While deep neural networks have been very successfully employed in classification problems, their stability properties remain still unclear. In particular, the presence of adversarial examples has demonstrated that state-of-the-art networks are vulnerable to small perturbations in the data. This course serves as an introduction to adversarial attacks and defenses for deep neural nework algorithms.
Lernziel
1. Theory: in this course, we will discuss the trade-off between accuracy and stability of classification algorithms and study the state-of-the-art for robust image classification, adversarial attacks and adversarial training. 2. Practice: students will train and attack deep neural networks themselves, to get a hands-on experience.
Voraussetzungen / Besonderes
Courses on linear algebra, optimization and machine learning. Basic programming skills in Python and experience with PyTorch.