A5050344371- Adversarial Robustness in Machine Learning
- Anomaly Detection Techniques and Applications
- Domain Adaptation and Few-Shot Learning
- Advanced Neural Network Applications
- Complex Network Analysis Techniques
- Advanced Graph Neural Networks
- Explainable Artificial Intelligence (XAI)
- Privacy-Preserving Technologies in Data
- Topic Modeling
- Stochastic Gradient Optimization Techniques
- Bacillus and Francisella bacterial research
- Multimodal Machine Learning Applications
- Opinion Dynamics and Social Influence
- Advanced Malware Detection Techniques
- Quantum Computing Algorithms and Architecture
- COVID-19 diagnosis using AI
- Neural Networks and Applications
- Machine Learning and ELM
- Natural Language Processing Techniques
- Machine Learning and Data Classification
- Opportunistic and Delay-Tolerant Networks
- Network Security and Intrusion Detection
- Generative Adversarial Networks and Image Synthesis
- Sparse and Compressive Sensing Techniques
- Machine Learning in Materials Science
IBM (United States)
2017-2025
National Yang Ming Chiao Tung University
2020-2025
National Taiwan University
2010-2024
Atrium Health Wake Forest Baptist
2024
IBM Research - Thomas J. Watson Research Center
2017-2024
University College London
2024
National Taiwan University Hospital
2024
I-Shou University
2023-2024
Fooyin University
2023-2024
American University
2024
Deep neural networks (DNNs) are one of the most prominent technologies our time, as they achieve state-of-the-art performance in many machine learning tasks, including but not limited to image classification, text mining, and speech processing. However, recent research on DNNs has indicated ever-increasing concern robustness adversarial examples, especially for security-critical tasks such traffic sign identification autonomous driving. Studies have unveiled vulnerability a well-trained DNN...
Recent studies have highlighted the vulnerability of deep neural networks (DNNs) to adversarial examples — a visually indistinguishable image can easily be crafted cause well-trained model misclassify. Existing methods for crafting are based on L2 and L∞ distortion metrics. However, despite fact that L1 accounts total variation encourages sparsity in perturbation, little has been developed L1-based examples. In this paper, we formulate process attacking DNNs via as an elastic-net regularized...
Recent studies have shown that adversarial examples in state-of-the-art image classifiers trained by deep neural networks (DNN) can be easily generated when the target model is transparent to an attacker, known as white-box setting. However, attacking a deployed machine learning service, one only acquire input-output correspondences of model; this so-called black-box attack The major drawback existing attacks need for excessive queries, which may give false sense robustness due inefficient...
Graph neural networks (GNNs) which apply the deep to graph data have achieved significant performance for task of semi-supervised node classification. However, only few work has addressed adversarial robustness GNNs. In this paper, we first present a novel gradient-based attack method that facilitates difficulty tackling discrete data. When comparing current attacks on GNNs, results show by perturbing small number edge perturbations, including addition and deletion, our optimization-based...
The state-of-the-art machine learning approaches are based on classical von Neumann computing architectures and have been widely used in many industrial academic domains. With the recent development of quantum computing, researchers tech-giants attempted new circuits for tasks. However, existing platforms hard to simulate deep models or problems because intractability circuits. Thus, it is necessary design feasible algorithms noisy intermediate scale (NISQ) devices. This work explores...
As artificial intelligence and machine learning algorithms make further inroads into society, calls are increasing from multiple stakeholders for these to explain their outputs. At the same time, stakeholders, whether they be affected citizens, government regulators, domain experts, or system developers, present different requirements explanations. Toward addressing needs, we introduce AI Explainability 360 (http://aix360.mybluemix.net/), an open-source software toolkit featuring eight...
The robustness of neural networks to adversarial examples has received great attention due security implications. Despite various attack approaches crafting visually imperceptible examples, little been developed towards a comprehensive measure robustness. In this paper, we provide theoretical justification for converting analysis into local Lipschitz constant estimation problem, and propose use the Extreme Value Theory efficient evaluation. Our yields novel metric called CLEVER, which is...
