Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Attacks on Machine Learning

prabhant
October 27, 2017
Programming
0
510

Attacks on Machine Learning

Presentation for my talk on attacks on machine learning at PyconUK 2017

prabhant

October 27, 2017
Tweet

More Decks by prabhant

See All by prabhant
Masters Thesis
prabhant
0
40
Class Imbalance Problem
prabhant
0
140
Gotchas of Pandas
prabhant
0
110

Other Decks in Programming

See All in Programming
タクシーアプリ『GO』のリアルタイムデータ分析基盤における機械学習サービスの活用
mot_techtalk
4
1.4k
シールドクラスをはじめよう / Getting Started with Sealed Classes
mackey0225
4
640
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
2
660
役立つログに取り組もう
irof
28
9.6k
Remix on Hono on Cloudflare Workers
yusukebe
1
280
レガシーシステムにどう立ち向かうか 複雑さと理想と現実/vs-legacy
suzukihoge
14
2.2k
Kaigi on Rails 2024 〜運営の裏側〜
krpk1900
1
190
『ドメイン駆動設計をはじめよう』のモデリングアプローチ
masuda220
PRO
8
540
Amazon Bedrock Agentsを用いてアプリ開発してみた!
har1101
0
330
Quine, Polyglot, 良いコード
qnighy
4
640
RubyLSPのマルチバイト文字対応
notfounds
0
120
リアーキテクチャxDDD 1年間の取り組みと進化
hsawaji
1
220

Featured

See All Featured
Documentation Writing (for coders)
carmenintech
65
4.4k
What's in a price? How to price your products and services
michaelherold
243
12k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Making Projects Easy
brettharned
115
5.9k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
What's new in Ruby 2.0
geeforr
343
31k

Transcript

  1. None

  2. About me • Security + Data science • Master’s student

    at University of Tartu, Estonia

  3. • What’s adversarial ML

  4. • What’s adversarial ML • Goals of adversarial examples

  5. • What’s adversarial ML • Goals of adversarial examples •

    Algorithms to craft adversarial examples

  6. • What’s adversarial ML • Goals of adversarial examples •

    Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)

  7. What’s Machine learning?

  8. What’s Adversarial ML

  9. What’s Adversarial ML =Security + ML

  10. History Lesson!!

  11. Where it started: • PRALab Unica

  12. Where it started: • PRALab Unica Now: • Everyone First

    paper: https://arxiv.org/pdf/1312.6199.pdf

  13. Source: https://pralab.diee.unica.it/en/wild-patterns

  14. Types of attacks • Whitebox • Blackbox

  15. Ways to Attacks

  16. Ways to Attacks Poisoning training data (train time attack)

  17. Ways to Attacks Poisoning training data (Train time attack) Crafting

    adversarial examples (Test time attack)

  18. Adversarial examples goals • Confidence reduction: reduce the output confidence

    classification

  19. Adversarial examples goals • Confidence reduction • Misclassification: Changing the

    output class

  20. Adversarial examples goals • Confidence reduction • Misclassification • Targeted

    misclassification: produce inputs that produce the output of a specific class

  21. Adversarial examples goals • Confidence reduction • Misclassification • Targeted

    misclassification • Source target misclassification: specific input gives specific output

  22. How does Attacking ML models work?

  23. How adversarial Examples work Source: cleverhans.io

  24. Deep Neural Networks are Easily Fooled: High Confidence Predictions for

    Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf

  25. Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf

  26. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method

  27. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack

  28. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack

  29. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool

  30. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method

  31. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks

  32. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s

  33. BlackBox : How can it even be possible :( ?

  34. Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf

  35. Why should I Care?

  36. Why should I Care?

  37. Why should I Care?

  38. Why should I Care?

  39. None

  40. But they aren’t that easy to make.. Are they :(

  41. None

  42. Then How to defend the Models against adversarial examples •

    Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
  43. None

  44. Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML

    Library(not released) • Tools from PRA Lab • My blog

  45. Thank You Q/A time <Don’t ask “WHY” because nobody knows>

    Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant