Our goal is to solve the Unrestricted Adversarial Examples Challenge with a robust image classifier to adversarially generated images. The challenge is one to train an image classifier to correctly classify 80% of unambiguous-to-humans images, label the rest as uncertain, while making zero mistakes. The images can be adversarially perturbed in any way to deceive the image classification model.
We’re using and improving on a binary adversarially trained model. This model was trained through training an image-classifier and adversarial image generator in tandem. The classifier is rewarded for distinguishing real images from the images generated by the adversarial image generator. For the attacker, we are exploring diffusion methods, and various gradient-based methods.

I love research because I love puzzling over hard problems. I’m excited to both think creatively about how to solve this unsolved problem of training a robust image classifier, and to gain more hands-on machine learning experience training models, writing attacks, and more. I also hope research in adversarially robust classifiers can help contribute to building more trustworthy AI models.