Finding minimum distortion of adversarial examples and thus certifying robustness in neural network classifiers for given data points is known to be a challenging problem. Nevertheless, recently it has been shown possible give non-trivial certified lower bound distortion, some recent progress made towards this direction by exploiting the piece-wise linear nature ReLU activations. However, generic certification general activation functions still remains largely unexplored. To address issue,...
Crafting adversarial examples has become an important technique to evaluate the robustness of deep neural networks (DNNs). However, most existing works focus on attacking image classification problem since its input space is continuous and output finite. In this paper, we study much more challenging crafting for sequence-to-sequence (seq2seq) models, whose inputs are discrete text strings outputs have almost infinite number possibilities. To address challenges caused by space, propose a...
In this paper we propose a novel method that provides contrastive explanations justifying the classification of an input by black box classifier such as deep neural network. Given find what should be %necessarily and minimally sufficiently present (viz. important object pixels in image) to justify its analogously necessarily \emph{absent} certain background pixels). We argue are natural for humans used commonly domains health care criminology. What is but critically part explanation, which...
Transformers, composed of multiple self-attention layers, hold strong promises toward a generic learning primitive applicable to different data modalities, including the recent breakthroughs in computer vision achieving state-of-the-art (SOTA) standard accuracy. What remains largely unexplored is their robustness evaluation and attribution. In this work, we study Vision Transformer (ViT) (Dosovitskiy et al. 2021) against common corruptions perturbations, distribution shifts, natural...
We study the problem of attacking a machine learning model in hard-label black-box setting, where no information is revealed except that attacker can make queries to probe corresponding decisions. This very challenging since direct extension state-of-the-art white-box attacks (e.g., CW or PGD) setting will require minimizing non-continuous step function, which combinatorial and cannot be solved by gradient-based optimizer. The only current approach based on random walk boundary, requires...
We propose a novel decentralized feature extraction approach in federated learning to address privacy-preservation issues for speech recognition. It is built upon quantum convolutional neural network (QCNN) composed of circuit encoder extraction, and recurrent (RNN) based end-to-end acoustic model (AM). To enhance parameter protection architecture, an input first up-streamed computing server extract Mel-spectrogram, the corresponding features are encoded using algorithm with random...
Time series forecasting holds significant importance in many real-world dynamic systems and has been extensively studied. Unlike natural language process (NLP) computer vision (CV), where a single large model can tackle multiple tasks, models for time are often specialized, necessitating distinct designs different tasks applications. While pre-trained foundation have made impressive strides NLP CV, their development domains constrained by data sparsity. Recent studies revealed that (LLMs)...
Large language models (LLMs), exemplified by ChatGPT, have gained considerable attention for their excellent natural processing capabilities. Nonetheless, these LLMs present many challenges, particularly in the realm of trustworthiness. Therefore, ensuring trustworthiness emerges as an important topic. This paper introduces TrustLLM, a comprehensive study LLMs, including principles different dimensions trustworthiness, established benchmark, evaluation, and analysis mainstream discussion...
The operations of a smart grid heavily rely on the support communication infrastructures for efficient electricity management and reliable power distribution. Due to strong dependency, robustness network against attack is utmost importance deployment grid. Notably, large scale autonomous features render its cyber security quite vulnerable adversaries. In this article, we introduce several intelligent attacks countermeasures in networks, which aim maximal damage or benefits by taking...
Verifying robustness of neural network classifiers has attracted great interests and attention due to the success deep networks their unexpected vulnerability adversarial perturbations. Although finding minimum distortion (with ReLU activations) been shown be an NP-complete problem, obtaining a non-trivial lower bound as provable guarantee is possible. However, most previous works only focused on simple fully-connected layers (multilayer perceptrons) were limited activations. This motivates...
Portfolio management (PM) is a fundamental financial planning task that aims to achieve investment goals such as maximal profits or minimal risks. Its decision process involves continuous derivation of valuable information from various data sources and sequential optimization, which prospective research direction for reinforcement learning (RL). In this paper, we propose SARL, novel State-Augmented RL framework PM. Our address two unique challenges in PM: (1) heterogeneity – the collected...