Yash Sharma

I am a PhD student at the University of Tübingen and the Max Planck Institute for Intelligent Systems, working in the lab of Matthias Bethge. I've completed my Bachelors and Masters from the Cooper Union, and have spent time at Borealis AI and IBM Research.

I have worked primarily on adversarial examples, as their existence demonstrates a clear distinction between human and machine strategy not seen in standard evaluation. I aim to reduce the reliance upon data and compute by enabling agents to capture the causal factors of complex input for subsequent reasoning through the induction of strong priors.

Email  /  Twitter  /  CV  /  Google Scholar  /  Github

Defended models based on adversarial training are roughly as vulnerable to low frequency perturbations as undefended models.

Directly maximizing margins, distances in the input space from the data points to the decision boundary of the classifier, is an improvement on adversarial training.

Across factorization structures, provide evidence that generative classifiers are more robust to adversarial attacks than discriminative classifiers.

Evolutionary strategies can be used to synthesize adversarial examples in the black-box setting with orders of magnitude fewer queries than previous approaches.

Placed 1st, 1st, and 3rd in the targeted attack, non-targeted attack, and defense competitions, respectively, winning the competition overall. Prize: $38,000.

Generate adversarial examples that fool well-trained sentiment analysis and textual entailment models in the black-box setting while preserving semantics and syntactics of the original.

Contributed to the CleverHans software library.

Thesis Advisor: Sam Keene

Can bypass the feature squeezing detection framework with adversarial examples of minimal visual distortion by simply evaluating with stronger attack configurations.

Models adversarially trained on the L_inf metric are vulnerable to L1-based adversarial examples of minimal visual distortion.

Encouraging sparsity in the perturbation with L1 minimization leads to improved attack transferability and complements adversarial training.

Directly estimate the gradients of the target model for generating adversarial examples in the black-box setting, sparing the need for training substitute models and avoiding the loss in attack transferability.

Teamed with UCNesl to finish with one gold and two silver medals in the competition track.

Built an autonomous vehicle which can navigate through maps consisting of various road topologies.

Stabilized the training of competitive agents under human-level action delay through adding recurrence to the DQN architecture.

Developed a client-server application which allows users to play the game of SET against each other over the network.

Implemented a multiple pairs trading strategy on major currency pairs and improved the APR over the evaluation period by factoring in forecasts of a series of pertinent macroeconomic variables by optimizing the weights of the trading signals.

Implemented the Split-Brain Autoencoder in TensorFlow and showed that the extracted features can help supervised learning when labeling is costly.

Built an android application which allows users to record notes about their meetings, write messages that will be displayed on a Twitter-like feed, and determine viability of initiatives regarding specific tickers through sentiment analysis run on written logs.

Built an 8-bit single-cycle processor with a 4-byte cache for data memory capable of executing nested procedures, leaf procedures, signed addition, loops, and recursion.

Traced the sources of pollution in the continental United States through compiling data from the EPA, NOAA, and Google Maps API, estimating the parameters of a gaussian dispersion model, and predicting pollutant concentration in the future with linear regression.

Template: here