Yash Sharma

I am a PhD student at the University of Tübingen and the Max Planck Institute for Intelligent Systems, working in the lab of Matthias Bethge. I've completed my Bachelors and Masters from the Cooper Union, and have spent time at Borealis AI and IBM Research.

I have worked primarily on adversarial examples, as their existence demonstrates a clear distinction between human and machine strategy not seen in standard evaluation. I aim to reduce the reliance upon data and compute by enabling agents to capture the causal factors of complex input for subsequent reasoning through the induction of strong priors.

Email  /  Twitter  /  CV  /  Google Scholar  /  Github

On the Effectiveness of Low Frequency Perturbations
Yash Sharma, Gavin Weiguang Ding, Marcus Brubaker
IJCAI, 2019

Defended ImageNet models based on adversarial training are roughly as vulnerable to low frequency perturbations as undefended models.

Max-Margin Adversarial (MMA) Training: Direct Input Space Margin Maximization through Adversarial Training
Gavin Weiguang Ding, Yash Sharma, Kry Yik Chau Lui, Ruitong Huang
ICLR SafeML Workshop, 2019

Directly maximizing margins, distances in the input space from the data points to the decision boundary of the classifier, is an improvement on adversarial training.

Are Generative Classifiers More Robust to Adversarial Attacks?
Yingzhen Li, John Bradshaw, Yash Sharma
ICML, 2019
ICML TADGM Workshop, 2018
paper / code

Across factorization structures, provide evidence that generative classifiers are more robust to adversarial attacks than discriminative classifiers.

GenAttack: Practical Black-box Attacks with Gradient-Free Optimization
Moustafa Alzantot, Yash Sharma, Supriyo Chakraborty, Huan Zhang, Cho-Jui Hsieh, Mani Srivastava
GECCO, 2019
paper / code

Evolutionary strategies can be used to synthesize adversarial examples in the black-box setting with orders of magnitude fewer queries than previous approaches.

CAAD 2018: Generating Transferable Adversarial Examples
Yash Sharma, Tien-Dung Le, Moustafa Alzantot
arXiv:1810.01268, 2018
paper / code / press

Placed 1st, 1st, and 3rd in the targeted attack, non-targeted attack, and defense competitions, respectively, winning the competition overall. Prize: $38,000.

Generating Natural Language Adversarial Examples
Yash Sharma*, Moustafa Alzantot*, Ahmed Elgohary, Bo-Jhang Ho, Mani Srivastava, Kai-Wei Chang
EMNLP, 2018
NeurIPS SecML Workshop (Encore Track), 2018
paper / code

Generate adversarial examples that fool well-trained sentiment analysis and textual entailment models in the black-box setting while preserving semantics and syntactics of the original.

Technical Report on the CleverHans v2.1.0 Adversarial Examples Library
Nicolas Papernot, Fartash Faghri, Nicholas Carlini, Ian Goodfellow, Reuben Feinman, Alexey Kurakin, Cihang Xie, Yash Sharma,...
arXiv:1610.00768, 2018
paper / code

Contributed to the CleverHans software library.

Gradient-based Adversarial Attacks to Deep Neural Networks in Limited Access Settings
Yash Sharma
Master's Thesis, 2018
paper / slides

Thesis Advisor: Sam Keene

Bypassing Feature Squeezing by Increasing Adversary Strength
Yash Sharma, Pin-Yu Chen
arXiv:1803.09868, 2018

Can bypass the feature squeezing detection framework with adversarial examples of minimal visual distortion by simply evaluating with stronger attack configurations.

Attacking the Madry Defense Model with L1-based Adversarial Examples
Yash Sharma, Pin-Yu Chen
ICLR Workshop Track, 2018

Models adversarially trained on the L_inf metric are vulnerable to L1-based adversarial examples of minimal visual distortion.

EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples
Yash Sharma*, Pin-Yu Chen*, Huan Zhang, Jinfeng Yi, Cho-Jui Hsieh
AAAI, 2018
paper / code

Encouraging sparsity in the perturbation with L1 minimization leads to improved attack transferability and complements adversarial training.

ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models
Huan Zhang*, Pin-Yu Chen*, Yash Sharma, Jinfeng Yi, Cho-Jui Hsieh
ACM CCS AISec, 2017
paper / code

Directly estimate the gradients of the target model for generating adversarial examples in the black-box setting, sparing the need for training substitute models and avoiding the loss in attack transferability.

Adversarial Attacks and Defences Competition
Yash Sharma, Moustafa Alzantot, Supriyo Chakraborty, Tianwei Xing, Sikai Yin, Mani Srivastava
NIPS Competition Track, 2017

Teamed with UCNesl to finish with one gold and two silver medals in the competition track.

Lane Keeping and Navigation Assist System
Yash Sharma, Vishnu Kaimal
Senior Project, 2017-2018
IEEE Student Paper, 2018
full report / writeup / poster / demo

Built an autonomous vehicle which can navigate through maps consisting of various road topologies.

Learning to Play Super Smash Bros. Melee with Delayed Actions
Yash Sharma, Eli Friedman
Deep Learning Final Project, 2017

Stabilized the training of competitive agents under human-level action delay through adding recurrence to the DQN architecture.

The Game of Set
Yash Sharma, Sahil Patel, Shalin Patel, Kevin Sheng
Software Engineering Final Project, 2017
code / slides

Developed a client-server application which allows users to play the game of SET against each other over the network.

Using Macroeconomic Forecasts to Improve Mean Reverting Trading Strategies
Yash Sharma
Business Economics Final Project, 2017
paper / code

Implemented a multiple pairs trading strategy on major currency pairs and improved the APR over the evaluation period by factoring in forecasts of a series of pertinent macroeconomic variables by optimizing the weights of the trading signals.

Unsupervised Pretraining
Yash Sharma, Sahil Patel
Deep Learning Midterm Project, 2017

Implemented the Split-Brain Autoencoder in TensorFlow and showed that the extracted features can help supervised learning when labeling is costly.

Yash Sharma, Brenda So, Shalin Patel
CodeSuisse Hackathon (Winner), 2016

Built an android application which allows users to record notes about their meetings, write messages that will be displayed on a Twitter-like feed, and determine viability of initiatives regarding specific tickers through sentiment analysis run on written logs.

SSBY Architecture
Yash Sharma, Shalin Patel, Matt Cavallaro
Computer Architecture Final Project, 2016

Built an 8-bit single-cycle processor with a 4-byte cache for data memory capable of executing nested procedures, leaf procedures, signed addition, loops, and recursion.

Yash Sharma, Brenda So, Sahil Patel, Gordon Su
IBM Sparkathon, 2016
code / dataset

Traced the sources of pollution in the continental United States through compiling data from the EPA, NOAA, and Google Maps API, estimating the parameters of a gaussian dispersion model, and predicting pollutant concentration in the future with linear regression.

Template: here