UBC Theses and Dissertations
Soft labels and supervised image classification Tyrväinen, Sanna
Machine learning is used daily in areas such as security, medical care, and financial systems. Failures in such institutions can have dire consequences. Adversarial attacks on deep neural networks exploit instabilities in the network with regard to noise and thus are important problems in the field of machine learning. In recent years, much attention has been given to the design of architectures and procedures that help mitigate the effect of such attacks. In this work, we take a different route and present a novel approach for dealing with adversarial attacks by soft-labeling data. In this work, we extend an existing popular image dataset: CIFAR-10. CIFAR- 10 has disjoint, well-defined, and exhaustive labels with 10 classes. We design and execute a survey and graphical user interface to collect individual soft labels for 10,000 images. In the survey, the participants are shown one image at a time and asked to rate how much characteristics from each of the classes were in the image. These answers are then turned into soft labels. To our knowledge, our novel dataset is the only soft-labeled dataset with both unambiguous images and soft labels that are independent of the hard labels. Because soft labeled datasets are more complex than hard labeled datasets, using them will require larger datasets for training. For this, we present a novel algorithm that uses the alternating direction method of multipliers to solve multinomial logistic regression in parallel. The algorithm shows improved generalization. We train the residual neural network with our novel dataset and compare it to models trained with the original CIFAR-10 with and without uniform label smoothing regularization. We show that models trained with soft-labeled data resist targeted adversarial attacks better than these other models.
Item Citations and Data
Attribution-NonCommercial-NoDerivatives 4.0 International