Concept bottleneck models (CBMs) (Koh et al. 2020) are interpretable neural networks that first predict labels for human-interpretable concepts relevant to the prediction task, and then predict the final label based on the concept label predictions.We extend CBMs to interactive prediction settings where the model can query a human collaborator for the label to some concepts. We develop an interaction policy that, at prediction time, chooses which concepts to request a label for so as to maximally improve the final prediction. We demonstrate thata simple policy combining concept prediction uncertainty and influence of the concept on the final prediction achieves strong performance and outperforms a static approach proposed in Koh et al. (2020) as well as active feature acquisition methods proposed in the literature. We show that the interactiveCBM can achieve accuracy gains of 5-10% with only 5 interactions over competitive baselines on the Caltech-UCSDBirds, CheXpert and OAI datasets.
translated by 谷歌翻译
最近的作品试图通过对比原始扰动大的域进行攻击,并在目标中增加各种正则化项,从而提高受对抗训练的网络的验证性。但是,这些算法表现不佳或需要复杂且昂贵的舞台训练程序,从而阻碍了其实际适用性。我们提出了IBP-R,这是一种新颖的经过验证的培训算法,既简单又有效。 IBP-R通过基于廉价的间隔结合传播对扩大域的对抗域进行对抗性攻击来诱导网络可验证性,从而最大程度地减少了非凸vex验证问题与其近似值之间的差距。通过利用最近的分支机构和结合的框架,我们表明IBP-R获得了最先进的核能 - 智能权准折衷,而在CIFAR-10上进行了小型扰动,而培训的速度明显快于相关的先前工作。此外,我们提出了一种新颖的分支策略,该策略依赖于基于$ \ beta $ crown的简单启发式,可降低最先进的分支分支算法的成本,同时产生可比质量的分裂。
translated by 谷歌翻译
在本文中,我们展示了如何通过仅依靠现成的预审预周化的模型来实现对2型界限的最先进的对抗性鲁棒性。为此,我们实例化了Salman等人的DeNoceed平滑方法。通过结合预处理的降级扩散概率模型和标准的高智分类器。这使我们能够在限制在2个norm范围内的对抗扰动下证明Imagenet上的71%精度,使用任何方法比先前的认证SOTA提高了14个百分点,或改善了与DeNoed Spootering相比的30个百分点。我们仅使用预审预测的扩散模型和图像分类器获得这些结果,而无需进行任何模型参数的任何微调或重新训练。
translated by 谷歌翻译
最近的工作表明,当AI的预测不可靠时,可以学会推迟人类的选择性预测系统的潜在好处,特别是提高医疗保健等高赌注应用中AI系统的可靠性。然而,大多数事先工作假定当他们解决预测任务时,人类行为仍然保持不变,作为人类艾队团队的一部分而不是自己。我们表明,通过执行实验来规定在选择性预测的背景下量化人AI相互作用的实验并非如此。特别是,我们研究将不同类型信息传送给人类的影响,了解AI系统的决定推迟。使用现实世界的保护数据和选择性预测系统,可以在单独工作的人体或AI系统上提高预期准确性,我们表明,这种消息传递对人类判断的准确性产生了重大影响。我们的结果研究了消息传递策略的两个组成部分:1)人类是否被告知AI系统的预测和2)是否被告知选择性预测系统的决定推迟。通过操纵这些消息传递组件,我们表明,通过通知人类推迟的决定,可以显着提高人类的性能,但不透露对AI的预测。因此,我们表明,考虑在设计选择性预测系统时如何传送到人类的决定是至关重要的,并且必须使用循环框架仔细评估人类-AI团队的复合精度。
translated by 谷歌翻译
分发班次的稳健性对于部署现实世界中的机器学习模型至关重要。尽管如此必要的,但在定义导致这些变化的潜在机制以及评估跨多个不同的分发班次的稳健性的潜在机制很少。为此,我们介绍了一种框架,可实现各种分布换档的细粒度分析。我们通过评估在合成和现实世界数据集中分为五个类别的19个不同的方法来提供对当前最先进的方法的整体分析。总的来说,我们训练超过85架模型。我们的实验框架可以很容易地扩展到包括新方法,班次和数据集。我们发现,与以前的工作〜\ citep {gulrajani20}不同,该进度已经通过标准的ERM基线进行;特别是,在许多情况下,预先训练和增强(学习或启发式)提供了大的收益。但是,最好的方法在不同的数据集和班次上不一致。
translated by 谷歌翻译
大多数现实世界的应用需要处理传感器噪声或预测性不确定性等旋能性,其中正式规格的所需行为是固有的概率。尽管正式核查确保神经网络的可靠性,但概率规格方向的进展受到限制。在这个方向上,我们首先介绍神经网络的概率规范的一般性,它捕获了概率网络(例如,贝叶斯神经网络,MC-Dropout Networks)和不确定输入(通过传感器噪声或其他扰动而产生的输入)。然后,我们提出了一种通过概括拉格朗日二元性的概念来验证这些规范的一般技术,替换具有“功能乘法器”的标准拉格朗日乘法器,其可以是给定层上激活的任意功能。我们表明,功能乘法器的最佳选择导致精确的验证(即,声音和完全验证),以及特定形式的乘法器,我们开发了易诊的实际验证算法。我们通过将它们应用于贝叶斯神经网络(BNNS)和MC差动网络,以及认证属性,以及诸如对分发超出(OOD)数据的抗逆性鲁棒性和鲁棒检测的认证性能来验证我们的算法。在这些任务中,与现有工作相比,我们能够提供明显更强烈的保证 - 例如,对于在CiFar-10上培训的VGG-64 MC-Tropout CNN,我们改进了认证的AUC(真实AUC的验证的下限)对于鲁棒的OOD检测(在CIFAR-100上)起价$ 0 \%\ lightarrow 29 \%$。同样,对于在MNIST培训的BNN,我们从60.2美元\%\ lightarrow 74.6 \%$提高了强大的准确性。此外,在一种新颖的规范 - 分布稳健的检测 - 我们从5 \%\ lightarrow 23 \%$的5 \%$。
translated by 谷歌翻译
This paper proposes an easy-to-compute upper bound for the overlap index between two probability distributions without requiring any knowledge of the distribution models. The computation of our bound is time-efficient and memory-efficient and only requires finite samples. The proposed bound shows its value in one-class classification and domain shift analysis. Specifically, in one-class classification, we build a novel one-class classifier by converting the bound into a confidence score function. Unlike most one-class classifiers, the training process is not needed for our classifier. Additionally, the experimental results show that our classifier \textcolor{\colorname}{can be accurate with} only a small number of in-class samples and outperforms many state-of-the-art methods on various datasets in different one-class classification scenarios. In domain shift analysis, we propose a theorem based on our bound. The theorem is useful in detecting the existence of domain shift and inferring data information. The detection and inference processes are both computation-efficient and memory-efficient. Our work shows significant promise toward broadening the applications of overlap-based metrics.
