The proliferation of machine learning in image recognition and natural language processing applications comes with increasing risk of adversarial attacks. Such attacks can potentially spoof automated detection systems in our drones or defeat facial recognition systems and bypass automated security systems. Typical defense techniques involve long training times, which would not be viable in an operational setting. The thesis utilizes a novel superquantile-based formulation to train machine learning systems to make them more robust to noise and adversarial attacks, while incurring less training costs compared to typical adversarial training techniques. The concept is explored in the context of support vector machines and achieves similar results as in the case of L1-regularization models. Subsequently, the concept is developed for neural network training with robustness tests on commonly referenced Modified National Institute of Standards and Technology (MNIST) and Canadian Institute for Advanced Research–10 classes (CIFAR-10) datasets. The test results demonstrate robustness against random noise perturbations and benchmark against typical adversarial training shows comparable results. This initial excursion into superquantile training sets the foundation for further exploration into improving machine learning robustness within less computation time.
Royset, Johannes O. Balasubramanian, Krishnakumar, University of California, Davis
Naval Postgraduate School
Master of Science in Operations Research
Operations Research (OR)
Approved for public release. Distribution is unlimited.