Robustness of 3D Deep Learning in an Adversarial Setting

Understanding the spatial arrangement and nature of real-world objects is of paramount importance to many complex engineering tasks, including autonomous navigation. Deep learning has revolutionized state-of-the-art performance for tasks in 3D environments; however, relatively little is known about the robustness of these approaches in an adversarial setting. The lack of comprehensive analysis makes it difficult to justify deployment of 3D deep learning models in real-world, safety-critical applications. In this work, we develop an algorithm for analysis of pointwise robustness of neural networks that operate on 3D data. We show that current approaches presented for understanding the resilience of state-of-the-art models vastly overestimate their robustness. We then use our algorithm to evaluate an array of state-of-the-art models in order to demonstrate their vulnerability to occlusion attacks. We show that, in the worst case, these networks can be reduced to 0% classification accuracy after the occlusion of at most 6.5% of the occupied input space.Comment: 10 pages, 8 figures, 1 tabl

Certification of Distributional Individual Fairness

Providing formal guarantees of algorithmic fairness is of paramount importance to socially responsible deployment of machine learning algorithms. In this work, we study formal guarantees, i.e., certificates, for individual fairness (IF) of neural networks. We start by introducing a novel convex approximation of IF constraints that exponentially decreases the computational cost of providing formal guarantees of local individual fairness. We highlight that prior methods are constrained by their focus on global IF certification and can therefore only scale to models with a few dozen hidden neurons, thus limiting their practical impact. We propose to certify distributional individual fairness which ensures that for a given empirical distribution and all distributions within a $\gamma$-Wasserstein ball, the neural network has guaranteed individually fair predictions. Leveraging developments in quasi-convex optimization, we provide novel and efficient certified bounds on distributional individual fairness and show that our method allows us to certify and regularize neural networks that are several orders of magnitude larger than those considered by prior works. Moreover, we study real-world distribution shifts and find our bounds to be a scalable, practical, and sound source of IF guarantees.Comment: 21 Pages, Neural Information Processing Systems 202

Emergent Linguistic Structures in Neural Networks are Fragile

Large Language Models (LLMs) have been reported to have strong performance on natural language processing tasks. However, performance metrics such as accuracy do not measure the quality of the model in terms of its ability to robustly represent complex linguistic structure. In this paper, focusing on the ability of language models to represent syntax, we propose a framework to assess the consistency and robustness of linguistic representations. To this end, we introduce measures of robustness of neural network models that leverage recent advances in extracting linguistic constructs from LLMs via probing tasks, i.e., simple tasks used to extract meaningful information about a single facet of a language model, such as syntax reconstruction and root identification. Empirically, we study the performance of four LLMs across six different corpora on the proposed robustness measures by analysing their performance and robustness with respect to syntax-preserving perturbations. We provide evidence that context-free representation (e.g., GloVe) are in some cases competitive with context-dependent representations from modern LLMs (e.g., BERT), yet equally brittle to syntax-preserving perturbations. Our key observation is that emergent syntactic representations in neural networks are brittle. We make the code, trained models and logs available to the community as a contribution to the debate about the capabilities of LLMs

Probabilistic Safety for Bayesian Neural Networks

We study probabilistic safety for Bayesian Neural Networks (BNNs) under adversarial input perturbations. Given a compact set of input points, $T \subseteq \mathbb{R}^m$, we study the probability w.r.t. the BNN posterior that all the points in $T$ are mapped to the same region $S$ in the output space. In particular, this can be used to evaluate the probability that a network sampled from the BNN is vulnerable to adversarial attacks. We rely on relaxation techniques from non-convex optimization to develop a method for computing a lower bound on probabilistic safety for BNNs, deriving explicit procedures for the case of interval and linear function propagation techniques. We apply our methods to BNNs trained on a regression task, airborne collision avoidance, and MNIST, empirically showing that our approach allows one to certify probabilistic safety of BNNs with millions of parameters.Comment: UAI 2020; 13 pages, 5 figures, 1 tabl

Individual Fairness in Bayesian Neural Networks

We study Individual Fairness (IF) for Bayesian neural networks (BNNs). Specifically, we consider the $\epsilon$-$\delta$-individual fairness notion, which requires that, for any pair of input points that are $\epsilon$-similar according to a given similarity metrics, the output of the BNN is within a given tolerance $\delta>0.$ We leverage bounds on statistical sampling over the input space and the relationship between adversarial robustness and individual fairness to derive a framework for the systematic estimation of $\epsilon$-$\delta$-IF, designing Fair-FGSM and Fair-PGD as global,fairness-aware extensions to gradient-based attacks for BNNs. We empirically study IF of a variety of approximately inferred BNNs with different architectures on fairness benchmarks, and compare against deterministic models learnt using frequentist techniques. Interestingly, we find that BNNs trained by means of approximate Bayesian inference consistently tend to be markedly more individually fair than their deterministic counterparts

