Listing 1 - 1 of 1 |
Sort by
|
Choose an application
Artificial neural networks are able to reach the highest accuracy on a great variety of complex visual tasks. Their impressive performances, often surpassing humans, attract a lot of interest. But their opaque nature makes them considered as distrusted black-box models by experts. In 2013, Szegedy et al. discovered that images can be slightly modified to cause the models to classify them differently. The adversary creating the modified image can even choose the new class. These modified images, called adversarial examples, draw even more distrust on these models. In this thesis, we will present methods to evaluate the robustness of a model against such examples, among which one based on mixed integer linear programming and others based on relaxations of it. We will also present algorithms to train models to be more robust. Finally, we will empirically evaluate models trained with these algorithms.
Listing 1 - 1 of 1 |
Sort by
|