This is a super-expert view on Neural Networks. It's discussing over fooling (or in other words hacking) NNs, while the NNs themselves are still highly complicated structures for most people and even experts. precious content I say.

Just discovered this channel. Awesome content. Better than most of the hyped channels around regarding ML and Deep Learning. Cheers. :)

All of your videos are incredibly well made and presented. Perfect mix of detail and generality and excellent visuals. So hooked.

This video deserves so much more attention! Great Job!

Great content. One suggestion : Can you please provide links of the shown research in the video description?

Your vids are just gold.Please do more videos on other nets like rnn,cnn,ladder net,DBN,se2seq etc.I think you can make people understand better that anyone.Best of luck.Really a big fan of your contents

@Arxiv Insights - The paper you showed does not claim that the sunglasses fail 'every' facial recognition systems. In fact, they are personally curated and would work for a particular recognition neural net.

Great video! One suggestion is to include links to all relevant papers.

They are a blessing! They show that NN's are getting something fundamentally wrong. And we can gain insight from those wrong classifications to understand what's really going wrong. I think, we humans don't use any chroma or HUE information for object detection - we only use detect structural patterns (at first).

9:48 that comment was pretty deft. The neural network's sarcasm is showing. I'd give that comment a positive rating too.

This was absolutely fascinating. Have liked and subscribed!

Nice! Didn't know yet about cross-model generalization. Also nice to have your take on how to avoid and even exploit these attacks. Keep up the video-making & posting :-)

You deserve much more subscribers. Keep up a good work

Super cool video! Love the depth of the content! Please keep making more videos:)

Wow, your videos are fantastic! The format is great, the content is awesome... Please post more videos :D

Thanks for posting the awesome video. Could you please provide the reference (paper) at 14:12?

Just subscribed for part III! :D

Really great videos thanks!

love your videos, keep it up.

Humans also have adversarial examples in the form of Pareidolia, seeing faces in inanimate objects. It's an evolutionary thing that helps humans detect predators. An example are people who scour the images taken on Mars, and they see rocks that they claim are the heads of broken statues, when it's really just a rock that was photographed at a particular angle.

Thanks for making this video. I hope you also link to your references for this video in the description box like you did in part one. Thanks, again!

great work! keep developing your great channel! 💎

Great video. Perhaps humans are robust to the adversarial examples of computers, and vice versa. In the end is how to align both adversarial distributions.

Great videos! what are your sources for this video? trying to find the ostrich/temple confusion in a paper!

Some image pre-processing might help with stopping imperceptible pixel changes giving wrong results. If you extract the detail from the image, then blur the image to spread out any noise, before adding the detail back in, you'll at least have the areas that are large and without much variation, mostly noise free (detail mask --> blur detail mask --> use it to mask the original image to get the detail). Recognition would probably be best done in 2 steps, use a grey scale image (just the detail?) for one channel, and the colours from the same, but heavily blurred image, for a second channel. Most objects can be identified in black and white, colour only adds a smaller amount of information (like whether an animal/insect is likely poisonous). Using a reduced resolution for the colour may also be of help; there's little point in letting an neural network be able to distinguish between each of 16.7 million colours for object recognition; less to learn and less opportunity for small variations (that a human couldn't even see) causing upsets. Is that really Keanu Reeves? Looks more like Sylvestor Stallone :->

Thanks a lot for your videos. At the beginning of this series, you announced a third part on "Memorization vs Generalization", but I couldn't find it even though you posted other videos after that. Was it deleted for some reason, or is it still a work in progress?

Glad to see that human biological computer network is still much efficient than machine with artificial neural network.

your explication is awesome keep going

This just proves a few points: 1) The problems of overfitting and inability of deep nets to converge is not due to the complexity of the network, but due to missing *Complenent of a Set* ( en.wikipedia.org/wiki/Complement_(set_theory) ) of training data. When you train a network you have to provde the *NOTs* of train/test data too, these would be pictures of mamals , birds, humans, not just digits with a black background if we speak about MNIST dataset. It is like you only believe in matter and forget about the dark matter of the Universe. Well, some day , because you didn't consider the whole Universe this dark matter is gonna eat your planet. 2) The adversarial examples are not adversarial examples really, they are just pointing out on an inconsistent training method we are using currently. We need to modify our methods to include the *Complement of a Set* . This will increase training time by orders of magnitude, but you are going to get real generalization, just like it was originally conceptualized in the mid of last century.

