PhD Research
Enhancing robustness of DNNs
State-of-the-art techniques for enhancing robustness of deep networks mostly rely on empirical risk minimization with suitable data augmentation. In this work, we propose a complementary approach motivated by communication theory, aimed at enhancing the signal-to-noise ratio at the output of a neural network layer via neural competition during learning and inference. In addition to minimization of a standard end-to-end cost, neurons compete to sparsely represent layer inputs by maximization of a tilted exponential (TEXP) objective function for the layer. TEXP learning can be interpreted as maximum likelihood estimation of matched filters under a Gaussian model for data noise. Inference in a TEXP layer is accomplished by replacing batch norm by a tilted softmax, which can be interpreted as computation of posterior probabilities for the competing signaling hypotheses represented by each neuron. After providing insights via simplified models, we show, by experimentation on standard image datasets like CIFAR and ImageNet, that TEXP learning and inference enhances robustness against noise and other common corruptions, without requiring data augmentation. Further cumulative gains in robustness against this array of distortions can be obtained by appropriately combining TEXP with data augmentation techniques.
Github: https://github.com/bhagyapuranik/texp_for_robustness
Long-Term Fairness in Machine Learning
With AI-based decisions playing an increasingly consequential role in our society, for example, in our financial and criminal justice systems, there is a great deal of interest in designing algorithms conforming to application-specific notions of fairness. In this line of work, we ask a complementary question: can AI-based decisions be designed to dynamically influence the evolution of fairness in our society over the long term? To explore this question, we propose a framework for sequential decision-making aimed at dynamically influencing long-term societal fairness, illustrated via the problem of selecting applicants from a pool consisting of two groups, one of which is under-represented. We consider a dynamic model for the composition of the applicant pool, in which admission of more applicants from a group in a given selection round positively reinforces more candidates from the group to participate in future selection rounds. Our results indicate the potential of achieving long-term fairness objectives through positive reinforcement via decision making. Further, we extend this to a setting where multiple agents are selecting from a common pool, and design policies that attain long-term fairness. We then sound a cautionary note for more complex applicant pool evolution models, under which uncoordinated behavior by the agents can cause negative reinforcement, leading to a reduction in the fraction of under-represented applicants. Our results indicate that, while positive reinforcement is a promising mechanism for long-term fairness, policies must be designed carefully to be robust to variations in the evolution model, with a number of open issues that remain to be explored by algorithm designers, social scientists and policymakers.
Github: https://github.com/bhagyapuranik/positive-reinf-long-term-fairness
Adversarial RobustnessÂ
Machine learning models are known to be susceptible to adversarial attacks which can cause misclassification by introducing small but well designed perturbations. In this line of work, we consider a classical hypothesis testing problem in order to develop fundamental insight into defending against such adversarial perturbations. We interpret an adversarial perturbation as a nuisance parameter, and propose a defense based on applying the generalized likelihood ratio test (GLRT) to the resulting composite hypothesis testing problem. We show that the GLRT defense is competitive with a minimax approach under the worst-case attack, while yielding a better robustness-accuracy tradeoff under weaker attacks. We also observe that the GLRT defense generalizes naturally to more complex models for which optimal minimax classifiers are not known. For multiclass settings, we provide a method to find optimal noise-aware attacks, and heuristics to find noise-agnostic attacks that are close to optimal in the high SNR regime.