Kaggleで使用される敵対学習方法AWPの論文解説と実装解説 ~Adversarial Weight Perturbation Helps Robust Generalization~

Slide 1

Slide 1 text

.BTBLJ"PUB /JLLFJJOD ೔ܦ৽ฉཱڭେֶ߹ಉਂ૚ֶशษڧձ!୍ݚڀࣨ ,BHHMFͰ࢖༻͞ΕΔ   ఢରֶशํ๏"81ͷ   ࿦จղઆͱ࣮૷ղઆ "EWFSTBSJBM8FJHIU1FSUVSCBUJPO)FMQT3PCVTU(FOFSBMJ[BUJPO ؔ࿈ϦϯΫBS9JW/FVS*14(JU)VC,BHHMF൛

Slide 2

Slide 2 text

ࣗݾ঺հ ੨ాխً .BTBLJ"PUB w ೔ຊܦࡁ৽ฉࣾ೔ܦΠϊϕʔγϣϯɾϥϘ ݚڀ։ൃ෦ୂ w ࢴ໘ϏϡʔΞʔͷ0$3Τϯδϯ։ൃ w ΩϟογϡϑϩʔγϛϡϨʔγϣϯͳͲͷࣄۀධՁͳͲ w εΩϧ w "U$PEFSਫ৭ ,BHHMF&YQFSU w ࢿ֨౳Ԡ༻৘ใɺ฽هڃɺ'1ڃ

Slide 3

Slide 3 text

໨࣍ ఢରతࣄྫͷ঺հ ͓࿩͚ͩ w "EWFSTBSJBM&YBNQMFʹؔ͢Δࣄલ஌ࣝΛಋೖ ࿦จղઆ ਺͕ࣜొ৔ w "EWFSTBSJBM8FJHIU1FSUVSCBUJPO   )FMQT3PCVTU(FOFSBMJ[BUJPO ࣮૷ղઆ ࣮૷͕ొ৔ w ,BHHMFͰ༻͍ΒΕΔ࣮૷Λ࿦จͷ਺ࣜͱରԠͤͯ͞ղઆ

Slide 4

Slide 4 text

Slide 5

Slide 5 text

ੈքҰ༗໊ͳςφΨβϧ ఢରతࣄྫͷྫࣔ Ian J. Goodfellow +, Explaining and Harnessing Adversarial Examples, 2014 ύϯμͷը૾ʹ ਓؒʹ͸Θ͔Βͳ͍ఔ౓ͷ   ઁಈ ϊΠζ ΛՃ͑Δͱ ςφΨβϧͱ ޡೝࣝ͢Δ

Slide 6

Slide 6 text

ఢରతࣄྫ΋ֶशʹՃ͑Δͱ൚Խੑೳ্͕͕Δ ఢରతࣄྫ͸ֶशΛؤ݈ʹ͢Δ Ian J. Goodfellow +, Explaining and Harnessing Adversarial Examples, 2014 ྆ํΛQBOEBͱֶͯ͠शͤ͞ΔͱɺఢରతࣄྫҎ֎ʹର͢Δ   ൚Խੑೳ΋޲্͢Δ͜ͱ͕ܦݧతʹ஌ΒΕ͍ͯΔɻ 111.ίϯϖͰ΋ۚϝμϧΛऔͬͨνʔϜͷ൒෼Ҏ্͸   ఢରతࣄྫΛֶशʹՃ͍͑ͯͨɻ

Slide 7

Slide 7 text

αϯϓϧͷํͰ͸ͳ͘ϞσϧʹޡΒͤΔ͜ͱ΋Մೳ Ϟσϧʹ΋ઁಈΛՃ͑Δ w v w + v ͋ΔϞσϧͷॏΈʹ ͋ΔछͷઁಈΛ   Ճ͑Δͱ ѱ͍ϞσϧʹͳΔ ֶशதʹϞσϧ͕ѱ͘ͳ͍Α͏ʹઁಈΛՃֶ͑ͭͭश͢Δͱɺ ൚Խੑೳ্͕͕Δͱ͍͏࿦จΛ͜Ε͔Βղઆ χϡʔϥϧωοτΛલఏʹ͓࿩͠͠·͢

