*bldg. 2 NO.102/ 16:00~
Topics in ML research – security and uncertainty
Biography
ABSTRACT
Machine learning is finally starting to work! Its application areas now span large-scale recognition (e.g. image search, cloud photo organizer), recommendations (e.g. Netflix), personal assistants (e.g. Clova), and biometrics (e.g. unlocking phones with face capture), to name a few. Despite apparent breakthroughs, there are certain hurdles that need to be overcome before more widespread application of the technology – namely security and uncertainty aspects of machine learning, among others. The talk will introduce two prior works on respective topics.
Security. ML models are expensive intellectual properties: a massive amount of labelled data is needed for training deep neural networks and huge amount of GPU-hours are put into engineering good hyperparameters. What if a deployed model (from Naver or Google let’s say) can be copied locally and re-sold? To first understand the threat, we need to examine a threat model. I will talk about my prior work on building an adversarial system that can extract hyperparameters just by querying the model and observing corresponding outputs. [1]
Uncertainty. ML models tend to be confident even on types of inputs that were never presented during training (e.g. random noise) – this property aggravates the reliability of deployed models. Can a model be trained to be less confident on uncertain inputs? I will talk about my recent work on training instance embedding models (used e.g. for image retrieval) that are equipped with probabilistic estimates of input uncertainties. [2]
I will also talk a bit on other research areas we are looking into at Clova, such as ML robustness. Future research directions will be discussed throughout the talk.
[1] Towards Reverse-Engineering Black-Box Neural Networks, ICLR’18.
[2] Modeling Uncertainty with Hedged Instance Embeddings, ICLR’19.
[3] CutMix: Regularization Strategy to Train Strong Classifiers with Localizable Features, arXiv’19.