機械学習を"良く"使うには
•
1 like•7,834 views
This document summarizes research on generating adversarial examples to fool AI systems. It discusses 3 key papers: 1. Goodfellow et al. (2015) which introduced the concept of adversarial examples and showed they are common for deep learning models. 2. Carlini & Wagner (2018) which generated audio adversarial examples targeting speech recognition systems. They added imperceptible noise to audio to change the transcription. 3. Shafahi et al. (2019) which showed that adversarial examples may be inevitable for any classifier with enough capacity, including future more robust ones. Generating undetectable physical perturbations remains a challenge.
Recommended
More Related Content
More from Hiromu Yakura
More from Hiromu Yakura (20)
Recently uploaded
Recently uploaded (20)
機械学習を"良く"使うには
- 2. w ॴଐஜେֶത࢜લظ՝ఔ w /8(PPHMF1I%'FMMPXTIJQ w ࠷ۙͷझຯࣙԓͰ༡Ϳ w ͨ΄͍ݟग़͠ޠͷِͷҙຯΛߟ͑ͯὃ͠߹͏ήʔϜ w ʲ͜Γ͓ΒΜʳ ϥϯՊ২ͷҰͭɻ౦ೆΞδΞʹɻ ϕʔτʔϕϯͷۂָݭɻϑϥϯεͷఱจֶऀ Ֆ༄քͰɺͳ͔ͳ͔ؼΒͳ͍٬Λࢦ͢ޠɻ ઘڸՖʹΑΔখઆɻେਖ਼͔Βʰଠཅʱʹ࿈ࡌɻ w ୯७ʹؒͷݟग़͠ޠΛͯΔΫΠζͳͲָ͍͠ w ᅏ᳴ʢϋγϏϩίʣˠʓʓʓˠṟାʢ͠Ϳ͘Ζʣ ࣗݾհ !IJSPNV
- 3. w தֶʹೖͬͨͱ͖ʹϓϩάϥϛϯάΛ࢝ΊΔ w ॳɺٕڝϓϩάϥϛϯά-JOVYΧʔωϧͳͲʹ৮ΕΔɹ w ٕڝϓϩάϥϛϯάֶशࢧԉͷγεςϜ։ൃͰ தͷͱ͖ʹࠃͷະ౿ϓϩδΣΫτʹ࠾ w ߴߍͷؒηΩϡϦςΟʹͲͬΓ w $5'ͱݺΕΔίϯςετʹࢀՃͨ͠Γ w OESPJEͷηΩϡϦςΟΛ৮͍ͬͯΔ͏ͪʹ ւ֎ͷٕज़ຊͷमΛ͢Δ͜ͱʹͳͬͨΓ w େֶೖֶ͔ΒػցֶशͱώτͷؔΘΔྖҬͷڀݚ ུྺ %'$0/$5'
- 6. Robust Audio Adversarial Example for a Physical Attack Hiromu Yakura*†, Jun Sakuma*† * University of Tsukuba, Japan † RIKEN Center for Artificial Intelligence Project, Japan IJCAI 2020
- 7. എܠEWFSTBSJBMYBNQMFʹΑΔػցֶशͷ߈ܸ I. J. Goodfellow, et al. Explaining and harnessing adversarial examples. ICLR 2015. ͜͏͍ͬͨEWFSTBSJBMYBNQMFʹΑͬͯɺ ਓؒʹ͔ͮؾΕͣʹ*Λ༻͍ͨγεςϜΛѱ༻Ͱ͖Δ w σʔλʹҙਤతʹখ͞ͳϊΠζΛՃ͑Δ͜ͱͰɺ ػցֶशγεςϜΛؒҧΘͤΔ͜ͱ͕Ͱ͖Δ w ԼهͷྫͰɺը૾ྨγεςϜʹύϯμͷσʔλΛ ςφΨβϧͱೝࣝͤ͞Δ͜ͱ͕Ͱ͖Δ(PPEGFMMPX
