<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class=""><span class="" style="orphans: 2; widows: 2; font-size: large;">UNIVERSITY OF CHICAGO</span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class=""><span class=""><font size="4" class="">DEPARTMENT OF COMPUTER SCIENCE</font></span></div><div class="" style="orphans: 2; widows: 2;"><span class=""><font size="4" class="">PRESENTS</font></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div class=""><br class="webkit-block-placeholder"></div><p class="MsoNormal"><o:p class=""> </o:p><img apple-inline="yes" id="10B12125-ED7E-442D-A13B-6A0BA10373C1" src="cid:763B362A-83FA-4F76-A483-536C803AD051" class=""></p><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class="" style="orphans: 2; widows: 2;"><font size="4" class=""><b class="">Hongyang Zhang</b></font></div><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" class="" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div class="" style="orphans: 2; widows: 2;"><div class="" style="margin: 0in 0in 0.0001pt;"><font size="4" class=""><i class="">Toyota Technological Institute at Chicago</i></font></div><div class="" style="margin: 0in 0in 0.0001pt;"><span class="" style="font-size: 14px;"><i class=""><p class="MsoNormal" align="center"><o:p class=""></o:p></p></i></span><div class=""><br class=""></div></div><div class="" style="margin: 0in 0in 0.0001pt;"><span class=""><span class=""><font class=""><font size="4" class=""><b class="">Thursday, February 18th at 1:00 pm</b></font></font></span></span></div><div class="" style="margin: 0in 0in 0.0001pt;"><span class=""><br class=""></span></div><div class="" style="margin: 0in 0in 0.0001pt;"><span class=""><span class="" style="font-size: 15px;">Join via zoom (enables questions):</span></span></div><div class="" style="margin: 0in 0in 0.0001pt;"><span class="" style="font-size: 15px;"><a href="https://uchicago.zoom.us/j/99074697215?pwd=N1ZFaUJ4RVhVWm9LUkFEbkxqaWJIZz09" class="">https://uchicago.zoom.us/j/99074697215?pwd=N1ZFaUJ4RVhVWm9LUkFEbkxqaWJIZz09</a><br class="">Passcode:  uccs2021<span class=""><br class=""> </span></span></div><div class="" style="margin: 0in 0in 0.0001pt;"><span class=""><span class="" style="font-size: 15px;">Or</span></span></div><div class="" style="margin: 0in 0in 0.0001pt;"><span class=""><span class="" style="font-size: 15px;"><br class="">Watch via live stream:<br class=""></span></span></div><div class="" style="margin: 0in 0in 0.0001pt;"></div></div><div class=""><div class=""><a href="http://live.cs.uchicago.edu/hongyangzhang/" style="font-size: 15px;" class="">http://live.cs.uchicago.edu/hongyangzhang/</a></div><div class=""><font class=""><font class=""><span class="" style="font-size: 15px;"><b class="" style="color: rgb(33, 33, 33);"><br class=""></b></span></font></font></div><div class=""><span class="" style="font-size: 15px;"><span class=""><font class=""><font class=""><span class=""><b class="" style="color: rgb(33, 33, 33);">Title:  </b></span></font></font></span>New Advances in (Adversarially) Robust and Secure Machine Learning</span></div><div class=""><font color="#212121" class=""><span class="" style="font-size: 15px;"><b class=""><br class=""></b></span></font></div><div class=""><span class="" style="font-size: 15px;"><span class="" style="color: rgb(33, 33, 33);"><b class="">Abstract:  </b></span></span><span style="font-size: 15px;" class="">Deep learning models are often vulnerable to adversarial examples. In this talk, we will focus on robustness and security of machine learning against adversarial examples. There are two types of defenses against such attacks: 1) empirical and 2) certified adversarial robustness.</span></div><span style="font-size: 15px;" class=""> <br class="">In the first part of the talk, we will see the foundation of our winning system, TRADES, in the NeurIPS’18 Adversarial Vision Challenge in which we won 1st place out of 400 teams and 3,000 submissions. Our study is motivated by an intrinsic trade-off between robustness and accuracy: we provide a differentiable and tight surrogate loss for the trade-off using the theory of classification-calibrated loss. TRADES has record-breaking performance in various standard benchmarks and challenges, including the adversarial benchmark RobustBench, the NLP benchmark GLUE, the Unrestricted Adversarial Examples Challenge hosted by Google, and has motivated many new attacking methods powered by our TRADES benchmark.<br class=""> <br class="">In the second part of the talk, to equip empirical robustness with certification, we study certified adversarial robustness by random smoothing. On one hand, we show that random smoothing on the TRADES-trained classifier achieves SOTA certified robustness when the perturbation radius is small. On the other hand, when the perturbation is large, i.e., independent of inverse of input dimension, we show that random smoothing is provably unable to certify L_infty robustness for arbitrary random noise distribution. The intuition behind our theory reveals an intrinsic difficulty of achieving certified robustness by “random noise based methods”, and inspires new directions as potential future work.</span></div><div class=""><span class="" style="font-size: 15px;"><font class=""><span class=""><br class=""></span></font></span><div class=""><font class=""><span class=""><div class="" style="font-variant-ligatures: normal; background-color: rgb(255, 255, 255);"><div class=""><font class="" style="font-size: 15px;"><b class="" style="color: rgb(33, 33, 33);">Bio:  </b></font><span style="font-size: 15px;" class="">Hongyang Zhang is a Postdoc fellow at Toyota Technological Institute at Chicago, hosted by Avrim Blum and Greg Shakhnarovich. He obtained his Ph.D. from CMU Machine Learning Department in 2019, advised by Maria-Florina Balcan and David P. Woodruff. His research interests lie in the intersection between theory and practice of machine learning, robustness and AI security. His methods won the championship or ranked top in various competitions such as the NeurIPS’18 Adversarial Vision Challenge (all three tracks), the Unrestricted Adversarial Examples Challenge hosted by Google, and the NeurIPS’20 Challenge on Predicting Generalization of Deep Learning. He also authored a book in 2017.</span></div><div class=""><span style="font-size: 15px;" class=""><br class=""></span></div></div></span></font></div><div class=""><div class="" style="font-variant-ligatures: normal; background-color: rgb(255, 255, 255);"><font color="#222222" class=""><i class=""><b class=""><font class="" style="font-size: 15px;">Host:  Ben Zhao</font></b></i></font></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br class=""></div></div></div></body></html>