Bargav Jayaraman
Department of Computer Science
University of Virginia
Abstract Differential privacy is a strong notion for privacy that can be used to prove formal guarantees, in terms of a privacy budget, ε, about how much information is leaked by a mechanism. However, implementations of privacy-preserving machine learning often select large values of ε in order to get acceptable utility of the model, with little understanding of the impact of such choices on meaningful privacy. Moreover, in scenarios where iterative learning procedures are used, differential privacy variants that offer tighter analyses are used which appear to reduce the needed privacy budget but present poorly understood trade-offs between privacy and utility. We quantify the impact of these choices on privacy in experiments with logistic regression and neural network models. Our main finding is that there is a huge gap between the upper bounds on privacy loss that can be guaranteed, even with advanced mechanisms, and the effective privacy loss that can be measured using current inference attacks. Current mechanisms for differentially private machine learning rarely offer acceptable utility-privacy trade-offs with guarantees for complex learning tasks: settings that provide limited accuracy loss provide meaningless privacy guarantees, and settings that provide strong privacy guarantees result in useless models.
Tom Fletcher
Department of Electrical and Computer Engineering, Department of Computer Science
University of Virginia
Abstract Modern data lives in high dimensions, e.g., the number of pixels in an image, the number of words in a document, etc. In this talk, I will present some of the geometric oddities of random samples in high-dimensional Euclidean space. Our intuition about distances, angles, and volumes, which we acquire from 2D and 3D reasoning, doesn’t serve us well in higher dimensions. This has important implications for machine learning. One of the most famous is the existence of adversarial examples, which are data that can be slightly perturbed to change a correct classification into an incorrect one. I will outline a couple of existing conjectures for how high-dimensional geometry leads to adversarial examples, but also argue that these explanations are not fully satisfactory. Finally, I will present some recent work on how to detect vulnerability to adversarial attacks using nonlinear manifold geometry.
Title: How does the mouse brain work for spatial recognition?
Speaker: Haoyi Liang
Abstract: Numerous computer vision algorithms are proposed to teach computers to understand their environments, and artificial intelligence approaches, such as convolutional neural networks, show promising results. However, do animals perceive their environment in a similar way as AI? Our work with the Department of Neuroscience sheds light on this question by studying how mice perceive their environment.
Title: Smarter tuning of image processing algorithms through machine learning
Speaker: Tanjin Toma
Abstract: In image and video processing, algorithms for inverse problems (e.g., image enhancement, image reconstruction) often have some parameters which need to be set in order to yield good results. In practice, usually the choice of such parameters is made empirically with trial and error. But, manual tuning of parameters is time-consuming as well as impractical when multiple parameters exist in a problem. In this talk, I’ll discuss how machine learning can be exploited to automatically choose such parameters effectively.
Title: Robust myocardial T1 mapping with convolutional neural networks
Speaker: Haris Jeelani
Abstract: In cardiac magnetic resonance imaging, the T1 relaxation time in myocardial tissue may be used as an indicator for a variety of pathological conditions. A pixel-wise non-linear regression model is typically used to obtain T1 maps. In this talk we discuss our approach of obtaining T1 maps using convolutional neural networks that are more robust than the conventional regression method.
Hanjie Chen
Department of Computer Science
University of Virginia
Abstract Although neural networks have achieved remarkable performance on text classification, the lack of transparency causes the challenge of understanding model predictions. In the meantime, the growing demand for using neural networks in many text classification tasks drives the research of building more interpretable models.
In our work, we propose a novel training strategy, called learning with auxiliary examples, to improve the interpretability of existing neural text classifiers. By using sentiment classification as the example task and a well-adopted baseline convolutional neural network model as the neural classifier, we show that the new learning strategy improves the model interpretability while maintains similar classification performance. Besides, we also propose an automatic evaluation measurement to quantify the interpretability by measuring the consistency between the model predictions and the corresponding explanations. Experiments on two benchmark datasets show some significant improvements on the interpretability of the models trained with the proposed strategy.