BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//prima-2022//speaker calendar//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
BEGIN:VTIMEZOME
TZID:America/Vancouver
TZURL:http://tzurl.org/zoneinfo-outlook/America/Vancouver
X-LIC-LOCATION:America/Vancouver
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP;TZID=America/Vancouver:20221208T113000
DTSTART;TZID=America/Vancouver:20221208T113000
DTEND;TZID=America/Vancouver:20221208T115000

UID:20221208T113000@prima2022.primamath.org
SUMMARY:Polyhedral Decompositions and the Detection of Adversarial Attacks
DESCRIPTION:Previous work has shown that a neural network with the rectified linear unit (ReLU) activation function leads to a convex polyhedral decomposition of the input space. In this talk, we will see how one can utilize this structure to detect and analyze adversarial attacks in the context of digital images. 

When an image passes through a network containing ReLU nodes, the firing or non-firing at a node can be encoded as a bit ($1$ for ReLU activation, $0$ for ReLU non-activation). The sequence of all bit activations identifies the image with a bit vector, which identifies it with a polyhedron in the decomposition. We identify ReLU bits that are discriminators between non-adversarial and adversarial images and examine how well collections of these discriminators can ensemble vote to build an adversarial image detector and also present further applications of this induced geometry.
STATUS:CONFIRMED
LOCATION:Junior Ballroom C
END:VEVENT
END:VCALENDAR