Slide 8

Slide 8 text

Slide 9

Slide 9 text

࿦จͷ֓ཁ ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ·ͬͨ ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ܦݧత   ࣄ࣮ ٻ·ͬͨॏΈͷपล͕ΑΓฏΒͳଛࣦʹͳΔ৔߹ɺ ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ͍ ख๏ ϞσϧʹఢରతͳઁಈΛՃ͑ͳ͕Βֶश͢Δ ݁Ռ ՝୊఺ ฏΒͳଛࣦͱͳΔΑ͏ͳ௚઀తͳఆࣜԽ͕ͳ͞Ε͍ͯͳ͍

Slide 10

Slide 10 text

࿦จͷ֓ཁ ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ఢରతࣄྫ΋ֶशʹՃ͑Δ͜ͱͰؤ݈ੑ͕޲্

Slide 11

Slide 11 text

Slide 12

Slide 12 text

ฏΒ͞ͷ֬ೝ 8FJHIU-PTT-BOETDBQF ρ(w) = 1 n n ∑ i=1 max ∥x′ i −xi ∥p ≤ϵ ℓ(fw (x′ ), yi ) ఢରతࣄྫΛϞσϧʹೖྗͨ͠৔߹ͷଛࣦ͸ҎԼͷΑ͏ʹఆࣜԽՄೳ ఢରతࣄྫΛೖྗ͢Δͱ͍͏ҙຯ ρ(w + αd) = 1 n n ∑ i=1 max ∥x′ i −xi ∥p ≤ϵ ℓ(fw+αd (x′ ), yi ) ϞσϧͷॏΈͷपลͷଛࣦ͸ҎԼͷΑ͏ʹఆࣜԽՄೳ ύϥϝʔλʔXΛֶ࣋ͭशࡁΈϞσϧ ௕͞Ћํ޲E͚ͩۙ๣ͷଛࣦ͕ܭࢉͰ͖Δ

Slide 13

Slide 13 text

ฏΒ͞ͷ֬ೝ 8FJHIU-PTT-BOETDBQF Λ ʹ͍ͭͯඳը͢ΔͱɺଛࣦͷฏΒ͞ΛՄࢹԽՄೳ Ed [ρ(w + αd)] α Ed [ρ(w + αd)] w ॏΈͷपลʹߦ͚͹ߦ͘΄Ͳଛࣦ͕େ͖͘ͳΔ w ख๏ʹΑͬͯฏΒ͞͸ҟͳΓͦ͏ طଘݚڀ

Slide 14

Slide 14 text

ΑΓฏΒͳଛࣦ͸ؤ݈ੑ͕ߴ͍ طଘݚڀͷ࣮ݧతൺֱ w ଛࣦ͕ฏΒͰͳ͍ख๏͸ɺֶशͱςετͷਫ਼౓ͷHBQ͕େ͖͍ "5 w ଛࣦ͕ฏΒʹͳΔख๏͸ɺֶशͱςετͷਫ਼౓ͷHBQ͕খ͍͞ 345 "5&4 w ϞσϧΛؤ݈ʹ͍ͨ͠   ˠॏΈͷۙ๣ͷଛࣦ͕ฏΒͰ͋ΔΑ͏ͳֶशʹ͍ͨ͠ ֶश࣌ͱςετ࣌ͷੑೳͷΪϟοϓ ଛࣦͷฏΒ͞ طଘݚڀ

Slide 15

Slide 15 text

࿦จͷ֓ཁ ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ·ͬͨ ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ܦݧత  

Slide 16

Slide 16 text

໰୊ͷఆࣜԽ ॏΈͷۙ๣ͷଛࣦ͕ฏΒͰ͋ΔΑ͏ͳֶशʹ͍ͨ͠ argmin w max v∈ 𝒱 ρ(w + v) ۙ๣ʹ͓͚Δଛࣦͷ࠷େ஋Λ ࠷খԽ͢ΔXΛݟ͚ͭΖ argmin w max v∈ 𝒱 1 n n ∑ i=1 max ∥x′ i −xi ∥p ≤ϵ ℓ(fw+v (x′ ), yi ) ЛΛల։ ্ه͕ղ͚Ε͹ɺఢରతࣄྫʹؤ݈ͳX͕ಘΒΕΔ͸ͣ