Amazing content. keep it up

This video is amazing

Great content. I'd like if the sound quality were a bit better, particularly due to the echos in your room. It sounds like you have some bare walls that are really reflective. Without changing your mic setup, you might be able to do something like hang up some towels to absorb the echoed sounds.

Bro, would love to see more and more content coming on your channel

Ok so, "simple" solution? (I'm sure actually implementing this is a different story) GAN-like network, but it takes the input and does all kinds of transforms to it (noise, rotation, scaling, changing single letters / words, what have you), optimizing for minimal necessary transforms to get the network to classify any images as any given class. Basically the network is supposed to learn to generate and then overcome its own failure cases. "Just" protect against all kinds of sources of adversarial examples. (Because obviously it's super easy to know that you've covered all your bases and that you haven't overlooked any problem *cough)* Would that work? Perhaps something like IMPALA could be used to make it work on multiple possible variants of breaking a network at once?

Keep making videos, great job!

very good lectures, and thank you!

Great Job man and thanks a lot for this awesome content

this was so cool. MASSIVE SUBSCRIBE!

This is really good content. Subscribed! So I'm a Machine Learning guy as well (I make similar videos on my channel) but I don't have a decent face cam. What camera do you use?

Regarding the optimization of the car frame, consequently we end up with an adversarial example, as you said. Can you give some papers aimed at this subject? Thanks

Things like this have made me appreciate the “artificial” in artificial intelligence, as it shows that the way AI works is very different than that of naturally evolved organisms, for better and for worse

If we look to a NN as a program (A huge function with many inputs) it becomes clear why AE works.

SUPER GOOD CHANNEL. I have never seen ML Videos for learning so good. Thanks you really much. ¿One Question? Can we defense from an adversarial attack for image recognition, making one first step that would be simplifying the input image (Ex: Panda) to a vectoriced version, smooth edges and less colors, just for cheking the form? The noise will desapear in this process but the fundamentals of the image will continue the same. Then You can compare the result of the normal input and the simplified input.

dude that was awesome. THANKS

Awesome! Keep them coming ;-)

Very good videos! What is the frequency of uploading new vids?

maybe you make a video on how to follow the white papers in the field of AI (where to find them, how to create alerts, if there are any such tools, are there good websites that follow new published papers, etc) - i don't know if this is a good topic, but just an idea. greets! :)

Dude nice vid, Do you have an education background in AI?

Where is part ||| ?

Great vid!

This is so cool!

A great video

Does adverisal attack work for regression?

9:16 column 7 row 3 predicts Sylvester Stallone

How do we know that classification adverserial examples don't exist for the human brain?

Wow, the fact that adversarial examples exist, doesn’t that indicate that our algorithm hasn’t extrapolated the essence of what makes an image such an image. And that the models, despite appearances of working most of the times are really not really working.

There is a really cool paper about using adversarial attack on humans, do you think that being fooled by an adversarial example is a fundamental property in our visual system?

What marketing departments and political consultants and propagandists do is generate adversarial examples for human cognition and emotion.

The problem is over generalization.

Is this the machine learning equivalent of pareidolia?

😎

Neural Networks are not using proper logic for colors, uniformity, they are perhaps 1000 times simpler than brain ones, so they can be tricked using simple stuff which doesnt even contain color and uniformity. things will come along though. It's amazing that they are efficient already and it shows that tensor flow version 17.0 will be very awesome, even if it does require 0.01nm procesors!

Kenu Reeves or Sylvester Stallone?

bikini pics are adversarial examples which flip human's (males category) attention focus ......

Good presentation, but you are a bit too much in the foreground and moving a lot, which is highly distracting.

If we trained a GAN, throw away the Generator, take only the discriminator, will it be more robust to adversarial attack than normal image classifiers?