{"id":1564,"date":"2019-06-19T14:56:48","date_gmt":"2019-06-19T18:56:48","guid":{"rendered":"http:\/\/www.jsylvest.com\/blog\/?p=1564"},"modified":"2019-06-19T14:56:56","modified_gmt":"2019-06-19T18:56:56","slug":"bart-barrage-of-random-transforms-for-adversarially-robust-defense","status":"publish","type":"post","link":"https:\/\/www.jsylvest.com\/blog\/2019\/06\/bart-barrage-of-random-transforms-for-adversarially-robust-defense\/","title":{"rendered":"BaRT: Barrage of Random Transforms for Adversarially Robust Defense"},"content":{"rendered":"\n<p>This week I'm at CVPR \u2014 the IEEE's Computer Vision and Pattern Recognition Conference, which is a huge AI event. I'm currently rehearsing the timing of my talk one last time, but I wanted to take a minute between run-throughs to link to my co-author <a href=\"https:\/\/devblogs.nvidia.com\/combating-adversarial-attacks-barrage-random-transforms\/\">Steven Forsyth's wonderful post on the NVIDIA research blog about our paper<\/a>.<\/p>\n\n\n\n<p>Steven does a fantastic job of describing our work, so head over there to see what he has to say. I couldn't resist putting a post of my own because (a) I love this video we created...<\/p>\n\n\n\n<iframe loading=\"lazy\" src=\"https:\/\/player.vimeo.com\/video\/340528216\" width=\"640\" height=\"640\" frameborder=\"0\" allow=\"autoplay; fullscreen\" allowfullscreen><\/iframe>\n\n\n\n<p>...and (b), Steven left out what I think was the most convincing result we had, which shows that BaRT achieves a Top-1 accuracy on ImageNet that is higher than the Top-5 accuracy of the previous state-of-the-art defense, Adversarial Training.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1048\" height=\"966\" src=\"https:\/\/i1.wp.com\/www.jsylvest.com\/blog\/wp-content\/uploads\/2019\/06\/main-figure0.png?fit=960%2C885\" alt=\"A result from our paper, showing accuracy for varying adversarial distances.\" class=\"wp-image-1566\" srcset=\"https:\/\/i0.wp.com\/www.jsylvest.com\/blog\/wp-content\/uploads\/2019\/06\/main-figure0.png?w=1048&amp;ssl=1 1048w, https:\/\/i0.wp.com\/www.jsylvest.com\/blog\/wp-content\/uploads\/2019\/06\/main-figure0.png?resize=300%2C277&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jsylvest.com\/blog\/wp-content\/uploads\/2019\/06\/main-figure0.png?resize=768%2C708&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jsylvest.com\/blog\/wp-content\/uploads\/2019\/06\/main-figure0.png?resize=1024%2C944&amp;ssl=1 1024w\" sizes=\"auto, (max-width: 960px) 100vw, 960px\" \/><figcaption>Accuracy of BaRT under attack by PGD for varying adversarial distances, compared to the previous state-of-the-art.<\/figcaption><\/figure>\n\n\n\n<p>Also, (c) I am <em>very<\/em> proud of this work. It's been an idea I've been batting around for almost three years now, and I finally got approval from my client to pursue it last year. It turns out it works exactly how I expected, and I can honestly say that this is the first \u2014 and probably only \u2014 time in my scientific career that has ever happened.<\/p>\n\n\n\n<p>If you want a copy of <a href=\"http:\/\/www.jsylvest.com\/bart\/BaRT_Barrage_of_Random_Transforms_for_Adversarially_Robust_Defense.pdf\">the paper<\/a>, complete with some code in the appendices, ((Our hands are somewhat tied releasing the full code due to the nature of our client relationship with the wonderful Laboratory for Physical Sciences, who funded this work.)) our poster, and the slides for our oral presentation you can find it on <a href=\"http:\/\/www.jsylvest.com\/bart\/\">the BaRT page I slapped together on my website<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This week I'm at CVPR \u2014 the IEEE's Computer Vision and Pattern Recognition Conference, which is a huge AI event. I'm currently rehearsing the timing of my talk one last time, but I wanted to take a minute between run-throughs &hellip; <a href=\"https:\/\/www.jsylvest.com\/blog\/2019\/06\/bart-barrage-of-random-transforms-for-adversarially-robust-defense\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1571,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[10],"tags":[17,24,3,40,38,20],"class_list":["post-1564","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cs","tag-academia","tag-ai","tag-computer-science","tag-ml","tag-neural-nets","tag-science","wpautop"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.jsylvest.com\/blog\/wp-content\/uploads\/2019\/06\/img1_trans05_0000_crop.png?fit=436%2C436&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3sddF-pe","jetpack-related-posts":[{"id":1500,"url":"https:\/\/www.jsylvest.com\/blog\/2019\/04\/chollet-on-ai\/","url_meta":{"origin":1564,"position":0},"title":"Chollet on AI","author":"jsylvest","date":"25 April 2019","format":"aside","excerpt":"AI is all about getting rid of the part where you code up solutions, and going straight to the part where you code up problems.