New methods for safe neural networks: research from Würzburg and Munich

New methods for safe neural networks: research from Würzburg and Munich

Scientists at the University of Würzburg and the Technical University of Munich are committed to improving the robustness of neuronal networks. This is done as part of a project that is funded by the German Research Foundation (DFG). In view of the everyday applications of machine learning in autonomous vehicles, medical image analysis and interactive chatbots, the need is becoming increasingly urgent to secure these systems against targeted attacks.

Understand the dangers of targeted attacks

Neuronal networks that are used for different applications often show a weak point: they can be misunderstood by specific manipulations from the outside. An example clearly illustrates this: A picture of a violin can be incorrectly recognized by the software by minimal changes in the pixel area as sea lions. Such mistakes are not only embarrassing, but can have catastrophic consequences in critical situations, such as in road traffic or in medical diagnostics.

research network and financial support

The DFG was approved a new research project with a budget of 565,000 euros, of which more than 250,000 euros flow to the Julius Maximilians University in Würzburg. This project, which is known under the title "Geomar: Geometric Methods for Adversarial Robustness", will be researched in the next three years. The two committed scientists, Professor Leon Bungert and Dr. Leo Schwinn is pursuing the goal of making neural networks more robust against enemy attacks.

robustness as the key to reliability

In this context, robustness means that systems should withstand both random and targeted mistakes. While modern systems already have a considerable resistance to random errors, it often lacks targeted attacks. The research approach is intended to prepare neural networks by systematically confronting faulty and manipulated data in training. This is intended to prevent errors from causing serious problems.

geometric methods for decision -making

A central element of the project is the use of geometric methods. When classification of images, for example in the distinction between dogs and cats, the neural network must draw a decision limit. These limits are not only crucial for the accuracy of the system, but also the main point of activity for manipulations. By understanding these limits, new mathematical models can be developed that help increase the robustness of the networks.

Develop a tailored training method

In order to optimally train the neuronal networks, Bungert and Schwinn are pursuing an innovative approach: instead of using a single network, train two different networks simultaneously. One of these networks simulates the potential attacks by an "attacker". This method hopes that the system will become more resistant and imaginative than a human attacker. The aim is not only to increase robustness, but also to improve the efficiency of the training process.

conclusion and outlook

The “Geomar” project could provide groundbreaking results that not only increase the reliability of machine learning systems, but also promote their practical use in safety -critical areas. In the long term, the research results could lead to the technology of mechanical learning to be used more safely and more effectively in our daily life. The focus on robustness and reliability of these systems is of great importance, especially in a world in which autonomous technologies are increasingly coming to the fore.

contact

Prof. Dr. Leon Bungert, Professorship of Mathematics III (mathematics of machine learning), Tel: +49 931 31-82849, email: leon.ununft@uni-wuerzburg.de

Leon Bungerts website

- Nag