dc.contributor.advisor |
Hein, Matthias (Prof. Dr.) |
|
dc.contributor.author |
Meinke, Alexander |
|
dc.date.accessioned |
2023-05-25T15:02:33Z |
|
dc.date.available |
2023-05-25T15:02:33Z |
|
dc.date.issued |
2023-05-25 |
|
dc.identifier.uri |
http://hdl.handle.net/10900/141438 |
|
dc.identifier.uri |
http://nbn-resolving.de/urn:nbn:de:bsz:21-dspace-1414389 |
de_DE |
dc.identifier.uri |
http://dx.doi.org/10.15496/publikation-82785 |
|
dc.description.abstract |
Over the past decade, deep learning has gone from a fringe discipline of computer science
to a major driver of innovation across a large number of industries. The deployment of such
rapidly developing technology in safety-critical applications necessitates the careful study and
mitigation of potential failure modes. Indeed, many deep learning models are overconfident in
their predictions, are unable to flag out-of-distribution examples that are clearly unrelated to
the task they were trained on and are vulnerable to adversarial vulnerabilities, where a small
change in the input leads to a large change in the model’s prediction. In this dissertation, we
study the relation between these issues in deep learning based vision classifiers.
First, we benchmark various methods that have been proposed to enable deep learning meth-
ods to detect out-of-distribution examples and we show that a classifier’s predictive confidence
is well-suited for this task, if the classifier has had access to a large and diverse out-distribution
at train time. We theoretically investigate how different out-of-distribution detection methods
are related and show that several seemingly different approaches are actually modeling the
same core quantities.
In the second part we study the adversarial robustness of a classifier’s confidence on out-
of-distribution data. Concretely, we show that several previous techniques for adversarial
robustness can be combined to create a model that inherits each method’s strength while sig-
nificantly reducing their respective drawbacks. In addition, we demonstrate that the enforce-
ment of adversarially robust low confidence on out-of-distribution data enhances the inherent
interpretability of the model by imbuing the classifier with certain generative properties that
can be used to query the model for counterfactual explanations for its decisions.
In the third part of this dissertation we will study the problem of issuing mathematically
provable certificates for the adversarial robustness of a model’s confidence on out-of-distribution
data. We develop two different approaches to this problem and show that they have comple-
mentary strength and weaknesses. The first method is easy to train, puts no restrictions on
the architecture that our classifier can use and provably ensures that the classifier will have
low confidence on data very far away. However, it only provides guarantees for very specific
types of adversarial perturbations and only for data that is very easy to distinguish from the
in-distribution. The second approach works for more commonly studied sets of adversarial
perturbations and on much more challenging out-distribution data, but puts heavy restrictions
on the architecture that can be used and thus the achievable accuracy. It also does not guar-
antee low confidence on asymptotically far away data. In the final chapter of this dissertation
we show how ideas from both of these techniques can be combined in a way that preserves all
of their strengths while inheriting none of their weaknesses. Thus, this thesis outlines how to
develop high-performing classifiers that provably know when they do not know. |
en |
dc.language.iso |
en |
de_DE |
dc.publisher |
Universität Tübingen |
de_DE |
dc.rights |
ubt-podok |
de_DE |
dc.rights.uri |
http://tobias-lib.uni-tuebingen.de/doku/lic_mit_pod.php?la=de |
de_DE |
dc.rights.uri |
http://tobias-lib.uni-tuebingen.de/doku/lic_mit_pod.php?la=en |
en |
dc.subject.ddc |
004 |
de_DE |
dc.title |
Robust Out-of-Distribution Detection in Deep Classifiers |
en |
dc.type |
PhDThesis |
de_DE |
dcterms.dateAccepted |
2023-04-24 |
|
utue.publikation.fachbereich |
Informatik |
de_DE |
utue.publikation.fakultaet |
7 Mathematisch-Naturwissenschaftliche Fakultät |
de_DE |
utue.publikation.noppn |
yes |
de_DE |