Theses and Dissertations from UMD

Permanent URI for this communityhttp://hdl.handle.net/1903/2

New submissions to the thesis/dissertation collections are added automatically as they are received from the Graduate School. Currently, the Graduate School deposits all theses and dissertations from a given semester after the official graduation date. This means that there may be up to a 4 month delay in the appearance of a give thesis/dissertation in DRUM

More information is available at Theses and Dissertations at University of Maryland Libraries.

Browse

Subject: search.filters.subject.robustness

Search Results

Now showing 1 - 7 of 7
  • Thumbnail Image
    Item
    FOUNDATIONS OF TRUSTWORTHY DEEP LEARNING: FAIRNESS, ROBUSTNESS, AND EXPLAINABILITY
    (2024) Nanda, Vedant; Dickerson, John; Gummadi, Krishna; Computer Science; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Deep Learning (DL) models, especially with the rise of the so-called foundation models, are increasingly used in real-world applications either as autonomous systems (\eg~facial recognition), as decision aids (\eg~medical imaging, writing assistants), and even to generate novel content (\eg~chatbots, image generators). This naturally results in concerns about the trustworthiness of these systems, for example, do the models systematically perform worse for certain subgroups? Are the outputs of these models reliable under perturbations to the inputs? This thesis aims to strengthen the foundations of DL models, so they can be trusted in deployment. I will cover three important aspects of trust: fairness, robustness, and explainability. I will argue that we need to expand the scope of each of these aspects when applying them to DL models and carefully consider possible tradeoffs between these desirable but sometimes conflicting notions of trust. Traditionally the fairness community has worked on mitigating biases in classical models such as Support Vector Machines (SVMs) and logistic regression. However, a lot of real-world applications where bias shows up in a myriad of ways involve much more complicated DL models. In the first part, I will present two works that show how thinking about fairness for deep learning (DL) introduces new challenges, especially due to their overparametrized nature and susceptibility to adversarial attacks. Robustness literature has focused largely on measuring the invariance of models to carefully constructed (adversarial attacks) or natural (distribution shifts) noise. In the second part, I will argue that to get truly robust models, we must focus on a more general notion of robustness: measuring the alignment of invariances of DL models with other models of perception such as humans. I will present two works that measure shared invariances between (1) DL models and humans, and (2) between DL models. Such measurements of robustness provide a measure of \textit{relative robustness}, through which we can better understand the failure modes of DL models and work towards building truly robust systems. Finally, in the third part, I will show how even a small subset of randomly chosen neurons from a pre-trained representation can transfer very well to downstream tasks. We call this phenomenon \textit{diffused redundancy}, which we observe in a variety of pre-trained representations. This finding challenges existing beliefs in the explainability literature that claim individual neurons learn disjoint semantically meaningful concepts.
  • Thumbnail Image
    Item
    Towards Robust and Adaptable Real-World Reinforcement Learning
    (2023) Sun, Yanchao; Huang, Furong; Computer Science; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    The past decade has witnessed a rapid development of reinforcement learning (RL) techniques. However, there is still a gap between employing RL in simulators and applying RL models to challenging and diverse real-world systems. On the one hand, existing RL approaches have been shown to be fragile under perturbations in the environment, making it risky to deploy RL models in real-world applications where unexpected noise and interference exist. On the other hand, most RL methods focus on learning a policy in a fixed environment, and need to re-train a policy if the environment gets changed. For real-world environments whose agent specifications and dynamics can be ever-changing, these methods become less practical as they require a large amount of data and computations to adapt to a changed environment. We focus on the above two challenges and introduce multiple solutions to improve the robustness and adaptability of RL methods. For robustness, we propose a series of approaches that define, explore, and mitigate the vulnerability of RL agents from different perspectives and achieve state-of-the-art performance on robustifying RL policies. For adaptability, we present transfer learning and pretraining frameworks to address challenging multi-task learning problems that are important yet rarely studied, contributing to the application of RL techniques to more real-life scenarios.
  • Thumbnail Image
    Item
    ROBUSTNESS AND UNDERSTANDABILITY OF DEEP MODELS
    (2022) Ghiasi, Mohammad Amin; Goldstein, Thomas; Computer Science; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Deep learning has made a considerable leap in the past few decades, from promising models for solving various problems to becoming state-of-the-art. However, unlike classical machine learning models, it is sometimes difficult to explain why and how deep learning models make decisions. It is also interesting that their performance can drop with small amounts of noise. In short, deep learning models are well-performing, easily corrupted, hard-to-understand models that beat human beings in many tasks. Consequently, improving these deep models requires a deep understanding. While deep learning models usually generalize well on unseen data, adding negligible amounts of noise to their input can flip their decision. This interesting phenomenon is known as "adversarial attacks." In this thesis, we study several defense methods against such adversarial attacks. More specifically, we focus on defense methods that, unlike traditional methods, use less computation or fewer training examples. We also show that despite the improvements in adversarial defenses, even provable certified defenses can be broken. Moreover, we revisit regularization to improve adversarial robustness. Over the past years, many techniques have been developed for understanding and explaining how deep neural networks make a decision. This thesis introduces a new method for studying the building blocks of neural networks' decisions. First, we introduce the Plug-In Inversion, a new method for inverting and visualizing deep neural network architectures, including Vision Transformers. Then we study the features a ViT learns to make a decision. We compare these features when the network trains on labeled data versus when it uses a language model's supervision for training, such as in CLIP. Last, we introduce feature sonification, which borrows feature visualization techniques to study models trained for speech recognition (non-vision) tasks.
