log in  |  register  |  feedback?  |  help  |  web accessibility
PhD Defense: Robustness and Understandability of Deep Models
Mohammad Amin Ghiasi
Monday, November 7, 2022, 11:00 am-1:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Deep learning has made a considerable leap in the past few decades, from promising models for solving various problems to becoming state-of-the-art. However, unlike classical machine learning models, it is sometimes difficult to explain why and how deep learning models make decisions. It is also interesting that their performance can drop with small amounts of noise. In short, deep learning models are well-performing, easily corrupted, hard-to-understand models that beat human beings in many tasks. Consequently, improving these deep models requires a deep understanding (pun intended).

While deep learning models usually generalize well on unseen data, adding negligible amounts of noise to their input can flip their decision. This interesting phenomenon is known as "adversarial attacks." In this thesis, we study several defense methods against such adversarial attacks. More specifically, we focus on defense methods that, unlike traditional methods, use less computation or fewer training examples. We also show that despite the improvements in adversarial defenses, even provable certified defenses can be broken.

Over the past years, many techniques have been developed for understanding and explaining how deep neural networks make a decision. This thesis introduces a new method for studying the building blocks of neural network decisions. First, we introduce the Plug-In Inversion, a new method for inverting and visualizing deep neural network architectures, including Vision Transformers. Then we study the features a ViT learns to make a decision. We compare these features when the network trains on labeled data versus when it uses a language model's supervision for training, such as in CLIP. Last, we introduce feature sonification, which borrows feature visualization techniques to study models trained for speech recognition (non-vision) tasks.
Examining Committee



Dr. Tom Goldstein

Dean's Rep.:

Dr. Lawrence C. Washington


Dr. Furong Huang


Dr. Rachel Rudinger


Dr. Soheil Feizi


Amin Ghiasi is a Ph.D. student working under the supervision of Prof. Tom Goldstein. His research is focused on deep learning models, their weaknesses (such as adversarial examples), ways to improve the robustness, and ways to understand them (such as feature visualization and model inversion).

This talk is organized by Tom Hurst