737 research outputs found
Spectral Signatures in Backdoor Attacks
A recent line of work has uncovered a new form of data poisoning: so-called
\emph{backdoor} attacks. These attacks are particularly dangerous because they
do not affect a network's behavior on typical, benign data. Rather, the network
only deviates from its expected output when triggered by a perturbation planted
by an adversary.
In this paper, we identify a new property of all known backdoor attacks,
which we call \emph{spectral signatures}. This property allows us to utilize
tools from robust statistics to thwart the attacks. We demonstrate the efficacy
of these signatures in detecting and removing poisoned examples on real image
sets and state of the art neural network architectures. We believe that
understanding spectral signatures is a crucial first step towards designing ML
systems secure against such backdoor attacksComment: 16 pages, accepted to NIPS 201
Adversarially Learned Anomaly Detection on CMS Open Data: re-discovering the top quark
We apply an Adversarially Learned Anomaly Detection (ALAD) algorithm to the
problem of detecting new physics processes in proton-proton collisions at the
Large Hadron Collider. Anomaly detection based on ALAD matches performances
reached by Variational Autoencoders, with a substantial improvement in some
cases. Training the ALAD algorithm on 4.4 fb-1 of 8 TeV CMS Open Data, we show
how a data-driven anomaly detection and characterization would work in real
life, re-discovering the top quark by identifying the main features of the
t-tbar experimental signature at the LHC.Comment: 16 pages, 9 figure
- …