- 8. എܠVEJPEWFSTBSJBMYBNQMFʹΑΔ߈ܸՄೳੑ N. Carlini, et al. Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. IEEE DLS 2018. w 4JSJͳͲͷԻΞγελϯτ (PPHMF)PNFͳͲͷεϚʔτεϐʔΧ͕ීٴ w EWFSTBSJBMYBNQMFʹΑͬͯɺώτʹ͔ͮؾΕΔ͜ͱͳ͘ ԻೝࣝσόΠεʹ໋ྩͰ͖ΔՄೳੑ͋Δ w ը૾ͷ߹ͱҟͳΓɺςϨϏϥδΦͰ֦ࢄ͢Ε େྔͷσόΠεΛಉ࣌ʹ߈ܸ͢Δ͜ͱ͕Ͱ͖Δ ԻೝࣝϞσϧը૾ೝࣝΑΓෳࡶͳͨΊ ϊΠζͷӨڹ͋Δ࣮ੈքͰͷ߈ܸ͍͠$BSMJOJ
- 10. Generate (non-software) Bugs to Fool Classifiers Hiromu Yakura*†, Youhei Akimoto*†, Jun Sakuma*† * University of Tsukuba, Japan † RIKEN Center for Artificial Intelligence Project, Japan AAAI 2020
- 11. ఏҊώτʹո͠·Εͳ͍ࣗಈӡసंͷ߈ܸ S. Chen, et al. Shapeshifter: Robust physical adversarial attack on faster RCNN object detector. ECML PKDD 2018. w EWFSTBSJBMYBNQMFࣗಈӡసंͷ߈ܸͷϦεΫ͋Δ w ʮࢭ·ΕʯΛʮʯͱޡೝࣝͤ͞Ε͢Δ͔ w ͰࠨͷྫͷΑ͏ͳ༷ͩͱ͕͢͞ʹਓؒͮ͘ؾ [Chen+, '18] Proposed w ಛʹɺӡసதʹͨ͑ݟಓ࿏ඪࣝʹի͕ࢭ·͍ͬͯͯ ଟ͘ͷਓ͍͋͠ͱࢥΘͳ͍ͣ իͷΑ͏ͳεςοΧʔͰػցֶशϞσϧΛὃ͢͜ͱͰ ώτʹҧײΛ࣋ͨͤͣʹѱ༻Ͱ͖ΔՄೳੑΛࣔͨ͠
- 13. YES + STOP YES ؒҧ͑Δ͜ͱΛલఏʹͨ͠ώτͱػցֶशͱͷؔ࡞Γ͕ඞཁ A. Shafahi, et al.: Are adversarial examples inevitable?. ICLR 2019.
- 16. J. R. Zech, et al.: Variable generalization performance of a deep learning model to detect pneumonia in chest radiographs. PLoS Medicine 15(e1002683). 2018.
- 17. FocusMusicRecommender: A System for Recommending Music to Listen to While Working Hiromu Yakura†, Tomoyasu Nakano‡, Masataka Goto‡ † University of Tsukuba, Japan ‡ AIST, Japan ACM IUI 2018
- 20. w ࡞ूʹۀத͢ΔʹඍົͳۂΛฉ͘΄͏͕Α͍ ػցֶशΛͬͯɺࣗʹͱͬͯඍົͳۂΛ୳ͯ͘͠ΕΔ ࡞༻ۀ#(.ָ͚ۂਪનγεςϜΛఏҊ R. Huang, et al.: Effects of background music on concentration of workers. Work 38(4). 2011. A. Londdale, et al.: Why do we listen to music? A uses and gratifications analysis. British Journal of Psychology 102(1). 2011.