  • Thumbnail Image
    Item
    Adversarial Robustness and Robust Meta-Learning for Neural Networks
    (2020) Goldblum, Micah; Czaja, Wojciech; Mathematics; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Despite the overwhelming success of neural networks for pattern recognition, these models behave categorically different from humans. Adversarial examples, small perturbations which are often undetectable to the human eye, easily fool neural networks, demonstrating that neural networks lack the robustness of human classifiers. This thesis comprises a sequence of three parts. First, we motivate the study of defense against adversarial examples with a case study on algorithmic trading in which robustness may be critical for security reasons. Second, we develop methods for hardening neural networks against an adversary, especially in the low-data regime, where meta-learning methods achieve state-of-the-art results. Finally, we discuss several properties of the neural network models we use. These properties are of interest beyond robustness to adversarial examples, and they extend to the broad setting of deep learning.
  • Thumbnail Image
    Item
    MULTI-VEHICLE ROUTE PLANNING FOR CENTRALIZED AND DECENTRALIZED SYSTEMS
    (2019) Patel, Ruchir; Herrmann, Jeffrey W; Azarm, Shapour; Mechanical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Multi-vehicle route planning is the problem of determining routes for a set of vehicles to visit a set of locations of interest. In this thesis, we describe a study of a classical multi-vehicle route planning problem which compared existing solutions methods on min-sum (minimizing total distance traveled) and min-max (minimizing maximum distance traveled) cost objectives. We then extended the work in this study by adapting approaches tested to generate robust solutions to a failure-robust multi vehicle route planning problem in which a potential vehicle failure may require modifying the solution, which could increase costs. Additionally, we considered a decentralized extension to the multi-vehicle route planning problem, also known as the decentralized task allocation problem. The results of a computational study show that our novel genetic algorithm generated better solutions than existing approaches on larger instances with high communication quality.
  • Thumbnail Image
    Item
    MULTI-AGENT UNMANNED UNDERWATER VEHICLE VALIDATION VIA ROLLING-HORIZON ROBUST GAMES
    (2019) Quigley, Kevin J; Gabriel, Steven A.; Applied Mathematics and Scientific Computation; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Autonomy in unmanned underwater vehicle (UUV) navigation is critical for most applications due to inability of human operators to control, monitor or intervene in underwater environments. To ensure safe autonomous navigation, verification and validation (V&V) procedures are needed for various applications. This thesis proposes a game theory-based benchmark validation technique for trajectory optimization for non-cooperative UUVs. A quadratically constrained nonlinear program formulation is presented, and a "perfect-information reality" validation framework is derived by finding a Nash equilibrium to various two-player pursuit-evasion games (PEG). A Karush-Kuhn-Tucker (KKT) point to such a game represents a best-case local optimum, given perfect information available to non-cooperative agents. Rolling-horizon foresight with robust obstacles are incorporated to demonstrate incomplete information and stochastic environmental conditions. A MATLAB-GAMS interface is developed to model the rolling-horizon game, and is solved via a mixed complementarity problem (MCP), and illustrative examples show how equilibrium trajectories can serve as benchmarks for more practical real-time path planners.
  • Thumbnail Image
    Item
    Robust Network Trust Establishment for Collaborative Applications and Protocols
    (2007-05-07) Theodorakopoulos, Georgios Efthymios; Baras, John S; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    In networks without centralized control (e.g. ad-hoc or peer-to-peer networks) the users cannot always be assumed to follow the protocol that they are supposed to. They will cooperate in the operation of the network to the extent that they achieve their own personal objectives. The decision to cooperate depends on the trust relations that users develop for each other through repeated interactions. Users who have not interacted directly with each other can use direct trust relations, generated by others, in a transitive way as a type of recommendation. Network operation and trust generation can be affected by malicious users, who have different objectives, and against whom any proposed solution needs to be robust. We model the generation of trust relations using repeated games of incomplete information to capture the repetitive operation of the network, as well as the lack of information of each user about the others' objectives. We find equilibria that provide solutions for the legitimate users against which the malicious users cannot improve their gains. The transitive computation of trust is modeled using semiring operators. This algebraic model allows us to generalize various trust computation algorithms. More importantly, we find the maximum distortion that a malicious user can cause to the trust computation by changing the reported trust value of a trust relation.