Skip navigation
Please use this identifier to cite or link to this item: http://arks.princeton.edu/ark:/99999/fk4hh80j8r
Full metadata record
DC FieldValueLanguage
dc.contributor.advisorE, Weinan
dc.contributor.authorBao, Ruying
dc.contributor.otherApplied and Computational Mathematics Department
dc.date.accessioned2021-10-04T13:24:48Z-
dc.date.available2021-10-04T13:24:48Z-
dc.date.created2021-01-01
dc.date.issued2021
dc.identifier.urihttp://arks.princeton.edu/ark:/99999/fk4hh80j8r-
dc.description.abstractDeep neural networks are widely used in signal processing from a broad range of areas due to their good performances, including computer vision, natural language processing, automatic driving, and so on. However, people notice that neural networks are easily fooled by adversarial attacks and very sensitive to certain data-related scenarios, such as imbalanced classes and outliers. In this thesis, we focus on enhancing model robustness of deep neural networks from different data distributions.In the first part, we focus on datasets whose distributions are biased naturally, from data collection or the nature of data. We define novel information-entropy-based classification loss functions (entropy weight and entropy noise) to distinguish the difficulty of each sample prediction by either weighting or introducing stochastic noise on top of the cross entropy loss. To evaluate the effectiveness of each loss function, we test the new loss functions on crafted noisy and imbalanced datasets based on MNIST. To illustrate their effectiveness in real scenarios, we show improvements on tasks including computer vision and natural language understanding, compared to the corresponding state of the art (SOTA) models. The results show that models trained with entropy-based loss functions surpass the SOTA models. Deep neural networks have also been demonstrated to be vulnerable to adversarial attacks, where small perturbations intentionally added to the original inputs can fool the classifier. In the second part, we propose Path-Norm regularization to improve robustness of neural networks against adversarial attacks in various Lp norms. By adding Path-Norm regularization, models achieve comparable performance as the SOTA defense methods, and outperform SOTA methods when attacks and training samples are from different Lp spaces. We also introduce Featurized Bidirectional Generative Adversarial Networks (FBGAN), which extracts semantic features of inputs and filters the non-semantic perturbations. FBGAN is pre-trained on clean datasets in an unsupervised manner, adversarially learning a bidirectional mapping between the high-dimensional data space and the low-dimensional semantic space. After the bidirectional mapping, the adversarial data can be reconstructed to denoised data, which could be fed into any pre-trained classifier. We empirically show the quality of reconstruction images and the effectiveness of defense.
dc.format.mimetypeapplication/pdf
dc.language.isoen
dc.publisherPrinceton, NJ : Princeton University
dc.relation.isformatofThe Mudd Manuscript Library retains one bound copy of each dissertation. Search for these copies in the library's main catalog: <a href=http://catalog.princeton.edu>catalog.princeton.edu</a>
dc.subjectAdversarial Defense Methods
dc.subjectDeep Learning
dc.subjectEntropy-based objective functions
dc.subjectGenerative Model
dc.subjectReconstructive Defense Methods
dc.subjectRegularizing Neural Networks
dc.subject.classificationApplied mathematics
dc.subject.classificationComputer science
dc.titleTowards Robust Models in Deep Learning: Regularizing Neural Networks and Generative Models
dc.typeAcademic dissertations (Ph.D.)
pu.date.classyear2021
pu.departmentApplied and Computational Mathematics
Appears in Collections:Applied and Computational Mathematics

Files in This Item:
File SizeFormat 
Bao_princeton_0181D_13702.pdf12.98 MBAdobe PDFView/Download


Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.