CAREER: Robustify AI with Bayesian Deep Learning

There have been substantial advancements in deep learning (DL) methods over the past decade. However, DL methods are not robust against either naturally occurring misleading features or problems purposefully by adversaries. These vulnerabilities originate from DL’s reliance on observational data to learn the relationship between inputs and outputs. Consequently, DL models may encounter pitfalls, including false (spurious) input-output relationships in the training data, and adversarial attacks designed to manipulate the input data to distort the resulting output. A principled direction to eliminate these vulnerabilities requires going beyond learning from low-level, superficial relationships in the data to using instead high-level concepts and insights into causality between the links. This will conceptualize the data to guide and improve robustness of DL models. In this project, we approach this problem by developing a “robustifier” framework to improve robustness in a principled way for any DL model, against natural and adversarial factors, while also handling uncertainty in the data. The robustifier under this framework first probes a DL model with a graph of random variables, where each variable represents a higher-level concept (e.g., “color”, “shape”, etc.). The data from the graph can then be used to enhance the robustness of the DL model by performing causal inference to neutralize confounding concepts, and produce robust, uncertainty-aware prediction. Methods developed in this project will be applied in visual recognition to improve capabilities of perception models, and in healthcare to enhance robustness in analyzing patient status. This project will build formal connections between DL and probabilistic graphical models (PGM), two major machine learning (ML) paradigms with complementary strengths. It will advance the state of knowledge in ML through formulating a new Bayesian deep robustifier framework that unifies DL and PGM by: (1) developing “Bayesian deep neutralizers”, which fundamentally neutralize naturally occurring spurious features by first using PGM to infer high-level concepts from DL representations, performing causal inference to neutralize confounding (spurious) concepts, and then producing robust, uncertainty-aware prediction; (2) developing “Bayesian deep defenders”, which fundamentally defend against adversarial attack by using PGM to infer high-level concepts robustly, even from attacked DL representations, and at test time, adapting to diverse attacks unseen during training; (3) designing concrete methods to robustify DL models with minimal performance sacrifice and computational overhead, especially for large models (e.g., GPT-4); and, (4) investigating theoretical guarantees and providing valuable insight for future research. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.