translated by 谷歌翻译
We propose a framework in which multiple entities collaborate to build a machine learning model while preserving privacy of their data. The approach utilizes feature embeddings from shared/per-entity feature extractors transforming data into a feature space for cooperation between entities. We propose two specific methods and compare them with a baseline method. In Shared Feature Extractor (SFE) Learning, the entities use a shared feature extractor to compute feature embeddings of samples. In Locally Trained Feature Extractor (LTFE) Learning, each entity uses a separate feature extractor and models are trained using concatenated features from all entities. As a baseline, in Cooperatively Trained Feature Extractor (CTFE) Learning, the entities train models by sharing raw data. Secure multi-party algorithms are utilized to train models without revealing data or features in plain text. We investigate the trade-offs among SFE, LTFE, and CTFE in regard to performance, privacy leakage (using an off-the-shelf membership inference attack), and computational cost. LTFE provides the most privacy, followed by SFE, and then CTFE. Computational cost is lowest for SFE and the relative speed of CTFE and LTFE depends on network architecture. CTFE and LTFE provide the best accuracy. We use MNIST, a synthetic dataset, and a credit card fraud detection dataset for evaluations.
translated by 谷歌翻译
This paper considers adaptive radar electronic counter-counter measures (ECCM) to mitigate ECM by an adversarial jammer. Our ECCM approach models the jammer-radar interaction as a Principal Agent Problem (PAP), a popular economics framework for interaction between two entities with an information imbalance. In our setup, the radar does not know the jammer's utility. Instead, the radar learns the jammer's utility adaptively over time using inverse reinforcement learning. The radar's adaptive ECCM objective is two-fold (1) maximize its utility by solving the PAP, and (2) estimate the jammer's utility by observing its response. Our adaptive ECCM scheme uses deep ideas from revealed preference in micro-economics and principal agent problem in contract theory. Our numerical results show that, over time, our adaptive ECCM both identifies and mitigates the jammer's utility.
translated by 谷歌翻译
The vision community has explored numerous pose guided human editing methods due to their extensive practical applications. Most of these methods still use an image-to-image formulation in which a single image is given as input to produce an edited image as output. However, the problem is ill-defined in cases when the target pose is significantly different from the input pose. Existing methods then resort to in-painting or style transfer to handle occlusions and preserve content. In this paper, we explore the utilization of multiple views to minimize the issue of missing information and generate an accurate representation of the underlying human model. To fuse the knowledge from multiple viewpoints, we design a selector network that takes the pose keypoints and texture from images and generates an interpretable per-pixel selection map. After that, the encodings from a separate network (trained on a single image human reposing task) are merged in the latent space. This enables us to generate accurate, precise, and visually coherent images for different editing tasks. We show the application of our network on 2 newly proposed tasks - Multi-view human reposing, and Mix-and-match human image generation. Additionally, we study the limitations of single-view editing and scenarios in which multi-view provides a much better alternative.
translated by 谷歌翻译