Roadmaps for risk mitigation
  • Risk mitigation roadmaps
  • Mitigation Roadmaps
    • Improving generalization through model validation
      • Step 1: Estimating generalization
      • Step 2: Model validation for hyperparameters tuning
      • Step 3: Performing algorithmic selection
      • Additional Material
    • Hyperparameter Optimisation
      • Step 1: Validation
      • Step 2: Hyperparameter Search
      • Additional Considerations
    • Handling dataset shift
      • Step 1: Understanding dataset shifts
      • Step 2: Detecting dataset shifts
      • Step 3: Handling dataset shifts
      • Additional Material
    • Adversarial training for robustness
      • Step 1: Understanding adversarial examples
      • Step 2: Finding adversarial examples
      • Step 3: Defending against adversarial examples
      • Additional Material
    • Data Minimization techniques
      • Step 1: Understanding the data minimization principle
      • Step 2: Data minimization techniques for Supervised Learning
        • Option 1: Reducing features
        • Option 2: Reducing data points
      • Step 3: Other privacy-preserving techniques
      • Additional Material
    • Measuring Bias and Discrimination
      • Step 1: Understanding bias
      • Step 2A: Measuring Bias for Classification tasks
        • Equality of Outcome metrics
        • Equality of Opportunity metrics
      • Step 2B: Measuring Bias in Regression tasks
        • Equality of Outcome metrics
        • Equality of Opportunity metrics
      • Additional Material
    • Mitigating Bias and Discrimination
      • Step 1: Understanding bias
      • Step 2: Mitigating Bias
        • Option 1: Pre-processing
        • Option 2: In-processing
        • Option 3: Post-Processing
      • Additional Material
    • Documentation for improved explainability of Machine Learning models
      • Step 1: Datasheets for Datasets
      • Step 2: Model Cards for Model Reporting
      • Additional Material
    • Extracting Explanations from Machine Learning Models
      • Step 1: Understanding algorithmic explainability
      • Step 2: In-processing methodologies for Explainability
      • Step 3: Post-processing methodologies for Explainability
      • Additional Material
Powered by GitBook
On this page
  • Why does this matter?
  • This Roadmap
  1. Mitigation Roadmaps

Adversarial training for robustness

Why does this matter?

Machine learning models are becoming increasingly widespread. When they are employed in certain critical applications, the robustness of the system becomes of concern. It is even possible that people may try to break our algorithm. Imagine for example the case of spam filters, where spammers are attempting to fool the filter in order to get their message delivered. In machine learning, we call these threats adversarial.

This Roadmap

We will focus here on adversarial examples, where the attacker tries to break the model by perturbing the input data. However, it is worth noting that different types of adversarial threats exist, including perturbing the training data (data poisoning) or trying to determine whether a sample was part of the training data (membership inference).

This guide will help you increase the robustness of your system to adversarial attacks. Firstly, we will define adversarial examples. Secondly, we will address how to generate them. Finally we will see how to use adversarial examples to train your model and increase robustness.

PreviousAdditional MaterialNextStep 1: Understanding adversarial examples

Last updated 3 years ago