Institute for Computational and Experimental Research in Mathematics (ICERM)

Abstract

In this talk, we provide a theoretical framework for interpreting neural network decisions by formalizing the problem in a rate-distortion framework. The solver of the associated optimization, which we coin Rate-Distortion Explanation (RDE), is then accessible to a mathematical analysis. We will discuss theoretical results as well as present numerical experiments showing that our algorithmic approach outperforms established methods, in particular, for sparse explanations of neural network decisions.

• Video
• Slides

Abstract

Recent decade brought explosive progress in the applications of Machine Learning and data-driven Artificial Intelligence (AI) to real-life problems across sectors. Autonomous cars and automated passport control are examples of the new reality. Deep Learning models, or more generally, models with multiple learnable processing stages constitute a large class of models to which a significant part of the recent successes has been apportioned. Notwithstanding these successes, there are emerging challenges too. In this talk we will discuss a set of vulnerabilities which may typically arise in large Deep Learning models. These vulnerabilities are extreme sensitivities of the models to data or structure perturbations. We will present a formal theoretical framework for assessing and analysing two classes of such vulnerabilities. The first class is linked with adversarial examples. Vulnerabilities of the second class are linked with purposeful malicious structure perturbations which may be, with high probability, undetectable through input-output validation. We name these perturbations “stealth attacks”. We will show how to construct stealth attacks on Deep Learning models that are hard to spot unless the validation set is made exponentially large. For both classes of attacks, the high dimensionality of the AI’s decision-making space appears to be a major contributor to the AI’s vulnerability. We conclude with recommendations of how robustness to malicious perturbations of data and structure can be mitigated by ensuring that the data dimensionality at relevant processing stages in Deep Learning models is kept sufficiently small.

• Video
• Slides

Abstract

Deep Learning is much publicized and has had great empirical success on challenging problems in learning. Yet there is no quantifiable proof of performance and certified guarantees for these methods. This talk will give an overview of Deep Learning from the viewpoint of mathematics and numerical computation.

Abstract

Black box deep learning models are difficult to troubleshoot. In practice, it can be difficult to tell whether their reasoning process is correct, and ""explanations"" have repeatedly been shown to be ineffective. In this talk I will discuss two possible approaches to create deep learning methods that are inherently interpretable. The first is to use case-based reasoning, through a neural architecture called ProtoPNet, where an extra ""prototype"" layer in the network allows it to reason about an image based on how similar it looks to other images (the network says ""this looks like that""). Second, I will describe ""concept whitening,"" a method for disentangling the latent space of a neural network by decorrelating concepts in the latent space and aligning them along the axes. This Looks Like That: Deep Learning for Interpretable Image Recognition. NeurIPS spotlight, 2019. https://arxiv.org/abs/1806.10574 Concept Whitening for Interpretable Image Recognition. Nature Machine Intelligence, 2020. https://rdcu.be/cbOKj

• Video

Abstract

Differential privacy is a parameterized notion of database privacy that gives a mathematically rigorous worst-case bound on the maximum amount of information that can be learned about an individual's data from the output of a computation. Recent work has provided tools for differentially private stochastic gradient decent, which enables differentially private deep learning. These in turn enable differentially private synthetic data generation, to provide synthetic versions of sensitive datasets that share statistical properties with the original data while additionally providing formal privacy guarantees for the training dataset. This talk will first give an introduction to differential privacy, and then survey recent advances in differentially private deep learning and its application to synthetic data generation.

• Video

Abstract

Many have noted and lamented a reproducibility crisis in science with more recent discussion and interest on the reproducibility and reliability of data science and machine learning techniques.  In this talk, I will introduce the Four R's, a tiered framework for discussing and assessing the reproducibility, replicability, reliability, and robustness of a data science or machine learning pipeline.  Then, I will introduce a new minipatch learning framework that helps to improve the reliability and robustness of machine learning procedures.  Inspired by stability approaches from high-dimensional statistics, random forests, and dropout training in deep learning, minipatch learning is an ensemble approach where we train on very tiny randomly or adaptively chosen subsets of both observations and features or parameters.  Beyond the obvious computational and memory efficiency advantages, we show that minipatch learning also yields more reliable and robust solutions by providing implicit regularization.  

• Video

Abstract

Recent progress in machine learning provides us with many potentially effective tools to learn from datasets of ever increasing sizes and make useful predictions. How do we know that these tools can be trusted in critical and high-sensitivity systems? If a learning algorithm predicts the GPA of a prospective college applicant, what guarantees do I have concerning the accuracy of this prediction? How do we know that it is not biased against certain groups of applicants? This talk introduces statistical ideas to ensure that the learned models satisfy some crucial properties, especially reliability and fairness (in the sense that the models need to apply to individuals in an equitable manner). To achieve these important objectives, we shall not “open up the black box” and try understanding its underpinnings. Rather we discuss broad methodologies that can be wrapped around any black box to produce results that can be trusted and are equitable. We also show how our ideas can inform causal inference predictive; for instance, we will answer counterfactual predictive problems: i.e. predict the outcome of a treatment would have been given that the patient was actually not treated.

• Video