- 21. ఏҊػցֶशΛ༻͍ͨ࡞༻ۀ#(.ਪનγεςϜ w ࠶ੜதͷεΩοϓ1$Ͱͷ࡞ۀϩάͱɺָۂͷԻڹใͰ ϢʔβͷᅂΛਪఆ͢ΔػցֶशϞσϧΛ࡞ w ࡞ۀதʹ༻͢ΔͨΊɺ໌ࣔతͳϑΟʔυόοΫͳ͠Ͱ Ϟσϧ͕͍ͯͬ͘ͳ͘ݡΠϯλϥΫγϣϯΛઃܭ Ұൠతͳָۂਪન ࡞༻ۀ#(.ͷਪન w ϢʔβͷϕετνϡʔϯΛ୳͢ w ඍົͳ͕ۂग़ͯ͘Δͱ ϢʔβΠϥοͱͯ͠͠·͏ w γεςϜͳ͠ͰɺࣗͰ ΞʔςΟετͳͲ͔Β୳ͤΔ w ͞Βͳͦ͞͏ͳۂΛ୳͢ w ଟগɺ͖ͳ͕ͯͬࠞ͟ۂ ผʹΠϥοͱ͠ͳ͍ w ͔͠ɺώτʹͱͬͯ ඍົͳۂΛ୳͢ͷ͍͠
- 22. Neural Malware Analysis with Attention Mechanism Hiromu Yakura*†, Shinnosuke Shinozaki*, Reon Nishimura*, Yoshihiro Oyama*, Jun Sakuma*† * University of Tsukuba, Japan † RIKEN Center for Artificial Intelligence Project, Japan ACM CODASPY 2018 / Computers and Security 2019
- 23. എܠϚϧΣΞͷڍಈղੳͷඞཁੑͱେม͞ w ใ࿙ӮͷௐࠪͰɺϚϧΣΞͷڍಈղੳ͕ඞཁͱͳΔ w ͲΜͳใ͕࿙Ε͔ͨΛͯ͢τϨʔεͤͶͳΒͳ͍ w ΞηϯϒϦΛߦ͍͔͚͍ͣͭͯ͘ඇৗʹେมͳ࡞ۀ σΟε ΞηϯϒϦ ਓखͰͷ ղੳ w ϚϧΣΞͷྨͱҟͳΓɺػցֶशͰͷࣗಈղੳ͍͠ w ͔͠ɺൈ͚͕͋ͬͯͳΒͳ͍ͷͰɺͲ͏ͯ͠ ઐՈ͕ղੳͨ͠ͱ͍͏୲อ͕ٻΊΒΕΔ ϚϧΣΞ ઐՈ Ͳ͜ʹͲΜͳใΛૹ͔ͬͨચ͍ग़͢
- 24. ఏҊػցֶशʹΑΔڍಈղੳͷώϯτఏڙ w ػցֶशʹΑΔࣗಈղੳΛࢦ͢ͷͰͳ͘ɺ ઐՈʹώϯτΛఏͯ͠ڙɺղੳΛޮԽ͢Δ w ϚϧΣΞͷྨख๏Λ֦ு͢Εɺ ػցֶशϞσϧ͕Ͳ͜ʹண͔ͨ͠ΛΔ͜ͱ͕Ͱ͖Δ w Ϟσϧ͕ண͔ͨ͠ΒղੳΛ࢝ΊΕ ޮతʹͦͷڍಈʹؔ࿈͢ΔՕॴΛḷΔ͜ͱ͕Ͱ͖Δ ྨͷࠜڌ ՕॴΛநग़ ղੳऀʹ ఏࣔ ࣗಈྨ Ϟσϧ ணͨ͠ՕॴΛϋΠϥΠτ ઐՈ ೖྗ ϚϧΣΞ
- 25. REsCUE: A framework for REal-time feedback on behavioral CUEs using multimodal anomaly detection Riku Arakawa† and Hiromu Yakura‡ (equal contribution) † The University of Tokyo, Japan ‡ University of Tsukuba, Japan ACM CHI 2019
- 26. എݱܠঢ়ͷձαϙʔτٕज़ͷݶք w ΧϯηϦϯάίʔνϯάͷձͰɺ ૬खͷඇޠݴγάφϧ͔ΒػඍΛಡΈऔΔ͜ͱ͕ٻΊΒΕΔ w ػցֶशΛ༻͍ͯձதͷಈ͖͔Β ૬खͷײΛಡΈऔΔͱ͍͏ख๏ఏҊ͞Ε͍ͯΔ w ͔͠͠ɺݱͰͦ͏ͨ͠ख๏͕ ʹཱͨͳ͍ͱݴΘΕΔ w ͦͦɺݸਓจ຺ʹΑͬͯ γάφϧͷҙຯ͕มΘͬͯ͘Δ w ͦͯ͠ײͱݧܦໃ६͢Δग़ྗΛ͢Δͱແࢹ͞Εͯ͠·͏ I. Damian, et al. Augmenting Social Interactions: Realtime Behavioural Feedback using Social Signal Processing Techniques. ACM CHI 2015. %BNJBO