Slide 17

Slide 17 text

໰୊ͷղ͖ํ *OQVU1FSUVSCBUJPO argmin w max v∈ 𝒱 1 n n ∑ i=1 max ∥x′ i −xi ∥p ≤ϵ ℓ(fw+v (x′ ), yi ) ఢରతࣄྫΛೖྗ͢Δͱ͍͏ҙຯ ࠷ॳͷ࠷େԽ໰୊͸طଘݚڀͱಉ͘͡ɺఢରతࣄྫͷೖྗΛҙຯ͢Δ ࿦จͰ༻͍͍ͯͨ1(%BUUBDLͷ৔߹ԼهͷY`Λೖྗ͢Ε͹ྑ͍ x′ i ← Πϵ (x′ i + η1 sign(∇x′ i ℓ(fw+v (x′ i ), yi )) ˞࿦จʹ߹Θͤͨදهʹ͍ͯ͠Δɻ ͸૯৐ͷҙຯͰ͸ͳ͍ɻ   ɹཧղͷͨΊʹແࢹͯ͠΋ྑ͍ɻ Π

Slide 18

Slide 18 text

argmin w max v∈ 𝒱 1 n n ∑ i=1 max ∥x′ i −xi ∥p ≤ϵ ℓ(fw+v (x′ ), yi ) ໰୊ͷղ͖ํ 8FJHIU1FSUVSCBUJPO ॏΈʹઁಈΛՃ͑ͯ࠷΋ϞσϧΛѱ͍ͨ͘͠ ͭ໨ͷ࠷େԽ໰୊͸Xۙ๣ͰϞσϧGΛ࠷΋ѱ͘͢Δ͜ͱΛҙਤ 8VΒ͸ޯ഑Λ༻͍ͯҎԼͷΑ͏ʹWΛࢉग़ v ← Πγ v + η2 ∇v 1 m ∑m i=1 ℓ(fw+v (x′ i ), yi ) ∇v 1 m ∑m i=1 ℓ(fw+v (x′ i ), yi ) ∥w∥ ˞࿦จʹ߹Θͤͨදهʹ͍ͯ͠Δɻ ͸૯৐ͷҙຯͰ͸ͳ͍ɻ   ɹཧղͷͨΊʹແࢹͯ͠΋ྑ͍ɻ Π

Slide 19

Slide 19 text

໰୊ͷղ͖ํ 8FJHIU1FSUVSCBUJPO v ← Πγ v + η2 ∇v 1 m ∑m i=1 ℓ(fw+v (x′ i ), yi ) ∇v 1 m ∑m i=1 ℓ(fw+v (x′ i ), yi ) ∥w∥ ˞࿦จʹ߹Θͤͨදهʹ͍ͯ͠Δɻ ͸૯৐ͷҙຯͰ͸ͳ͍ɻ   ɹཧղͷͨΊʹແࢹͯ͠΋ྑ͍ɻ Π ࠷΋ଛࣦΛ࠷େԽ͢Δ୯ҐϕΫτϧ X΁ͷεέʔϧ߹Θͤ ֶश཰

Slide 20

Slide 20 text

໰୊ͷղ͖ํ ॏΈͷߋ৽ argmin w max v∈ 𝒱 1 n n ∑ i=1 max ∥x′ i −xi ∥p ≤ϵ ℓ(fw+v (x′ ), yi ) *OQVU1FSUVSCBUJPOͱ8FJHIU1FSUVSCBUJPOΛߦ্ͬͨͰɺ ௨ৗͷֶशͱಉ༷ʹόοΫϓϩοϓ͢Ε͹ྑ͍ ղܾ w ← w − η3 ∇w+v 1 m m ∑ i=1 ℓ(fw+v (x′ i ), yi ) *OQVU1FSUVSCBUJPOͱ8FJHIU1FSUVSCBUJPOΛ   ߦͬͨͱ͖ͷXͷޯ഑

