Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attacks on Machine Learning
Search
prabhant
October 27, 2017
Programming
0
560
Attacks on Machine Learning
Presentation for my talk on attacks on machine learning at PyconUK 2017
prabhant
October 27, 2017
Tweet
Share
More Decks by prabhant
See All by prabhant
Masters Thesis
prabhant
0
46
Class Imbalance Problem
prabhant
0
180
Gotchas of Pandas
prabhant
0
120
Other Decks in Programming
See All in Programming
エンジニアのための”最低限いい感じ”デザイン入門
shunshobon
0
130
AIコーディングAgentとの向き合い方
eycjur
0
250
AIレビュアーをスケールさせるには / Scaling AI Reviewers
technuma
2
230
SOCI Index Manifest v2が出たので調べてみた / Introduction to SOCI Index Manifest v2
tkikuc
1
110
ワープロって実は計算機で
pepepper
2
1.4k
オープンセミナー2025@広島LT技術ブログを続けるには
satoshi256kbyte
0
150
Improving my own Ruby thereafter
sisshiki1969
1
130
オープンセミナー2025@広島「君はどこで動かすか?」アンケート結果
satoshi256kbyte
0
220
モバイルアプリからWebへの横展開を加速した話_Claude_Code_実践術.pdf
kazuyasakamoto
0
290
Updates on MLS on Ruby (and maybe more)
sylph01
1
160
MCPで実現するAIエージェント駆動のNext.jsアプリデバッグ手法
nyatinte
7
980
Zendeskのチケットを Amazon Bedrockで 解析した
ryokosuge
2
200
Featured
See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
44
2.5k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.4k
Imperfection Machines: The Place of Print at Facebook
scottboms
268
13k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
284
13k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.9k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Faster Mobile Websites
deanohume
309
31k
For a Future-Friendly Web
brad_frost
179
9.9k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
Transcript
None
About me • Security + Data science • Master’s student
at University of Tartu, Estonia
• What’s adversarial ML
• What’s adversarial ML • Goals of adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)
What’s Machine learning?
What’s Adversarial ML
What’s Adversarial ML =Security + ML
History Lesson!!
Where it started: • PRALab Unica
Where it started: • PRALab Unica Now: • Everyone First
paper: https://arxiv.org/pdf/1312.6199.pdf
Source: https://pralab.diee.unica.it/en/wild-patterns
Types of attacks • Whitebox • Blackbox
Ways to Attacks
Ways to Attacks Poisoning training data (train time attack)
Ways to Attacks Poisoning training data (Train time attack) Crafting
adversarial examples (Test time attack)
Adversarial examples goals • Confidence reduction: reduce the output confidence
classification
Adversarial examples goals • Confidence reduction • Misclassification: Changing the
output class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification: produce inputs that produce the output of a specific class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification • Source target misclassification: specific input gives specific output
How does Attacking ML models work?
How adversarial Examples work Source: cleverhans.io
Deep Neural Networks are Easily Fooled: High Confidence Predictions for
Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf
Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s
BlackBox : How can it even be possible :( ?
Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf
Why should I Care?
Why should I Care?
Why should I Care?
Why should I Care?
None
But they aren’t that easy to make.. Are they :(
None
Then How to defend the Models against adversarial examples •
Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
None
Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML
Library(not released) • Tools from PRA Lab • My blog
Thank You Q/A time <Don’t ask “WHY” because nobody knows>
Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant