Machine Learning Security Seminar Series - Maksym Andriushchenko

Описание: Description: Invited talk by Maksym Andriushchenko (EPFL).

Title of the talk: ARIA: Adversarially Robust Image Attribution for Content Provenance

Abstract

Image attribution -- matching an image back to a trusted source -- is an emerging tool in the fight against online misinformation. Deep visual fingerprinting models have recently been explored for this purpose. However, they are not robust to tiny input perturbations known as adversarial examples. First, we illustrate how to generate valid adversarial images that can easily cause incorrect image attribution. Then we describe an approach to prevent imperceptible adversarial attacks on deep visual fingerprinting models, via robust contrastive learning. The proposed training procedure leverages training on ℓ∞-bounded adversarial examples, it is conceptually simple and incurs only a small computational overhead. The resulting models are substantially more robust, are accurate even on unperturbed images, and perform well even over a database with millions of images. In particular, we achieve 91.6% standard and 85.1% adversarial recall under ℓ∞-bounded perturbations on manipulated images compared to 80.1% and 0.0% from prior work. We also show that robustness generalizes to other types of imperceptible perturbations unseen during training. Finally, we show how to train an adversarially robust image comparator model for detecting editorial changes in matched images.

Bio

Maksym Andriushchenko is a third-year PhD student in computer science at EPFL (École Polytechnique Fédérale de Lausanne) in Switzerland. He obtained his MSc from Saarland University, Germany. His research mainly focuses on how to make machine learning algorithms adversarially robust and improve their reliability. Maksym has published eleven papers at major machine learning and computer vision conferences (NeurIPS, ICML, ICLR, AISTATS, UAI, AAAI, CVPR, and ECCV).