Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attacks on Machine Learning
Search
prabhant
October 27, 2017
Programming
0
570
Attacks on Machine Learning
Presentation for my talk on attacks on machine learning at PyconUK 2017
prabhant
October 27, 2017
Tweet
Share
More Decks by prabhant
See All by prabhant
Masters Thesis
prabhant
0
47
Class Imbalance Problem
prabhant
0
190
Gotchas of Pandas
prabhant
0
120
Other Decks in Programming
See All in Programming
SpecKitでどこまでできる? コストはどれくらい?
leveragestech
0
570
Catch Up: Go Style Guide Update
andpad
0
180
overlayPreferenceValue で実現する ピュア SwiftUI な AdMob ネイティブ広告
uhucream
0
110
ネイティブ製ガントチャートUIを作って学ぶUICollectionViewLayoutの威力
jrsaruo
0
130
プログラミングどうやる? ~テスト駆動開発から学ぶ達人の型~
a_okui
0
190
CSC305 Lecture 03
javiergs
PRO
0
230
Reduxモダナイズ 〜コードのモダン化を通して、将来のライブラリ移行に備える〜
pvcresin
2
690
10年もののAPIサーバーにおけるCI/CDの改善の奮闘
mbook
0
780
私はどうやって技術力を上げたのか
yusukebe
43
17k
AIエージェント時代における TypeScriptスキーマ駆動開発の新たな役割
bicstone
4
1.5k
CSC509 Lecture 02
javiergs
PRO
0
410
Web フロントエンドエンジニアに開かれる AI Agent プロダクト開発 - Vercel AI SDK を観察して AI Agent と仲良くなろう! #FEC余熱NIGHT
izumin5210
3
410
Featured
See All Featured
Practical Orchestrator
shlominoach
190
11k
The Invisible Side of Design
smashingmag
301
51k
Producing Creativity
orderedlist
PRO
347
40k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
How STYLIGHT went responsive
nonsquared
100
5.8k
BBQ
matthewcrist
89
9.8k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Designing for humans not robots
tammielis
254
25k
It's Worth the Effort
3n
187
28k
Making Projects Easy
brettharned
119
6.4k
Context Engineering - Making Every Token Count
addyosmani
5
190
Learning to Love Humans: Emotional Interface Design
aarron
274
40k
Transcript
None
About me • Security + Data science • Master’s student
at University of Tartu, Estonia
• What’s adversarial ML
• What’s adversarial ML • Goals of adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)
What’s Machine learning?
What’s Adversarial ML
What’s Adversarial ML =Security + ML
History Lesson!!
Where it started: • PRALab Unica
Where it started: • PRALab Unica Now: • Everyone First
paper: https://arxiv.org/pdf/1312.6199.pdf
Source: https://pralab.diee.unica.it/en/wild-patterns
Types of attacks • Whitebox • Blackbox
Ways to Attacks
Ways to Attacks Poisoning training data (train time attack)
Ways to Attacks Poisoning training data (Train time attack) Crafting
adversarial examples (Test time attack)
Adversarial examples goals • Confidence reduction: reduce the output confidence
classification
Adversarial examples goals • Confidence reduction • Misclassification: Changing the
output class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification: produce inputs that produce the output of a specific class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification • Source target misclassification: specific input gives specific output
How does Attacking ML models work?
How adversarial Examples work Source: cleverhans.io
Deep Neural Networks are Easily Fooled: High Confidence Predictions for
Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf
Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s
BlackBox : How can it even be possible :( ?
Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf
Why should I Care?
Why should I Care?
Why should I Care?
Why should I Care?
None
But they aren’t that easy to make.. Are they :(
None
Then How to defend the Models against adversarial examples •
Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
None
Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML
Library(not released) • Tools from PRA Lab • My blog
Thank You Q/A time <Don’t ask “WHY” because nobody knows>
Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant