We consider the two related problems of detecting if an example is misclassified or out-of-distribution. We present a simple baseline that utilizes probabilities from softmax distributions. Correctly classified examples tend to have greater maximum softmax probabilities than erroneously classified and out-of-distribution examples, allowing for their detection. We assess performance by defining several tasks in computer vision, natural language processing, and automatic speech recognition, showing the effectiveness of this baseline across all. We then show the baseline can sometimes be surpassed, demonstrating the room for future research on these underexplored detection tasks.
translated by 谷歌翻译
It is important to detect anomalous inputs when deploying machine learning systems. The use of larger and more complex inputs in deep learning magnifies the difficulty of distinguishing between anomalous and in-distribution examples. At the same time, diverse image and text data are available in enormous quantities. We propose leveraging these data to improve deep anomaly detection by training anomaly detectors against an auxiliary dataset of outliers, an approach we call Outlier Exposure (OE). This enables anomaly detectors to generalize and detect unseen anomalies. In extensive experiments on natural language processing and small-and large-scale vision tasks, we find that Outlier Exposure significantly improves detection performance. We also observe that cutting-edge generative models trained on CIFAR-10 may assign higher likelihoods to SVHN images than to CIFAR-10 images; we use OE to mitigate this issue. We also analyze the flexibility and robustness of Outlier Exposure, and identify characteristics of the auxiliary dataset that improve performance.
translated by 谷歌翻译
We consider the problem of detecting out-of-distribution images in neural networks. We propose ODIN, a simple and effective method that does not require any change to a pre-trained neural network. Our method is based on the observation that using temperature scaling and adding small perturbations to the input can separate the softmax score distributions between in-and out-of-distribution images, allowing for more effective detection. We show in a series of experiments that ODIN is compatible with diverse network architectures and datasets. It consistently outperforms the baseline approach (Hendrycks & Gimpel, 2017) by a large margin, establishing a new state-of-the-art performance on this task. For example, ODIN reduces the false positive rate from the baseline 34.7% to 4.3% on the DenseNet (applied to CIFAR-10 and Tiny-ImageNet) when the true positive rate is 95%.
translated by 谷歌翻译
The problem of detecting whether a test sample is from in-distribution (i.e., training distribution by a classifier) or out-of-distribution sufficiently different from it arises in many real-world machine learning applications. However, the state-of-art deep neural networks are known to be highly overconfident in their predictions, i.e., do not distinguish in-and out-of-distributions. Recently, to handle this issue, several threshold-based detectors have been proposed given pre-trained neural classifiers. However, the performance of prior works highly depends on how to train the classifiers since they only focus on improving inference procedures. In this paper, we develop a novel training method for classifiers so that such inference algorithms can work better. In particular, we suggest two additional terms added to the original loss (e.g., cross entropy). The first one forces samples from out-of-distribution less confident by the classifier and the second one is for (implicitly) generating most effective training samples for the first one. In essence, our method jointly trains both classification and generative neural networks for out-of-distribution. We demonstrate its effectiveness using deep convolutional neural networks on various popular image datasets.
translated by 谷歌翻译
我们介绍了几个新的数据集即想象的A / O和Imagenet-R以及合成环境和测试套件,我们称为CAOS。 Imagenet-A / O允许研究人员专注于想象成剩余的盲点。由于追踪稳健的表示,以特殊创建了ImageNet-R,因为表示不再简单地自然,而是包括艺术和其他演绎。 Caos Suite由Carla Simulator构建,允许包含异常物体,可以创建可重复的合成环境和用于测试稳健性的场景。所有数据集都是为测试鲁棒性和衡量鲁棒性的衡量进展而创建的。数据集已用于各种其他作品中,以衡量其具有鲁棒性的自身进步,并允许切向进展,这些进展不会完全关注自然准确性。鉴于这些数据集,我们创建了几种旨在推进鲁棒性研究的新方法。我们以最大Logit的形式和典型程度的形式构建简单的基线,并以深度的形式创建新的数据增强方法,从而提高上述基准。最大Logit考虑Logit值而不是SoftMax操作后的值,而微小的变化会产生明显的改进。典型程分将输出分布与类的后部分布进行比较。我们表明,除了分段任务之外,这将提高对基线的性能。猜测可能在像素级别,像素的语义信息比类级信息的语义信息不太有意义。最后,新的Deepaulment的新增强技术利用神经网络在彻底不同于先前使用的传统几何和相机的转换的图像上创建增强。
translated by 谷歌翻译
Detecting test samples drawn sufficiently far away from the training distribution statistically or adversarially is a fundamental requirement for deploying a good classifier in many real-world machine learning applications. However, deep neural networks with the softmax classifier are known to produce highly overconfident posterior distributions even for such abnormal samples. In this paper, we propose a simple yet effective method for detecting any abnormal samples, which is applicable to any pre-trained softmax neural classifier. We obtain the class conditional Gaussian distributions with respect to (low-and upper-level) features of the deep models under Gaussian discriminant analysis, which result in a confidence score based on the Mahalanobis distance. While most prior methods have been evaluated for detecting either out-of-distribution or adversarial samples, but not both, the proposed method achieves the state-of-the-art performances for both cases in our experiments. Moreover, we found that our proposed method is more robust in harsh cases, e.g., when the training dataset has noisy labels or small number of samples. Finally, we show that the proposed method enjoys broader usage by applying it to class-incremental learning: whenever out-of-distribution samples are detected, our classification rule can incorporate new classes well without further training deep models.
translated by 谷歌翻译
Commonly used AI networks are very self-confident in their predictions, even when the evidence for a certain decision is dubious. The investigation of a deep learning model output is pivotal for understanding its decision processes and assessing its capabilities and limitations. By analyzing the distributions of raw network output vectors, it can be observed that each class has its own decision boundary and, thus, the same raw output value has different support for different classes. Inspired by this fact, we have developed a new method for out-of-distribution detection. The method offers an explanatory step beyond simple thresholding of the softmax output towards understanding and interpretation of the model learning process and its output. Instead of assigning the class label of the highest logit to each new sample presented to the network, it takes the distributions over all classes into consideration. A probability score interpreter (PSI) is created based on the joint logit values in relation to their respective correct vs wrong class distributions. The PSI suggests whether the sample is likely to belong to a specific class, whether the network is unsure, or whether the sample is likely an outlier or unknown type for the network. The simple PSI has the benefit of being applicable on already trained networks. The distributions for correct vs wrong class for each output node are established by simply running the training examples through the trained network. We demonstrate our OOD detection method on a challenging transmission electron microscopy virus image dataset. We simulate a real-world application in which images of virus types unknown to a trained virus classifier, yet acquired with the same procedures and instruments, constitute the OOD samples.
translated by 谷歌翻译
机器学习模型通常会遇到与训练分布不同的样本。无法识别分布(OOD)样本,因此将该样本分配给课堂标签会显着损害模​​型的可靠性。由于其对在开放世界中的安全部署模型的重要性,该问题引起了重大关注。由于对所有可能的未知分布进行建模的棘手性,检测OOD样品是具有挑战性的。迄今为止,一些研究领域解决了检测陌生样本的问题,包括异常检测,新颖性检测,一级学习,开放式识别识别和分布外检测。尽管有相似和共同的概念,但分别分布,开放式检测和异常检测已被独立研究。因此,这些研究途径尚未交叉授粉,创造了研究障碍。尽管某些调查打算概述这些方法,但它们似乎仅关注特定领域,而无需检查不同领域之间的关系。这项调查旨在在确定其共同点的同时,对各个领域的众多著名作品进行跨域和全面的审查。研究人员可以从不同领域的研究进展概述中受益,并协同发展未来的方法。此外,据我们所知,虽然进行异常检测或单级学习进行了调查,但没有关于分布外检测的全面或最新的调查,我们的调查可广泛涵盖。最后,有了统一的跨域视角,我们讨论并阐明了未来的研究线,打算将这些领域更加紧密地融为一体。
translated by 谷歌翻译
仇恨言论是一种在线骚扰的形式,涉及使用滥用语言,并且在社交媒体帖子中通常可以看到。这种骚扰主要集中在诸如宗教,性别,种族等的特定群体特征上,如今它既有社会和经济后果。文本文章中对滥用语言的自动检测一直是一项艰巨的任务,但最近它从科学界获得了很多兴趣。本文解决了在社交媒体中辨别仇恨内容的重要问题。我们在这项工作中提出的模型是基于LSTM神经网络体系结构的现有方法的扩展,我们在短文中适当地增强和微调以检测某些形式的仇恨语言,例如种族主义或性别歧视。最重要的增强是转换为由复发性神经网络(RNN)分类器组成的两阶段方案。将第一阶段的所有一Vs式分类器(OVR)分类器的输出组合在一起,并用于训练第二阶段分类器,最终决定了骚扰的类型。我们的研究包括对在16K推文的公共语料库中评估的第二阶段提出的几种替代方法的性能比较,然后对另一个数据集进行了概括研究。报道的结果表明,与当前的最新技术相比,在仇恨言论检测任务中,所提出的方案的分类质量出色。
translated by 谷歌翻译
随着神经网络分类器部署在现实世界应用中,它们可以可靠地检测到它们的故障至关重要。一个实际解决方案是为每个预测分配置信度分数,然后使用这些分数来过滤可能的错误分类。然而,现有的置信度量尚未充分可靠地对此作用。本文介绍了一种新的框架,可以产生用于检测错误分类错误的定量度量。此框架红色在基本分类器的顶部构建错误检测器,并估计使用高斯过程的检测分数的不确定性。在125 UCI数据集上具有其他错误检测方法的实验比较证明了这种方法是有效的。在两个概率基础分类器上进一步实现以及视觉任务中的两个大型深度学习架构进一步证实了该方法是坚固且可扩展的。第三,用分布外和对抗样本的红色的实证分析表明,该方法不仅可以检测错误,还可以使用,而且可以了解它们来自哪里。因此,红色可以使用未来更广泛地提高神经网络分类器的可信度。
translated by 谷歌翻译
Classifiers used in the wild, in particular for safetycritical systems, should not only have good generalization properties but also should know when they don't know, in particular make low confidence predictions far away from the training data. We show that ReLU type neural networks which yield a piecewise linear classifier function fail in this regard as they produce almost always high confidence predictions far away from the training data. For bounded domains like images we propose a new robust optimization technique similar to adversarial training which enforces low confidence predictions far away from the training data. We show that this technique is surprisingly effective in reducing the confidence of predictions far away from the training data while maintaining high confidence predictions and test error on the original classification task compared to standard training.
translated by 谷歌翻译
深度神经网络对各种任务取得了出色的性能,但它们具有重要问题:即使对于完全未知的样本,也有过度自信的预测。已经提出了许多研究来成功过滤出这些未知的样本,但它们仅考虑狭窄和特定的任务,称为错误分类检测,开放式识别或分布外检测。在这项工作中,我们认为这些任务应该被视为根本存在相同的问题,因为理想的模型应该具有所有这些任务的检测能力。因此,我们介绍了未知的检测任务,以先前的单独任务的整合,用于严格检查深度神经网络对广谱的广泛未知样品的检测能力。为此,构建了不同尺度上的统一基准数据集,并且存在现有流行方法的未知检测能力进行比较。我们发现深度集合始终如一地优于检测未知的其他方法;但是,所有方法只针对特定类型的未知方式成功。可重复的代码和基准数据集可在https://github.com/daintlab/unknown-detection-benchmarks上获得。
translated by 谷歌翻译
诸如深神经网络(DNN)之类的机器学习方法,尽管他们在不同域中取得了成功,但是众所周知,通常在训练分布之外的输入上具有高信心产生不正确的预测。在安全关键域中的DNN部署需要检测分配超出(OOD)数据,以便DNN可以避免对那些人进行预测。最近已经开发了许多方法,以便检测,但仍有改进余地。我们提出了新的方法IdeCode,利用了用于共形OOD检测的分销标准。它依赖于在电感共形异常检测框架中使用的新基础非符合性测量和新的聚合方法,从而保证了有界误报率。我们通过在图像和音频数据集上的实验中展示了IDecode的功效,获得了最先进的结果。我们还表明Idecode可以检测对抗性示例。
translated by 谷歌翻译
社交媒体网络已成为人们生活的重要方面,它是其思想,观点和情感的平台。因此,自动化情绪分析(SA)对于以其他信息来源无法识别人们的感受至关重要。对这些感觉的分析揭示了各种应用,包括品牌评估,YouTube电影评论和医疗保健应用。随着社交媒体的不断发展,人们以不同形式发布大量信息,包括文本,照片,音频和视频。因此,传统的SA算法已变得有限,因为它们不考虑其他方式的表现力。通过包括来自各种物质来源的此类特征,这些多模式数据流提供了新的机会,以优化基于文本的SA之外的预期结果。我们的研究重点是多模式SA的最前沿领域,该领域研究了社交媒体网络上发布的视觉和文本数据。许多人更有可能利用这些信息在这些平台上表达自己。为了作为这个快速增长的领域的学者资源,我们介绍了文本和视觉SA的全面概述,包括数据预处理,功能提取技术,情感基准数据集以及适合每个字段的多重分类方法的疗效。我们还简要介绍了最常用的数据融合策略,并提供了有关Visual Textual SA的现有研究的摘要。最后,我们重点介绍了最重大的挑战,并调查了一些重要的情感应用程序。
translated by 谷歌翻译
深度学习中的关键挑战之一是检测对抗例的有效策略的定义。为此,我们提出了一种名为Ensemble对抗探测器(EAD)的新型方法,用于识别对抗性示例,在标准的多字节分类场景中。 EAD结合了多个检测器,该检测器利用了预先训练的深神经网络(DNN)内部表示中的输入实例的不同属性。具体而言,EAD基于Mahalanobis距离和局部内在的维度(盖子)与基于单级支持向量机(OSVM)的新引进的方法集成了最先进的探测器。尽管所有构成方法都假定测试实例从一组正确分类的训练实例的距离越大,但概率越高,其是对手示例的概率越高,它们在计算距离的方式中不同。为了利用不同方法的有效性在捕获数据分布的不同特性,因此,有效地解决泛化和过度装备之间的权衡,EAD采用探测器特定的距离分数作为逻辑回归分类器的特征,独立的超公数后优化。我们在不同的数据集(CIFAR-10,CiFar-100和SVHN)和模型(Reset和Densenet)上评估了EAD方法,以及通过与竞争方法进行比较,关于四个对抗性攻击(FGSM,BIM,DeepFool和CW)。总的来说,我们表明EAD达到了最大的Auroc和Aupr在大多数设置和其他方面的表现。对现有技术的改进以及容易延伸EAD以包括任何任意探测器的可能性,铺平了在普遍示例性检测的广场上广泛采用的集合方法。
translated by 谷歌翻译
人工智能的最新趋势是将验证的模型用于语言和视觉任务,这些模型已经实现了非凡的表现,但也令人困惑。因此,以各种方式探索这些模型的能力对该领域至关重要。在本文中,我们探讨了模型的可靠性,在其中我们将可靠的模型定义为一个不仅可以实现强大的预测性能,而且在许多涉及不确定性(例如选择性预测,开放式设置识别)的决策任务上,在许多决策任务上表现出色,而且表现良好。强大的概括(例如,准确性和适当的评分规则,例如在分布数据集中和分发数据集上的对数可能性)和适应性(例如,主动学习,几乎没有射击不确定性)。我们设计了40个数据集的10种任务类型,以评估视觉和语言域上可靠性的不同方面。为了提高可靠性,我们分别开发了VIT-PLEX和T5-PLEX,分别针对视觉和语言方式扩展了大型模型。 PLEX极大地改善了跨可靠性任务的最先进,并简化了传统协议,因为它可以改善开箱即用的性能,并且不需要设计分数或为每个任务调整模型。我们演示了高达1B参数的模型尺寸的缩放效果,并预处理数据集大小最多4B示例。我们还展示了PLEX在具有挑战性的任务上的功能,包括零射门的开放式识别,主动学习和对话语言理解中的不确定性。
translated by 谷歌翻译
The upcoming large scale surveys like LSST are expected to find approximately $10^5$ strong gravitational lenses by analysing data of many orders of magnitude larger than those in contemporary astronomical surveys. In this case, non-automated techniques will be highly challenging and time-consuming, even if they are possible at all. We propose a new automated architecture based on the principle of self-attention to find strong gravitational lenses. The advantages of self-attention-based encoder models over convolution neural networks are investigated, and ways to optimise the outcome of encoder models are analysed. We constructed and trained 21 self-attention based encoder models and five convolution neural networks to identify gravitational lenses from the Bologna Lens Challenge. Each model was trained separately using 18,000 simulated images, cross-validated using 2,000 images, and then applied to a test set with 100,000 images. We used four different metrics for evaluation: classification accuracy, area under the receiver operating characteristic curve (AUROC), the TPR$_0$ score and the TPR$_{10}$ score. The performances of self-attention-based encoder models and CNNs participating in the challenge are compared. They were able to surpass the CNN models that participated in the Bologna Lens Challenge by a high margin for the TPR$_0$ and TPR_${10}$. Self-Attention based models have clear advantages compared to simpler CNNs. They have highly competing performance in comparison to the currently used residual neural networks. Compared to CNNs, self-attention based models can identify highly confident lensing candidates and will be able to filter out potential candidates from real data. Moreover, introducing the encoder layers can also tackle the over-fitting problem present in the CNNs by acting as effective filters.
translated by 谷歌翻译
仇恨言论的大规模传播,针对特定群体的仇恨内容,是一个批评社会重要性的问题。仇恨语音检测的自动化方法通常采用最先进的深度学习(DL)的文本分类器 - 非常大的预训练的神经语言模型超过1亿个参数,将这些模型适应仇恨语音检测的任务相关标记的数据集。不幸的是,只有许多标记的数据集有限的尺寸可用于此目的。我们为推进这种事态的高潜力进行了几项贡献。我们呈现HyperNetworks用于仇恨语音检测,这是一种特殊的DL网络,其权重由小型辅助网络调节。这些架构在字符级运行,而不是字级,并且与流行的DL分类器相比,几个较小的顺序大小。我们进一步表明,在命名为IT数据增强的过程中使用大量自动生成的示例的培训讨厌检测分类器通常是有益的,但这种做法尤其提高了所提出的HyperNetworks的性能。事实上,我们实现了比艺术最新的语言模型相当或更好的性能,这些模型是使用这种方法的预先训练的和数量级,与使用五个公共仇恨语音数据集进行评估。
translated by 谷歌翻译
Deep learning has shown impressive performance on hard perceptual problems. However, researchers found deep learning systems to be vulnerable to small, specially crafted perturbations that are imperceptible to humans. Such perturbations cause deep learning systems to mis-classify adversarial examples, with potentially disastrous consequences where safety or security is crucial. Prior defenses against adversarial examples either targeted specific attacks or were shown to be ineffective. We propose MagNet, a framework for defending neural network classifiers against adversarial examples. MagNet neither modifies the protected classifier nor requires knowledge of the process for generating adversarial examples. MagNet includes one or more separate detector networks and a reformer network. The detector networks learn to differentiate between normal and adversarial examples by approximating the manifold of normal examples. Since they assume no specific process for generating adversarial examples, they generalize well. The reformer network moves adversarial examples towards the manifold of normal examples, which is effective for correctly classifying adversarial examples with small perturbation. We discuss the intrinsic difficulties in defending against whitebox attack and propose a mechanism to defend against graybox attack. Inspired by the use of randomness in cryptography, we use diversity to strengthen MagNet. We show empirically that Mag-Net is effective against the most advanced state-of-the-art attacks in blackbox and graybox scenarios without sacrificing false positive rate on normal examples. CCS CONCEPTS• Security and privacy → Domain-specific security and privacy architectures; • Computing methodologies → Neural networks;
translated by 谷歌翻译
确保适当的标点符号和字母外壳是朝向应用复杂的自然语言处理算法的关键预处理步骤。这对于缺少标点符号和壳体的文本源,例如自动语音识别系统的原始输出。此外,简短的短信和微博的平台提供不可靠且经常错误的标点符号和套管。本调查概述了历史和最先进的技术,用于恢复标点符号和纠正单词套管。此外,突出了当前的挑战和研究方向。
translated by 谷歌翻译