Welcome to the first Fresh from the arXiv post of October! After the BERT natural language processing overload of last week, I decided to focus my attention elsewhere. Luckily, the arXiv had plenty to choose from!
As the performance of deep neural networks gets more and more impressive, so do adversarial attacks against them: tricking models into producing unexpected outputs by careful tweaking of the inputs (the said tweaking may or may not be perceivable to the human eye). In fact, one sort of leads to the other, since there is no point in staging an elaborate attack on a system that does not perform well in the first place. In the words of a fellow neural network enthusiast,
Up to [the point when CNNs started achieving state of the art performance on visual recognition tasks], machine learning algorithms simply didn’t work well enough for anyone to be surprised when it failed to do the right thing.
Now that deep network classifiers routinely outperform human experts, fooling them and making them foolproof are hot research topics. In the past week, there were multiple preprints addressing both directions, but the one that caught my attention was Deep Neural Rejection against Adversarial Examples. The authors propose a mechanism for detecting adversarial examples (the aforementioned malicious inputs) by rejecting samples that exhibit anomalous feature representations at different network layers. The fact that the outputs of layers at multiple depths are considered is what puts the Deep in Deep Neural Rejection. The resulting model outperfoms previous approaches and has the additional advantage of not requiring adversarial examples at training time.
The next preprint, Unsupervised Generative 3D Shape Learning from Natural Images, I enjoyed partially because of my fondness for the Generative Adversarial Networks (GANs), but also because I love how the authors went about solving their problem of interest. Let's say you want to generate 3D representations of human faces. The amount of such 3D training data is extremely limited, but on the other hand, there is no shortage of 2D photos of people. Is there any way to make use of the latter for your task? There is indeed. The idea is as creative as it is simple: you train the Generator of a GAN to generate 3D shapes, then you project its output onto a 2D plane to get a two-dimensional image of the shape depicted at an arbitrary angle. Your training set consists of the real 2D images, so now it is up to the Discriminator to classify the generated 2D view as real or fake. The idea is that, once the 3D Generator gets good enough, all of the 2D views are going to be accepted by the Discriminator as real, implying that the generated 3D representations of human faces are realistic. Despite some of the results from the paper not quite reaching that point (see the bottom row in the figure below), I believe that the proposed method holds significant potential. The approach is, of course, not limited to human faces: in principle, you can use it to generate 3D shapes having trained your model on 2D images of any objects in an unsupervised manner.
One concept that I heard about in connection with BERT (or rather, one of its smaller variants coming out of HuggingFace, DistilBERT) is knowledge distillation. Proposed in 2015, it is a compression method where a smaller model (the student) is trained to mimic the behaviour of the original (larger) one, the teacher. There are some neat ideas in there that are very much connected to my previous field, theoretical physics (softmax temperature, dark knowledge), so naturally, I was eager to learn more. Where better to get up to date than the arXiv?
In On the Efficacy of Knowledge Distillation, the authors look at, well, the efficacy of knowledge distillation - more precisely, on how it depends on the architectures of the teacher and the student networks. The takeaway is that if being able to compress a huge teacher network into a tiny student one seems too good to be true, it's because it is. Balance is everything; also, stopping the teacher's training early helps too.
Speaking of early stopping, why is it that it helps with knowledge distillation? Take a closer look at this question in Distillation ≈ Early Stopping? Harvesting Dark Knowledge Utilizing Anisotropic Information Retrieval For Overparameterized Neural Network.
Enjoy the weather, it will likely get worse before it gets better.