Algorithms for Adversarially Robust Deep Learning
It addresses critical safety issues in AI systems for applications such as medical imaging and language models, though it appears incremental by building on recent progress.
The thesis tackles the problem of adversarial robustness in deep learning across computer vision, domain generalization, and large language models, introducing new algorithms that achieve state-of-the-art generalization in applications like medical imaging and molecular identification.
Given the widespread use of deep learning models in safety-critical applications, ensuring that the decisions of such models are robust against adversarial exploitation is of fundamental importance. In this thesis, we discuss recent progress toward designing algorithms that exhibit desirable robustness properties. First, we discuss the problem of adversarial examples in computer vision, for which we introduce new technical results, training paradigms, and certification algorithms. Next, we consider the problem of domain generalization, wherein the task is to train neural networks to generalize from a family of training distributions to unseen test distributions. We present new algorithms that achieve state-of-the-art generalization in medical imaging, molecular identification, and image classification. Finally, we study the setting of jailbreaking large language models (LLMs), wherein an adversarial user attempts to design prompts that elicit objectionable content from an LLM. We propose new attacks and defenses, which represent the frontier of progress toward designing robust language-based agents.