Slide 21

Slide 21 text

໰୊ͷఆࣜԽ ॏΈͷۙ๣ͷଛࣦ͕ฏΒͰ͋ΔΑ͏ͳֶशʹ͍ͨ͠ argmin w max v∈ 𝒱 ρ(w + v) ۙ๣ʹ͓͚Δଛࣦͷ࠷େ஋Λ ࠷খԽ͢ΔXΛݟ͚ͭΖ ۩ମతʹ͸ w ← w − η3 ∇w+v 1 m m ∑ i=1 ℓ(fw+v (x′ i ), yi ) Ͱύϥϝʔλʔߋ৽Λߦ͑͹͍͍

Slide 22

Slide 22 text

࣮ݧ݁Ռ ˠͨ͠ɻશউɻ   ɹԼهͷදͷ"5"81͕ఏҊख๏ɻ਺ࣈ͕େ͖͍΄Ͳੑೳ͕ྑ͍ɻ 8FJHIU1FSUVSCBUJPOʹΑͬͯੑೳ޲্͢Δ͔ʁ "5ʜ*OQVU1FSUVSCBUJPOͷΈطଘݚڀͷϕʔεϥΠϯ "5"81ʜ*OQVU1FSUVSCBUJPO8FJHIU1FSUVSCBUJPO

Slide 23

Slide 23 text

࣮ݧ݁Ռ طଘݚڀ΁ͷ૊ΈࠐΈ$*'"3Λ༻͍࣮ͨݧ طଘݚڀͰ͸*OQVU1FSUVSCBUJPOͱଛࣦؔ਺Λॻ͖׵͑Δख๏͕ଟ͍ 8FJHIU1FSUVSCBUJPO͸طଘݚڀʹ΋૊ΈࠐΊΔ ֤ྻ͸߈ܸखஈ ֤ߦ͸ख๏໊ "81ͱ͍͍ͭͯΔ΋ͷ͕ఏҊख๏Λ૊ΈೖΕͨ৔߹ͷ݁Ռ

Slide 24

Slide 24 text

ิ଍ࣄ߲ ,BHHMFͰ͸༻͍ΒΕΔ"81ͷ࣮૷͸ɺ *OQVU1FSUVSCBUJPOΛߦΘͣ ఢରతࣄྫ͸࡞Βͣ ʹɺ 8FJHIU1FSUVSCBUJPO͚ͩߦ͏ͷ͕ओྲྀɻ Ҏ߱ɺ,BHHMFͰ༻͍ΒΕΔ࣮૷Λલఏʹղઆ͠·͢ɻ ࿦จͰ͸ఢରతࣄྫʹର͢Δؤ݈ੑʹ஫໨͍͕ͯͨ͠ɺ ܦݧతʹະ஌ͷσʔλʹର͢Δ൚Խೳྗ΋޲্͢Δɻ

Slide 25

Slide 25 text

໨࣍ ఢରతࣄྫͷ঺հ ͓࿩͚ͩ w "EWFSTBSJBM&YBNQMFʹؔ͢Δࣄલ஌ࣝΛಋೖ ࿦จղઆ ਺͕ࣜొ৔ w "EWFSTBSJBM8FJHIU1FSUVSCBUJPO   )FMQT3PCVTU(FOFSBMJ[BUJPO ࣮૷ղઆ ࣮૷͕ొ৔ w ,BHHMFͰ༻͍ΒΕΔ࣮૷Λ࿦จͷ਺ࣜͱରԠͤͯ͞ղઆ ࿦จΦϦδφϧͰ͸ͳ͘ΧϨʔͪΌΜɺ ⊙✱⊙ ͞ΜͳͲ࣮૷͔Β೿ੜ͍ͯ͠·͢

Slide 26

Slide 26 text

ҰൠతͳֶशMPPQͷྫ "81࣮૷ͷલ४උ

Slide 27

Slide 27 text

"81ΛؚΜֶͩशMPPQͷྫ "81࣮૷ͷ֓ཁ ͜ͷߦΛMPPQதʹૠೖ͢Ε͹ྑ͍ "81Ϋϥεͷఆٛ͸ͪ͜Β

Slide 28

Slide 28 text

"81ΛؚΜֶͩशMPPQͷྫ "81࣮૷ͷ֓ཁͱ਺ࣜͷରԠ ߋ৽ଇͷޯ഑෦෼ΛٻΊ͍ͯΔ ∇w+v 1 m m ∑ i=1 ℓ(fw+v (xi ), yi )

