Robustness of Machine Learning Models Beyond Adversarial Attacks

Correctly quantifying the robustness of machine learning models is a central aspect in judging their suitability for specific tasks, and thus, ultimately, for generating trust in the models. We show that the widely used concept of adversarial robustness and closely related metrics based on counterfactuals are not necessarily valid metrics for determining the robustness of ML models against perturbations that occur "naturally", outside specific adversarial attack scenarios. Additionally, we argue that generic robustness metrics in principle are insufficient for determining real-world-robustness. Instead we propose a flexible approach that models possible perturbations in input data individually for each application. This is then combined with a probabilistic approach that computes the likelihood that a real-world perturbation will change a prediction, thus giving quantitative information of the robustness of the trained machine learning model. The method does not require access to the internals of the classifier and thus in principle works for any black-box model. It is, however, based on Monte-Carlo sampling and thus only suited for input spaces with small dimensions. We illustrate our approach on two dataset, as well as on analytically solvable cases. Finally, we discuss ideas on how real-world robustness could be computed or estimated in high-dimensional input spaces.Comment: 25 pages, 7 figure

Recent Advances of Differential Privacy in Centralized Deep Learning: A Systematic Survey

Differential Privacy has become a widely popular method for data protection in machine learning, especially since it allows formulating strict mathematical privacy guarantees. This survey provides an overview of the state-of-the-art of differentially private centralized deep learning, thorough analyses of recent advances and open problems, as well as a discussion of potential future developments in the field. Based on a systematic literature review, the following topics are addressed: auditing and evaluation methods for private models, improvements of privacy-utility trade-offs, protection against a broad range of threats and attacks, differentially private generative models, and emerging application domains.Comment: 35 pages, 2 figure

High-resolution surface plasmon imaging of gold nanoparticles by energy-filtered transmission electron microscopy

We demonstrate the imaging capabilities of energy-filtered transmission electron microscopy at high-energy resolution in the low-energy-loss region, reporting the direct image of a surface plasmon of an elongated gold nanoparticle at energies around 1 eV. Using complimentary model calculations performed within the boundary element method approach we can assign the observed results to the plasmon eigenmodes of the metallic nanoparticle

MNPBEM - A Matlab toolbox for the simulation of plasmonic nanoparticles

MNPBEM is a Matlab toolbox for the simulation of metallic nanoparticles (MNP), using a boundary element method (BEM) approach. The main purpose of the toolbox is to solve Maxwell's equations for a dielectric environment where bodies with homogeneous and isotropic dielectric functions are separated by abrupt interfaces. Although the approach is in principle suited for arbitrary body sizes and photon energies, it is tested (and probably works best) for metallic nanoparticles with sizes ranging from a few to a few hundreds of nanometers, and for frequencies in the optical and near-infrared regime. The toolbox has been implemented with Matlab classes. These classes can be easily combined, which has the advantage that one can adapt the simulation programs flexibly for various applications.Comment: to appear in Comp. Phys. Commun.; see also http://physik.uni-graz.at/~uxh/mnpbem/mnpbem.htm

Optical properties of metallic nanoparticles: basic principles and simulation

This book introduces the fascinating world of plasmonics and physics at the nanoscale, with a focus on simulations and the theoretical aspects of optics and nanotechnology. A research field with numerous applications, plasmonics bridges the gap between the micrometer length scale of light and the secrets of the nanoworld. This is achieved by binding light to charge density oscillations of metallic nanostructures, so-called surface plasmons, which allow electromagnetic radiation to be focussed down to spots as small as a few nanometers. The book is a snapshot of recent and ongoing research and at the same time outlines our present understanding of the optical properties of metallic nanoparticles, ranging from the tunability of plasmonic resonances to the ultrafast dynamics of light-matter interaction. Beginning with a gentle introduction that highlights the basics of plasmonic interactions and plasmon imaging, the author then presents a suitable theoretical framework for the description of metallic nanostructures. This model based on this framework is first solved analytically for simple systems, and subsequently through numerical simulations for more general cases where, for example, surface roughness, nonlinear and nonlocal effects or metamaterials are investigated

Optical excitations of hybrid metal-semiconductor nanoparticles

We theoretically investigate Coulomb coupling effects in hybrid metal-semiconductor nanostructures, whose optical response is governed by plasmonic and excitonic effects (plexcitons). The plasmonic response of the nanoparticle is modeled within the framework of Maxwell’s equations, using a suitable dielectric function for the metal, and the excitonic response is described through the Schrödinger equation and the semiconductor Bloch equations. Our approach accounts for the quantum confinement of carriers in the semiconductor, for static screening in the formation of the exciton, and for a dynamic coupling between plasmons and excitons in the optical absorption or scattering. We apply our model to a prototypical CdS-based matchstick structure and investigate the importance of the various Coulomb coupling effects