Chen Pin-Yu - Adversarial Robustness for Machine Learning

First edition

Pin-Yu Chen

IBM Research, Yorktown Heights, NY, United States

Cho-Jui Hsieh

University of California, Los Angeles, Los Angeles, CA, United States

1. Tables in Chapter 1
2. Tables in Chapter 2
3. Tables in Chapter 3
4. Tables in Chapter 4
5. Tables in Chapter 5
6. Tables in Chapter 6
7. Tables in Chapter 10
8. Tables in Chapter 14
9. Tables in Chapter 15
10. Tables in Chapter 16
11. Tables in Chapter 17
12. Tables in Chapter 18
13. Tables in Chapter 20
14. Tables in Chapter 21

1. Figures in Chapter 1
2. Figures in Chapter 2
3. Figures in Chapter 3
4. Figures in Chapter 4
5. Figures in Chapter 5
6. Figures in Chapter 6
7. Figures in Chapter 7
8. Figures in Chapter 8
9. Figures in Chapter 9
10. Figures in Chapter 10
11. Figures in Chapter 12
12. Figures in Chapter 13
13. Figures in Chapter 15
14. Figures in Chapter 16
15. Figures in Chapter 17
16. Figures in Chapter 18
17. Figures in Chapter 19
18. Figures in Chapter 20
19. Figures in Chapter 21

Part 1: Preliminaries

Outline

Part 2: Adversarial attack

Outline

Part 3: Robustness verification

Outline

Part 4: Adversarial defense

Outline

Part 5: Applications beyond attack and defense

Outline

Academic Press is an imprint of Elsevier

125 London Wall, London EC2Y 5AS, United Kingdom

525 B Street, Suite 1650, San Diego, CA 92101, United States

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

The Boulevard, Langford Lane, Kidlington, Oxford OX5 1GB, United Kingdom

Copyright 2023 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher's permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

ISBN: 978-0-12-824020-5

For information on all Academic Press publications visit our website at https://www.elsevier.com/books-and-journals

Publisher: Mara E. Conner

Acquisitions Editor: Tim Pitts

Editorial Project Manager: Sara Greco

Production Project Manager: Nirmala Arumugam

Cover Designer: Christian J. Bilbow

Typeset by VTeX

We would like to give our sincerest gratitude to our colleagues, collaborators, the research community, and our beloved family members and friends for their continuous support and contributions.

The first version of this book was prepared and written during the COVID-19 pandemic period (20202022).

May the adversarial be abated, and the good be elevated.

Dr. Pin-Yu Chen is currently a principal research staff member at IBM Thomas J. Watson Research Center, Yorktown Heights, NY, USA. He is also the chief scientist of RPI-IBM AI Research Collaboration and PI of ongoing MIT-IBM Watson AI Lab projects. Dr. Chen received his Ph.D. degree in electrical engineering and computer science and M.A. degree in Statistics from the University of Michigan, Ann Arbor, USA, in 2016. He received his M.S. degree in communication engineering from National Taiwan University, Taiwan, in 2011 and B.S. degree in electrical engineering and computer science (undergraduate honors program) from National Chiao Tung University, Taiwan, in 2009. Dr. Chen's recent research focuses on adversarial machine learning and robustness of neural networks. His long-term research vision is building trustworthy machine learning systems. He has published more than 40 papers related to trustworthy machine learning at major AI and machine learning conferences, given tutorials at AAAI'22, IJCAI'21, CVPR('20,'21), ECCV'20, ICASSP'20, KDD'19, and Big Data'18, and organized several workshops for adversarial machine learning. His research interest also includes graph and network data analytics and their applications to data mining, machine learning, signal processing, and cybersecurity. He was the recipient of the Chia-Lun Lo Fellowship from the University of Michigan Ann Arbor. He was also the recipient of the IEEE GLOBECOM 2010 GOLD Best Paper Award. At IBM Research, Dr. Chen has coinvented more than 30 U.S. patents and received the honor of IBM Master Inventor. In 2021, he received an IBM Corporate Technical Award for his contributions to trustworthy machine learning. More details about him can be found at www.pinyuchen.com.

Dr. Cho-Jui Hsieh is currently an assistant professor of Computer Science at University of California, Los Angeles. He received his Ph.D. degree in computer science from the University of Texas at Austin in 2015. He received his M.S. and B.S. degrees in computer science and information engineering from National Taiwan University in 2009 and 2007, respectively. His main research focuses on developing efficient, reliable and automatic machine learning algorithms. His work has received best/outstanding paper awards at KDD'10, ICDM'12, ICPP'18, ICLR'21 as well as three other paper award finalists. He was the recipient of NSF Career Award, Samsung AI Researcher of the Year, and several other research awards from Google, Intel, and Facebook. Further, his algorithms have been implemented in widely used machine learning libraries such as LIBLINEAR, scikit-learn, Pytorch, Tensorflow, DGL. The verification toolbox developed by his team won the 2021 VNN-Comp (International Verification of Neural Network Competition). His optimization algorithms have been chosen by the MLPerf as default solver for large-batch training tasks (e.g., BERT) and have been widely used in industry.