BEGIN:VCALENDAR VERSION:2.0 PRODID:-//132.216.98.100//NONSGML kigkonsult.se iCalcreator 2.20.4// BEGIN:VEVENT UID:20260523T124446EDT-8806uXgMKh@132.216.98.100 DTSTAMP:20260523T164446Z DESCRIPTION:Abstract\n\n\n Over the last decade\, Deep Learning has been the source of breakthroughs in many different fields\, such as Natural Langua ge Processing\, Computer Vision\, and Speech Recognition. However\, Deep L earning-based models have now been recognized to be extremely sensitive to perturbations\, especially when the perturbation is well-designed and gen erated by a malicious agent. This weakness of Deep Neural Networks tends t o prevent their use in critical applications\, where sensitive information is available\, or when the system interacts directly with people's everyd ay life. In this thesis\, we focus on protecting Deep Neural Networks agai nst malicious agents in two main ways.\n The first method aims at protectin g a model from attacks by increasing its robustness\, i.e.\, the ability o f the model to predict the right class even under threats. We observe that the output of a Deep Neural Network forms a statistical manifold and that the decision is taken on this manifold. We leverage this knowledge by usi ng the Fisher-Rao measure\, which computes the geodesic distance between t wo probability distributions on the statistical manifold to which they bel ong. We exploit the Fisher-Rao measure to regularize the training loss to increase the model robustness. We then adapt this method to another critic al application: the Smart Grids\, which\, due to monitoring and various se rvice needs\, rely on cyber components\, such as a state estimator\, makin g them sensitive to attacks. We\, therefore\, build robust state estimator s using Variational AutoEncoders and the extension of our proposed method to the regression case.\n The second method we focus on that intends to pro tect Deep-Learning-based models is the detection of adversarial samples. B y augmenting the model with a detector\, it is possible to increase the re liability of decisions made by Deep Neural Networks. Multiple detection me thods are available nowadays but often rely on heavy training and ad-hoc h euristics. In our work\, we make use of a simple statistical tool called t he data-depth to build efficient supervised (i.e.\, attacks are provided d uring training) and unsupervised (i.e.\, training can only rely on clean s amples) detection methods.\n DTSTART:20230307T150000Z DTEND:20230307T170000Z LOCATION:301\, James Administration Building\, CA\, QC\, Montreal\, H3A 2t5 \, 845 rue Sherbrooke Ouest SUMMARY:PhD defence of Marine Picot - Protecting Deep Learning Systems Agai nst Attacks: Enhancing Adversarial Robustness and Detection URL:/ece/channels/event/phd-defence-marine-picot-prote cting-deep-learning-systems-against-attacks-enhancing-adversarial-346578 END:VEVENT END:VCALENDAR