26 March 2021
Guido Sanguinetti (SISSA, Trieste, Italy): Robustness and interpretability of Bayesian neural networks
- Deep neural networks have surprised the world in the last decade with their successes in a number of difficult machine learning tasks. However, while their successes are now part of everyday life, DNNs also exhibit some profound weaknesses: chief amongst them, in my opinion, their black box nature and brittleness under adversarial attacks. In this talk, I will discuss a geometric perspective which sheds light on the origins of their vulnerability under adversarial attack, and has also considerable implications for their interpretability. I will also show how a Bayesian treatment of DNNs provably avoids adversarial weaknesses, and improves interpretability (in a saliency context).
Refs: Carbone et al, NeurIPS 2020
https://arxiv.org/abs/2002.04359 Carbone et al, under review, https://arxiv.org/abs/2102.11010