Randomized classifiers have been shown to provide a promising approach for achieving certified robustness against adversarial attacks in deep learning.

Recent studies reveal that a well-trained deep reinforcement learning (RL) policy can be particularly vulnerable to adversarial perturbations on input observations. Therefore, it is crucial to train RL agents that are robust against any attacks with a bounded budget. Existing robust training methods in deep RL either treat correlated steps separately, ignoring the robustness of long-term rewards, or train the agents and RL-based attacker together, doubling the computational burden and sample complexity of the training process. In this work, we propose a strong and efficient robust training framework for RL, named Worst-case-aware Robust RL (WocaR-RL) that directly estimates and optimizes the worst-case reward of a policy under bounded l_p attacks without requiring extra samples for learning an attacker. Experiments on multiple environments show that WocaR-RL achieves state-of-the-art performance under various strong attacks, and obtains significantly higher training efficiency than prior state-of-the-art robust training methods.

A new video game sparked fury and accusations of wokeness in entertainment. But we've played this game before--and it's boring. Back in the summer of 2020, during the first year of COVID lockdowns, two first-party PlayStation games were released back-to-back, just a month apart: and . Upon release, was pretty beloved by a specific right-wing culture-war gamer crowd, who placed it on a pedestal specifically as a way to directly attack . While is far from perfect (for example, Neil Druckmann, the game's creator and co-director, took inspiration from the Israel-Palestine conflict that was criticized for both-sidesism), but the game's sin on release for many on the political right was that it took a series whose lead was previously a man and continued its story with one lead who was a lesbian and another whose appearance was deemed too masculine for these players to be attracted to her.

Recent studies reveal that a well-trained deep reinforcement learning (RL) policy can be particularly vulnerable to adversarial perturbations on input observations. Therefore, it is crucial to train RL agents that are robust against any attacks with a bounded budget. Existing robust training methods in deep RL either treat correlated steps separately, ignoring the robustness of long-term rewards, or train the agents and RL-based attacker together, doubling the computational burden and sample complexity of the training process. In this work, we propose a strong and efficient robust training framework for RL, named Worst-case-aware Robust RL (WocaR-RL) that directly estimates and optimizes the worst-case reward of a policy under bounded l_p attacks without requiring extra samples for learning an attacker. Experiments on multiple environments show that WocaR-RL achieves state-of-the-art performance under various strong attacks, and obtains significantly higher training efficiency than prior state-of-the-art robust training methods.

Recent research has revealed that Graph Neural Networks (GNNs) are susceptible to adversarial attacks targeting the graph structure. A malicious attacker can manipulate a limited number of edges, given the training labels, to impair the victim model's performance. Previous empirical studies indicate that gradient-based attackers tend to add edges rather than remove them. In this paper, we present a theoretical demonstration revealing that attackers tend to increase inter-class edges due to the message passing mechanism of GNNs, which explains some previous empirical observations. By connecting dissimilar nodes, attackers can more effectively corrupt node features, making such attacks more advantageous. However, we demonstrate that the inherent smoothness of GNN's message passing tends to blur node dissimilarity in the feature space, leading to the loss of crucial information during the forward process. To address this issue, we propose a novel surrogate model with multi-level propagation that preserves the node dissimilarity information. This model parallelizes the propagation of unaggregated raw features and multi-hop aggregated features, while introducing batch normalization to enhance the dissimilarity in node representations and counteract the smoothness resulting from topological aggregation. Our experiments show significant improvement with our approach.Furthermore, both theoretical and experimental evidence suggest that adding inter-class edges constitutes an easily observable attack pattern. We propose an innovative attack loss that balances attack effectiveness and imperceptibility, sacrificing some attack effectiveness to attain greater imperceptibility. We also provide experiments to validate the compromise performance achieved through this attack loss.

Abstract: The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs. While such devices enable us to train large-scale neural networks in datacenters and deploy them on edge devices, their designers' focus so far is on average-case performance. In this work, we introduce a novel threat vector against neural networks whose energy consumption or decision latency are critical. We show how adversaries can exploit carefully-crafted sponge examples, which are inputs designed to maximise energy consumption and latency, to drive machine learning (ML) systems towards their worst-case performance. Sponge examples are, to our knowledge, the first denial-of-service attack against the ML components of such systems.

… are inputs designed to maximise energy consumption and latency, to drive machine learning (ML) systems towards their worst-case performance.

The need to make decisions with sufficient quality is only compatible in some cases with the data we have at hand to reach this goal. If we want to advance drug discovery, then acknowledging the suitability of a given end point to answer a given question is at least as important as modelling a particular end point. . . The problem is, modeling is easier to start doing than dealing with that suitability question. It can also be harder to explain this point to investors, to granting agencies, and to upper management, because improvements in things like assay quality and target selection are harder to quantify and come on slowly. This, to me, is the big question looming over a lot of AI/ML approaches to drug discovery, and I'm really glad to see a paper addressing it head-on.

Fox News Flash top entertainment and celebrity headlines are here. Check out what's clicking today in entertainment. The U.S. military recently conducted a live-fire full combat replication with unmanned-to-unmanned teaming guiding attacks, small reconnaissance drones, satellites sending target coordinates to ground artillery and high-speed, AI-enabled "networked" warfare. This exercise was a part of the Army's Project Convergence 2020, a weapons and platform combat experiment which, service leaders say, represents a massive transformation helping the service pivot its weapons use, tactics and maneuver strategies into a new era. Taking place at Yuma Proving Grounds, Arizona, Project Convergence involved live-fire war experiments aligned in three distinct phases, intended to help the Army cultivate its emerging modern Combined Arms Maneuver strategy.

Implementing machine learning is a minefield and a slog. Even after IT managers put in place an accelerated computing infrastructure required for AI, after data scientists and business managers agree on analytics projects the organization needs, after the data science team selects algorithms, builds models, prepares data, runs prototypes and makes everything operational – after all that –there's still the real possibility business unit managers will reject ML recommendations for fear of bias in the model or simply because they don't understand how the system arrives at its decisions. It's the AI Trust Gap, and it's a particularly difficult hurdle for companies without FAANG-class compute and data science resources. We've written about new attempts to close the trust gap, including management strategy recommendations ("How to Overcome the AI Trust Gap: A Strategy for Business Leaders") and a product launch last month by IBM ("Explaining AI Decisions to Your Customers: IBM Toolkit for Algorithm Accountability"). Now CognitiveScale has added Certifai to its Cortex line of enterprise AI software that generates, according to the company, a "FICO-like" composite risk score based on the "AI Trust Index" that CognitiveScale developed with AI Global.