Slide 29

Slide 29 text

"81ΛؚΜֶͩशMPPQͷྫ "81࣮૷ͷ֓ཁͱ਺ࣜͷରԠ 8Λ࣮ࡍʹߋ৽͢Δ෦෼ w ← w − η3 ∇w+v 1 m m ∑ i=1 ℓ( fw+v (xi ), yi )

Slide 30

Slide 30 text

"81ͷ࣮૷ ͍ͭ͜Β͸ԿΛ΍͍ͬͯΔͷ͔ʁ

Slide 31

Slide 31 text

"81ͷ࣮૷ BUUBDL@CBDLXBSEͰ͸ԿΛ΍͍ͬͯΔͷ͔ʁ Ϟσϧ Λอଘ fw ʹվม fw+v ௚ޙʹCBDLXBSE͍ͯ͠Δͱ͍͏͜ͱ͸ ∇w+v 1 m m ∑ i=1 ℓ( fw+v (xi ), yi ) 1 m m ∑ i=1 ℓ( fw+v (xi ), yi ) ΛಘΔ͜ͱʹͳΔ ˠॏΈXۙ๣Ͱ ४ ࠷ѱͷଛࣦΛܭࢉ͍ͯ͠Δ

Slide 32

Slide 32 text

"81ͷ࣮૷ @BUUBDL@TUFQͰ͸ԿΛ΍͍ͬͯΔͷ͔ʁ ˠ ʹվม͍ͯ͠Δ fw+v v ← η2 ∇v 1 m ∑m i=1 ℓ( fw+v (x′ i ), yi ) ∇v 1 m ∑m i=1 ℓ( fw+v (x′ i ), yi ) ∥w∥

Slide 33

Slide 33 text

"81ͷ࣮૷ @BUUBDL@TUFQͰ͸ԿΛ΍͍ͬͯΔͷ͔ʁ ˠ ʹվม͍ͯ͠Δ fw+v fw+v

Slide 34

Slide 34 text

"81ͷ࣮૷ @SFTUPSFͷҙຯ Xۙ๣Ͱѱ͍ଛࣦΛܭࢉ ͦͷͱ͖ʹϞσϧΛ ʹॻ͖׵͑ͯ͠·ͬͨʂ fw+v ʹ໭͢ඞཁ͕͋Δ fw

Slide 35

Slide 35 text

"81ͷ࣮ફతͳ࢖༻ํ๏ ࣮ફͰ͸Ϟσϧ͕͋Δఔ౓ֶश͔ͯ͠Βಋೖ͢Δ ֶश࣌ؒ΋ϝϞϦ࢖༻ྔ΋ഒఔ౓ͱ͔ͳΓॏ͍

Slide 36

Slide 36 text

"81ͷಋೖྫ 111.ίϯϖʹ͓͚ΔTDPSFͷਪҠΛՄࢹԽ "81ʹΑΔఢରֶशͷ։࢝ ߴ͍΄Ͳྑ͍ ίϯϖͰ͸΄Ͳͷ ਫ਼౓޲্ʹد༩ͨ͠

Slide 37

Slide 37 text

"EWFSTBSJBM8FJHIU1FSUVSCBUJPO)FMQT3PCVTU(FOFSBMJ[BUJPO ·ͱΊ࿦จΛղઆ͠·ͨ͠ ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ·ͬͨ ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ܦݧత   ࣄ࣮ ٻ·ͬͨॏΈͷपล͕ΑΓฏΒͳଛࣦʹͳΔ৔߹ɺ ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ͍ ख๏ ϞσϧʹఢରతͳઁಈΛՃ͑ͳ͕Βֶश͢Δ ݁Ռ ՝୊఺ ฏΒͳଛࣦͱͳΔΑ͏ͳ௚઀తͳఆࣜԽ͕ͳ͞Ε͍ͯͳ͍

Slide 38

Slide 38 text

-PPQͷதʹߦ௥Ճ͢Δ͚ͩͰ࣮૷Մೳ ·ͱΊ࣮૷Λղઆ͠·ͨ͠ ͜ͷߦΛMPPQதʹૠೖ͢Ε͹ྑ͍ "81Ϋϥεͷఆٛ͸ͪ͜Β