Classification Boundaries of Complex Machine Learning Models

State of the art deep neural networks have experienced significant success across a wide range of AI tasks, e.g., those building on image/text classification, with successful application cases like computer-aided medical diagnosis, automatic driving cars, sentiment analysis. However, these networks can be vulnerable to handle data objects perturbed in an almost imperceptible manner by adversarial attack techniques. Such perturbations cause the networks to misclassify and significantly reduce their accuracy.

This project is focused on improving the adversarial robustness of neural networks by researching properties of the classification boundaries and regions induced by machine learning models. It aims at addressing the following research questions:
1. What are the theoretically provable relationships between the existence of imperceptible adversarial perturbations and the properties of classification boundaries and regions?
2. How to improve classification accuracy of perturbed objects without sacrificing the classification accuracy of natural objects?

The project aims at answering these questions through investigating the geometric and topological features of the classification regions and decision boundaries. New theoretical understanding of adversarial robustness will be established, and novel and effective adversarial defense techniques will be developed. The project contributes to the EPSRC research areas of AI and numerical analysis, and its success will benefit all the other science and engineering areas that use deep neural networks as their underlying computational tools.