Research Experience

Certified robustness in Deep ensembles

2020.11-present

• We conduct research on how to approximately calculate the certified robustness of deep ensembles.

Adversarial defense by diversified simultaneous training of deep ensembles

2019.08-2020.10

• A novel strategy of diversified learning of high-level feature representations by ensemble networks was proposed;
• Two regularization schemes in simultaneous training to facilitate the proposed diversified learning were developed;
• Three measures of ensemble diversity were analyzed for adversarial defense in deep ensembles.

A comparative study of the robustness of single and ensemble model

2019.03-2019.07

• We investigated the robust performance of ensemble DNNs based on traditional ensemble methods;
• Ensemble SVM was firstly found to be less robust than single SVM in the black-box attack scenario;
• We proposed the concept of gradient correlation, which can be used to evaluate the adversarial robustness;

Model-Agnostic Adversarial Detection by Random Perturbations

2018.07-2019.02

• We proposed an effective adversarial detection method based on statistical analysis of model responses;
• A theoretical analysis by relating the bound of random perturbations to the adversarial distortions was given;