Monday, April 26, 2021 - 1:00pm to 2:00pm
Event Calendar Category
Uncategorized
Speaker Name
Adi Shamir
Affiliation
Weizmann Institute of Tech
Join Zoom meeting
https://mit.zoom.us/j/99436067509
Abstract
The extreme fragility of deep neural networks when presented with tiny perturbations in their inputs was independently discovered by several research groups in 2013. Due to their mysterious properties and major security implications, these adversarial examples had been studied extensively over the last eight years, but in spite of enormous effort they remained a baffling phenomenon with no clear explanation. In particular, it was not clear why a tiny distance away from almost any cat image there are images which are recognized with a very high level of confidence as cars, planes, frogs, horses, or any other desired class, why the adversarial modification which turns a cat into a car does not look like a car at all, and why a network which was adversarially trained with randomly permuted labels (so that it never saw any image which looks like a cat being called a cat) still recognizes most cat images as cats.
The goal of this talk is to introduce a new theory of adversarial examples, which we call the Dimpled Manifold Model. It can easily explain in a simple and intuitive way why they exist and why they have all the bizarre properties mentioned above. In addition, it sheds new light on broader issues in machine learning such as what happens to deep neural networks during regular and during adversarial training. Experimental support for this theory, obtained jointly with Oriel BenShmuel and Odelia Melamed, will be presented and discussed in the last part of the talk.
Biography
Adi Shamir is a cryptographer and computer scientist and cowinner, with American computer scientists Leonard M. Adleman and Ronald L. Rivest, of the 2002 A.M. Turing Award, the highest honour in computer science, for their “ingenious contribution for making public-key cryptography useful in practice.” The three scientists patented their “Cryptographic Communication System and Method,” commonly known as RSA encryption, and assigned patent rights to the Massachusetts Institute of Technology (MIT).
Shamir received a bachelor’s degree (1973) in mathematics from Tel Aviv University and a master’s degree (1975) in computer science and a doctorate (1977) in computer science from the Weizmann Institute. After a year of postdoctoral work in England at the University of Warwick, Shamir pursued research at MIT (1977–80) before joining the Weizmann Institute (1980– ), where he was the Paul and Marlene Borman Professor of Applied Mathematics.
While at MIT, Shamir met Adleman and Rivest, and in 1977 they produced the first public-key encryption system using digital signatures. Their data-encryption scheme relied on the enormous difficulty of factoring the product of two very large prime numbers, which form a cryptographic key. In 1983 they founded RSA Data Security to pursue commercial applications, which led to the creation of VeriSign, a widely used digital-certification system on the Internet. Millions of people use RSA encryption to secure e-mail and other digital transactions.
Shamir holds more than a dozen patents related to cryptography and computer science. In addition to the Turing Award, Shamir, Adleman, and Rivest were awarded the 2000 Institute of Electrical and Electronics Engineers Koji Kobayashi Computers and Communications Award. Shamir’s other awards include the Israel Mathematical Union Erdős Prize in Mathematics (1983), the Association for Computing Machinery Paris Kannellakis Theory and Practice Award (1996), and the Israel Prize in Computer Science (2008). In 2017 he received the Japan Prize in the field of electronics, information, and technology.