Identifying and exploiting structures for reliable deep learning

Sanyal, A

Abstract:: Deep learning research has recently witnessed an impressively fast-paced progress in a wide range of tasks including computer vision, natural language processing, and reinforcement learning. The extraordinary performance of these systems often gives the impression that they can be used to revolutionise our lives for the better. However, as recent works point out, these systems suffer from several issues that make them unreliable for use in the real world, including vulnerability to adversarial attacks (Szegedy et al. [243]), tendency to memorise noise (Zhang et al. [286]), being over-confident on incorrect predictions (miscalibration) (Guo et al. [99]), and unsuitability for handling private data (Gilad-Bachrach et al. [88]). In this the- sis, we look at each of these issues in detail, investigate their causes, and propose computationally cheap algorithms for mitigating them in practice.

To do this, we identify structures in deep neural networks that can be exploited to mitigate the above causes of unreliability of deep learning algorithms. In Chapter 4, we show that minimising a property of matrices, called stable rank, for individual weight matrix in a neural network reduces the tendency of the network to memorise noise without sacrificing its performance on noiseless data.

In Chapter 5, we prove that memorising label noise or doing improper representation learning makes achieving adversarial robustness impossible. Chapter 6 shows that a low-rank prior on the representation space of neural networks increases the robustness of neural networks to adversarial perturbations without inducing any tradeoff with accuracy in practice.

In Chapter 7, we highlight the use of focal loss, which weights loss components from individual samples differentially by how well the neural network classifies each of them, as an alternative loss function to cross-entropy for minimising miscalibration in neural networks.

In Chapter 8, we first define a new framework called Encrypted Prediction As A Service (EPAAS) along with a set of computational and privacy constraints. Then we propose the use of a Fully Homomorphic Encryption [84] scheme which can be used with a Binary neural network [61], along with a set of algebraic and computational tricks, to satisfy all our conditions for EPAAS while being computationally efficient.

Actions

Email

Email this record

Send the bibliographic details of this record to your email address.

Your Email
Please enter the email address that the record information will be sent to.

-
Your message (optional)
Please add any additional information to be included within the email.
Cite

Cite this record

APA Style

Sanyal, A. (2021). Identifying and exploiting structures for reliable deep learning [PhD thesis]. University of Oxford.

MLA Style

Sanyal, A. Identifying and Exploiting Structures for Reliable Deep Learning. University of Oxford, 2021.

Chicago Style

Sanyal, A. 2021. “Identifying and Exploiting Structures for Reliable Deep Learning.” PhD thesis, University of Oxford.
Share
Print

Access Document

Files:: sanyal_final_thesis.pdf

(Preview, Dissemination version, pdf, 25.8MB, Terms of use)

Authors

+ Sanyal, A More by this author

Institution:: University of Oxford
Division:: MPLS
Department:: Computer Science
Sub department:: Computer Science
Research group:: The Alan Turing Institute
Oxford college:: St Hugh's College
Role:: Author
ORCID:: https://orcid.org/0000-0002-4190-0449

Contributors

+ Kanade, VN

Division:: MPLS
Department:: Computer Science
Sub department:: Computer Science
Oxford college:: Lady Margaret Hall
Role:: Supervisor
ORCID:: https://orcid.org/0000-0002-2300-4819

+ Torr, P

Division:: MPLS
Department:: Engineering Science
Sub department:: Engineering Science
Oxford college:: St Catherine's College
Role:: Supervisor

+ The Alan Turing Institute More from this funder

Funding agency for:: Sanyal, A
Grant:: TU/C/000023
Programme:: The Turing doctoral studentship

DOI:: 10.5287/ora-7q6e25b28
Type of award:: DPhil
Level of award:: Doctoral
Awarding institution:: University of Oxford

Language:: English
Keywords:: regularisation

machine learning

generalisation

adversarial robustness

calibration

encyrpted prediction

label noise

benign overfitting
Subjects:: reliability of deep learning algorithms
Deposit date:: 2021-08-16

Related item:: Calibrating Deep Neural Networks using Focal Loss
Description:: @inproceedings{NEURIPS2020_aeb7b30e, author = {Mukhoti, Jishnu and Kulharia, Viveka and Sanyal, Amartya and Golodetz, Stuart and Torr, Philip and Dokania, Puneet}, booktitle = {Advances in Neural Information Processing Systems}, editor = {H. Larochelle and M. Ranzato and R. Hadsell and M. F. Balcan and H. Lin}, pages = {15288--15299}, publisher = {Curran Associates, Inc.}, title = {Calibrating Deep Neural Networks using Focal Loss}, url = {https://proceedings.neurips.cc/paper/2020/file/aeb7b30ef1d024a76f21a1d40e30c302-Paper.pdf}, volume = {33}, year = {2020}, Bdsk-Url-1 = {https://proceedings.neurips.cc/paper/2020/file/aeb7b30ef1d024a76f21a1d40e30c302-Paper.pdf}}
Related item:: Stable Rank Normalization for Improved Generalization in Neural Networks and GANs
Description:: @inproceedings{ Sanyal2020Stable, title={Stable Rank Normalization for Improved Generalization in Neural Networks and GANs}, author={Amartya Sanyal and Philip H. Torr and Puneet K. Dokania}, booktitle={International Conference on Learning Representations}, year={2020}, url={https://openreview.net/forum?id=H1enKkrFDB} }
Related item:: Robustness via Deep Low-Rank Representations
Description:: @inproceedings{Sanyal2020LR, author = {Amartya Sanyal and Puneet Dokania and Varun Kanade and Philip H.S. Torr}, booktitle = {ICML Workshop on Theoretical Foundations and Applications of Deep Generative Models}, title = {Robustness via deep Low-Rank Representations}, year = {2018} }
Related item:: How Benign is Benign Overfitting ?
Description:: @inproceedings{ sanyal2021how, title={How Benign is Benign Overfitting ?}, author={Amartya Sanyal and Puneet K. Dokania and Varun Kanade and Philip Torr}, booktitle={International Conference on Learning Representations}, year={2021}, url={https://openreview.net/forum?id=g-wu9TMPODo} }
Related item:: TAPAS: Tricks to Accelerate (encrypted) Prediction As a Service
Description:: @inproceedings{Sanyal2018a, author = {Sanyal, Amartya and Kusner, Matt and Gascon, Adria and Kanade, Varun}, booktitle ={International Conference on Machine Learning (ICML)}, title = {{TAPAS: Tricks to Accelerated (encrypted) Prediction As a Service}}, year = {2018} }

Terms of use

Copyright holder:: Sanyal, A

Licence:: Terms and Conditions of Use for Oxford University Research Archive

Views and Downloads

About views and downloads

If you are the owner of this record, you can report an update to it here: Report update to this record

Thesis

Identifying and exploiting structures for reliable deep learning

Actions

Access Document

Authors

Contributors

Terms of use

Views and Downloads

Altmetrics

Dimensions

Thesis

Identifying and exploiting structures for reliable deep learning

Actions

Access Document

Authors

Contributors

Funding

Bibliographic Details

Item Description

Related Items

Terms of use

Metrics

Views and Downloads

Altmetrics

Dimensions