantic network. To further examine the properties of the words encoded in brain activity, we compared computer vision models—associated with the image referents of the words—and word embedding. Computer vision models explained more variance of the brain responses across multiple areas of the semantic network. These results indicate that the brain representation of word meaning is highly malleable by the depth of processing imposed by the task, relies on access to visual representations and is highly distributed, including prefrontal areas previously implicated in semantic control. |
BibTeX:
@article{Soto_et_al:2020,
author = {Soto, David and Sheikh, Usman Ayub and Mei, Ning and Santana, Roberto},
title = {Decoding and encoding models reveal the role of mental simulation in the brain representation of meaning},
journal = {Royal Society open science},
publisher = {The Royal Society},
year = {2020},
volume = {7},
number = {5},
pages = {192043},
url = {https://royalsocietypublishing.org/doi/full/10.1098/rsos.192043}
}
|
| Vadillo J and Santana R (2020), "On the human evaluation of audio adversarial examples", CoRR. Vol. abs/2001.08444
[Abstract] [BibTeX] [URL]
|
| Abstract: Human-machine interaction is increasingly dependent on speech communication. Machine Learning models are usually applied to interpret human speech commands. However, these models can be fooled by adversarial examples, which are inputs intentionally perturbed to produce a wrong prediction without being noticed. While much research has been focused on developing new techniques to generate adversarial perturbations, less attention has been given to aspects that determine whether and how the perturbations are noticed by humans. This question is relevant since high fooling rates of proposed adversarial perturbation strategies are only valuable if the perturbations are not detectable. In this paper we investigate to which extent the distortion metrics proposed in the literature for audio adversarial examples, and which are commonly applied to evaluate the effectiveness of methods for generating these attacks, are a reliable measure of the human perception of the perturbations. Using an analytical framework, and an experiment in which 18 subjects evaluate audio adversarial examples, we demonstrate that the metrics employed by convention are not a reliable measure of the perceptual similarity of adversarial examples in the audio domai |
BibTeX:
@article{Vadillo_and_Santana:2020,
author = {Jon Vadillo and Roberto Santana},
title = {On the human evaluation of audio adversarial examples},
journal = {CoRR},
year = {2020},
volume = {abs/2001.08444},
url = {http://arxiv.org/abs/2001.08444}
}
|
| Vadillo J, Santana R and Lozano JA (2020), "Analysis of Dominant Classes in Universal Adversarial Perturbations", CoRR. Vol. abs/2012.14352
[Abstract] [BibTeX] [URL]
|
| Abstract: The reasons why Deep Neural Networks are susceptible to being fooled by adversarial examples remains an open discussion. Indeed, many different strategies can be employed to efficiently generate adversarial attacks, some of them relying on different theoretical justifications. Among these strategies, universal (input-agnostic) perturbations are of particular interest, due to their capability to fool a network independently of the input in which the perturbation is applied. In this work, we investigate an intriguing phenomenon of universal perturbations, which has been reported previously in the literature, yet without a proven justification: universal perturbations change the predicted classes for most inputs into one particular (dominant) class, even if this behavior is not specified during the creation of the perturbation. In order to justify the cause of this phenomenon, we propose a number of hypotheses and experimentally test them using a speech command classification problem in the audio domain as a testbed. Our analyses reveal interesting properties of universal perturbations, suggest new methods to generate such attacks and provide an explanation of dominant classes, under both a geometric and a data-feature perspective. |
BibTeX:
@article{Vadillo_et_al:2020,
author = {Jon Vadillo and Roberto Santana and Jose A. Lozano},
title = {Analysis of Dominant Classes in Universal Adversarial Perturbations},
journal = {CoRR},
year = {2020},
volume = {abs/2012.14352},
url = {http://arxiv.org/abs/2012.14352}
}
|
| Vadillo J, Santana R and Lozano JA (2020), "Extending Adversarial Attacks to Produce Adversarial Class Probability Distributions", CoRR. Vol. abs/2004.06383
[Abstract] [BibTeX] [URL]
|
| Abstract: Despite the remarkable performance and generalization levels of deep learning models in a wide range of artificial intelligence tasks, it has been demonstrated that these models can be easily fooled by the addition of imperceptible yet malicious perturbations to natural inputs. These altered inputs are known in the literature as adversarial examples. In this paper, we propose a novel probabilistic framework to generalize and extend adversarial attacks in order to produce a desired probability distribution for the classes when we apply the attack method to a large number of inputs. This novel attack strategy provides the attacker with greater control over the target model, and increases the complexity of detecting that the model is being systematically attacked. We introduce four different strategies to efficiently generate such attacks, and illustrate our approach by extending multiple adversarial attack algorithms. We also experimentally validate our approach for the spoken command classification task, an exemplary machine learning problem in the audio domain. Our results demonstrate that we can closely approximate any probability distribution for the classes while maintaining a high fooling rate and by injecting imperceptible perturbations to the inputs. |
BibTeX:
@article{Vadillo_et_al:2020a,
author = {Jon Vadillo and Roberto Santana and Jose A. Lozano},
title = {Extending Adversarial Attacks to Produce Adversarial Class Probability Distributions},
journal = {CoRR},
year = {2020},
volume = {abs/2004.06383},
url = {http://arxiv.org/abs/2004.06383}
}
|
| Vadillo J, Santana R and Lozano JA (2020), "Exploring Gaps in DeepFool in Search of More Effective Adversarial Perturbations", In Proceedings of the Sixth International Conference on Machine Learning, Optimization, and Data Science (LOD-2020). Tuscany, Italy Vol. 12566, pp. 215-227. Springer, Cham.
[Abstract] [BibTeX] [URL]
|
| Abstract: Adversarial examples are inputs subtly perturbed to produce a wrong prediction in machine learning models, while remaining perceptually similar to the original input. To find adversarial examples, some attack strategies rely on linear approximations of different properties of the models. This opens a number of questions related to the accuracy of such approximations. In this paper we focus on DeepFool, a state-of-the-art attack algorithm, which is based on efficiently approximating the decision space of the target classifier to find the minimal perturbation needed to fool the model. The objective of this paper is to analyze the feasibility of finding inaccuracies in the linear approximation of DeepFool, with the aim of studying whether they can be used to increase the effectiveness of the attack. We introduce two strategies to efficiently explore gaps in the approximation of the decision boundaries, and evaluate our approach in a speech command classification task. |
BibTeX:
@inproceedings{Vadillo_et_al:2020b,
author = {Jon Vadillo and Roberto Santana and Jose A. Lozano},
title = {Exploring Gaps in DeepFool in Search of More Effective Adversarial Perturbations},
booktitle = {Proceedings of the Sixth International Conference on Machine Learning, Optimization, and Data Science (LOD-2020)},
publisher = {Springer, Cham},
year = {2020},
volume = {12566},
pages = {215--227},
url = {https://link.springer.com/chapter/10.1007/978-3-030-64580-9_18}
}
|