Adversarial Robustness Certification for Bayesian Neural Networks

We study the problem of certifying the robustness of Bayesian neural networks (BNNs) to adversarial input perturbations. Given a compact set of input points $T \subseteq \mathbb{R}^m$ and a set of output points $S \subseteq \mathbb{R}^n$, we define two notions of robustness for BNNs in an adversarial setting: probabilistic robustness and decision robustness. Probabilistic robustness is the probability that for all points in $T$ the output of a BNN sampled from the posterior is in $S$. On the other hand, decision robustness considers the optimal decision of a BNN and checks if for all points in $T$ the optimal decision of the BNN for a given loss function lies within the output set $S$. Although exact computation of these robustness properties is challenging due to the probabilistic and non-convex nature of BNNs, we present a unified computational framework for efficiently and formally bounding them. Our approach is based on weight interval sampling, integration, and bound propagation techniques, and can be applied to BNNs with a large number of parameters, and independently of the (approximate) inference method employed to train the BNN. We evaluate the effectiveness of our methods on various regression and classification tasks, including an industrial regression benchmark, MNIST, traffic sign recognition, and airborne collision avoidance, and demonstrate that our approach enables certification of robustness and uncertainty of BNN predictions

University of Mississippi Archaeology Showcase

Presentations about current research by UM archaeology professors and students. 4:30 WELCOME 4:35-4:45 “NEW CLOTHES FOR A HERO: HERAKLES AND GREEK IDENTITY AT ANCIENT OLYMPIA” Dr. Aileen Ajootian Professor of Classics and Art, Department of Classics 4:50-5:00 “WALKING THROUGH THE PAST: AN ARCHAEOLOGICAL INVESTIGATION OF 6000 YEARS OF PREHISTORY IN THE HEART OF BAVARIA, GERMANY” Dr. Matthew Murray Associate Professor of Anthropology, Department of Sociology and Anthropology 5:05-5:15 LINE DRAWINGS AND THE STUDY OF CAMPANIAN GRAFFITI Dr. Jacqueline DiBiasie-Sammons Assistant Professor, Department of Classics 5:20– 5:30 CERAMIC ANALYSES FROM 2019 EXCAVATIONS AT THE ELY MOUND, LEE COUNTY, VIRGINIA Shannon Wooten Graduate Student, Department of Sociology and Anthropology 5:35 – 5:45 “THE MATERIALITY AND SENSORY EFFECTS OF SCANDINAVIAN GOLD JEWELRY Dr. Nancy Wicker Professor of Art History, Chair, The Department of Art and Art History 5:50 – 6:00 FROM COLLECTING TO CURATING: ORGANIZING A CENTURY OF LEGACY COLLECTIONS Dr. Tony Boudreaux and Dr. Maureen Meyers Associate Professors of Anthropology, Department of Sociology and Anthropology CLOSING REMARKShttps://egrove.olemiss.edu/classics_lectures/1008/thumbnail.jp

Review Essay—Summarizing Eisenhower

Eisenhower: Soldier-Statesman of the American Century ; Dwight D. Eisenhower ; Eisenhower between the Wars: The Making of a General Statesma

Xeroderma Pigmentosum Group C Deficiency Alters Cigarette Smoke DNA Damage Cell Fate and Accelerates Emphysema Development

Cigarette smoke (CS) exposure is a major risk factor for the development of emphysema, a common disease characterized by loss of cells comprising the lung parenchyma. The mechanisms of cell injury leading to emphysema are not completely understood but are thought to involve persistent cytotoxic or mutagenic DNA damage induced by CS. Using complementary cell culture and mouse models of CS exposure, we investigated the role of the DNA repair protein, xeroderma pigmentosum group C (XPC), on CS-induced DNA damage repair and emphysema. Expression of XPC was decreased in mouse lungs after chronic CS exposure and XPC knockdown in cultured human lung epithelial cells decreased their survival after CS exposure due to activation of the intrinsic apoptosis pathway. Similarly, cell autophagy and apoptosis were increased in XPC-deficient mouse lungs and were further increased by CS exposure. XPC deficiency was associated with structural and functional changes characteristic of emphysema, which were worsened by age, similar to levels observed with chronic CS exposure. Taken together, these findings suggest that repair of DNA damage by XPC plays an important and previously unrecognized role in the maintenance of alveolar structures. These findings support that loss of XPC, possibly due to chronic CS exposure, promotes emphysema development and further supports a link between DNA damage, impaired DNA repair, and development of emphysema