\u2014Fran\u00e7ois Chollet On net, this is probably not a good description of what AI is \u2014 and I'd like to post more about why soon \u2014\u2026","rel":"","context":"In &quot;Quotes&quot;","block_context":{"text":"Quotes","link":"https:\/\/www.jsylvest.com\/blog\/category\/quotes\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1126,"url":"https:\/\/www.jsylvest.com\/blog\/2017\/11\/ais-one-trick-pony-has-a-hell-of-a-trick\/","url_meta":{"origin":1564,"position":1},"title":"AI's \"one trick pony\" has a hell of a trick","author":"jsylvest","date":"10 November 2017","format":false,"excerpt":"The MIT Technology Review has a recent article by James Somers about error backpropagation, \"Is AI Riding a One-Trick Pony?\" Overall, I agree with the message in the article. We need to keep thinking of new paradigms because the SotA right now is very useful, but not correct in any\u2026","rel":"","context":"In &quot;CS \/ Science \/ Tech \/ Coding&quot;","block_context":{"text":"CS \/ Science \/ Tech \/ Coding","link":"https:\/\/www.jsylvest.com\/blog\/category\/cs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1124,"url":"https:\/\/www.jsylvest.com\/blog\/2017\/10\/national-ai-strategy\/","url_meta":{"origin":1564,"position":2},"title":"National AI Strategy","author":"jsylvest","date":"9 October 2017","format":false,"excerpt":"Some of my co-workers published a sponsored piece in the Atlantic calling for a national AI strategy,\u00a0which was tied in to\u00a0some discussions at the\u00a0Washington Ideas event. I'm 100% on board with the US having a strategy, but I want to offer one caveat: \"comprehensive national strategies\" are susceptible to becoming\u2026","rel":"","context":"In &quot;Business \/ Economics&quot;","block_context":{"text":"Business \/ Economics","link":"https:\/\/www.jsylvest.com\/blog\/category\/business-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":403,"url":"https:\/\/www.jsylvest.com\/blog\/2013\/05\/pi\/","url_meta":{"origin":1564,"position":3},"title":"Pi","author":"jsylvest","date":"9 May 2013","format":false,"excerpt":"The Economist :: Babbage Blog :: Humble Pi The Raspberry Pi is the brainchild of a couple of computer scientists at Cambridge University. Back in 2006, they lamented the decline in programming skills among applicants for computer-science courses. ... Over the past ten years, computer-science students have gone from arriving\u2026","rel":"","context":"In &quot;CS \/ Science \/ Tech \/ Coding&quot;","block_context":{"text":"CS \/ Science \/ Tech \/ Coding","link":"https:\/\/www.jsylvest.com\/blog\/category\/cs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1098,"url":"https:\/\/www.jsylvest.com\/blog\/2018\/07\/hume-on-knowledge\/","url_meta":{"origin":1564,"position":4},"title":"Hume on Knowledge","author":"jsylvest","date":"1 July 2018","format":"aside","excerpt":"All knowledge degenerates into probability. \u2014 David Hume, \"A Treatise on Human Nature,\" \u00a7IV.1","rel":"","context":"In &quot;Quotes&quot;","block_context":{"text":"Quotes","link":"https:\/\/www.jsylvest.com\/blog\/category\/quotes\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1335,"url":"https:\/\/www.jsylvest.com\/blog\/2019\/04\/book-list-2019q1\/","url_meta":{"origin":1564,"position":5},"title":"Book List: 2019Q1","author":"jsylvest","date":"25 April 2019","format":false,"excerpt":"I think I did less reading this quarter than at any point since I beat dyslexia. Certainly less than any point since I started keeping track in 2011, and that includes the period when I finished my dissertation and had two kids. I'm teaching a course at a local college\u2026","rel":"","context":"In &quot;Book List&quot;","block_context":{"text":"Book List","link":"https:\/\/www.jsylvest.com\/blog\/category\/book-list\/"},"img":{"alt_text":"Cover of \"The Relaxed Mind\" by Dza Kilung","src":"https:\/\/i0.wp.com\/www.jsylvest.com\/blog\/wp-content\/uploads\/2019\/04\/cover-relaxed-mind-194x300.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/posts\/1564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/comments?post=1564"}],"version-history":[{"count":6,"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/posts\/1564\/revisions"}],"predecessor-version":[{"id":1572,"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/posts\/1564\/revisions\/1572"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/media\/1571"}],"wp:attachment":[{"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/media?parent=1564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/categories?post=1564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jsylvest.com\/blog\/wp-json\/wp\/v2\/tags?post=1564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}