- 27. ఏҊͱ؍அͷʹΑΔίϯϐϡʔλͱͷڠௐ w ίϯϐϡʔλ͕ྫྷ੩ͳࢹͰɺ૬खͷγάφϧΛ͚ͭݟग़͢ w γάφϧ͕Ͳ͏͍͏ҙຯΛ͔࣋ͭώτ͕அ͢Δ ώτ ίϯϐϡʔλ 👍ίϯςΩετΛཧղ͍ͯ͠Δ 👎ओ؍ਫ਼ਆతͳෛՙͷͨΊʹ ɹྫྷ੩ͳࢹͷҡ͕͍࣋͠ 👍ύϑΥʔϚϯεҰఆ 👎ίϯςΩετΛѻ͑ͳ͍ ͱ؍அΛͤ͞Ε ώτͱίϯϐϡʔλ͏·͘ڠௐͰ͖ΔͷͰͳ͍͔ʁ
- 29. Mindless Attractor: A False-Positive Resistant Intervention for Drawing Attention Using Auditory Perturbation ACM CHI 2021 Riku Arakawa† and Hiromu Yakura‡ (equal contribution) † The University of Tokyo, Japan ‡ University of Tsukuba, Japan
- 30. w ػցֶशΛ͑ɺإը૾͔Β ूத͍ͯ͠Δ͔Ͳ͏͔ΛਪఆͰ͖Δ w ΦϯϥΠϯतूʹۀத͍ͯ͠ͳ͍ੜెʹ γεςϜ͕ࣗಈͰΞϥʔτ͢Δͱ͍͏͜ͱՄೳʹ w ػցֶशͷݕޡͰΞϥʔτ͞Εͯ͠·ͬͨΒͲ͏ࢥ͏ʜʁ w ͦͦγεςϜʹʮूத͠ͳ͍͞ʯͱౖΒΕͨͱ͜ΖͰ ूத͢ΔͲ͜Ζ͔Δ͏·ͯͬ͠ͳ͘ͳ͕ؾՄೳੑ w ݕޡͷՄೳੑ͋ΔதͰҙΛଅ͢ʹͲ͏͢Εʁ എػܠցֶशʹΑΔूதͷηϯγϯά A. Gupta, et al. DAiSEE: Towards User Engagement Recognition in the Wild. arXiv. 2016. [Gupta+, '16]
- 33. w ػցֶशͰूத͍ͯ͠ͳ͍ͱஅ͞Εͨͱ͖ʹ ࣗಈͰͷେ͖͞ߴ͞Λඍົʹม͑ͯҙΛҾ͘ w มԽʹ͔ͨͬͳ͍͍ͯͮؾ߹ҙΛ͢ޮՌ͕͋ͬͨ ఏҊೝಛੑΛ͔ͨ͠׆Ϣʔβͷհೖख๏ R. J. Zatorre, et al. Neural specializations for speech and pitch: moving beyond the dichotomies. Philosophical Transactions of the Royal Society B, 363(1493), 2007. ώτձதɺ૬खͷҙΛҾͨ͘Ίʹ ແҙࣝతʹͷେ͖͞ߴ͞Λม͑Δ ݕޡ͕͋ͬͨͱͯ͠ΠϥΠϥͤͣ͞ʹ ޮՌΛൃ͢شΔհೖΞϓϩʔνΛఏࣔ
- 34. w ػցֶशٕज़ͷਫ਼Λ্͛Δ͜ͱॏཁ͕ͩ ಉ࣌ʹᘳͰͳͯ͑͘ΔΈΛ࡞Δ͜ͱ͕େ w ߈ܸͷՄೳੑؒҧ͏ϦεΫͲ͏ͯ͠ճආͰ͖ͳ͍ w ͜ͷΑ͏ʹώτͱίϯϐϡʔλͷΑΓΑ͍खͷऔΓ߹͍ํΛ ୳Δͷ͕)VNBO$PNQVUFS*OUFSBDUJPOͱ͍͏ֶ w ཧతഎܠͷཧղ͔ΒࣾձֶతͳٻͰ·؍ΊΒΕΔ ֶࡍతͰඇৗʹ໘ന͍ྖҬ w ࠷ۙग़ͨ͠จͰ$07*%Ͱ ѲखձΛͰ͖ͳ͍ΞΠυϧୡ͕ ͲͷΑ͏ʹίϯϐϡʔλγεςϜΛ͍ͬͯΔ͔Λੳ ·ͱΊ