BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Achieving Verified Robustness to Adversarial NLP Inputs - Johannes
  Welbl (UCL)
DTSTART:20200612T113000Z
DTEND:20200612T123000Z
UID:TALK142261@talks.cam.ac.uk
CONTACT:Guy Aglionby
DESCRIPTION:Neural networks are part of many contemporary NLP systems\, ye
 t their\nempirical success comes at the price of vulnerability to adversar
 ial\nattacks\, e.g. by synonym replacements or adversarial text deletion.\
 nWhile much previous work uses adversarial training or data\naugmentation 
 to partially mitigate such brittleness\, these methods are\nunlikely to ac
 tually find worst-case inputs due to the complexity of\nthe search space a
 rising from discrete text perturbations.\nIn this talk\, I will introduce 
 an approach that tackles the problem of\nadversarial robustness from the o
 pposite direction: we formally verify\na system's robustness against pre-d
 efined classes of adversarial\nattacks. To this end we adopt Interval Boun
 d Propagation and bound the\nconsequences which input changes can have on 
 model predictions\, thus\nestablishing bounds on worst-case adversarial at
 tacks. We furthermore\nmodify the conventional log-likelihood training obj
 ective to train\nmodels which can be efficiently verified in constant time
  -- this\nwould otherwise come with exponential search complexity. The res
 ulting\nmodels have much improved verified accuracy\, and come with an\nef
 ficiently computable formal guarantee on worst case adversarial\nattacks.
LOCATION:https://meet.google.com/tgv-vods-pdk
END:VEVENT
END:VCALENDAR