Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Attacks on Machine Learning

prabhant
October 27, 2017
Programming
0
520

Attacks on Machine Learning

Presentation for my talk on attacks on machine learning at PyconUK 2017

prabhant

October 27, 2017
Tweet

More Decks by prabhant

See All by prabhant
Masters Thesis
prabhant
0
43
Class Imbalance Problem
prabhant
0
150
Gotchas of Pandas
prabhant
0
110

Other Decks in Programming

See All in Programming
いりゃあせ、PHPカンファレンス名古屋2025 / Welcome to PHP Conference Nagoya 2025
ttskch
1
150
DevFest - Serverless 101 with Google Cloud Functions
tunmise
0
140
どうして手を動かすよりもチーム内のコードレビューを優先するべきなのか
okashoi
3
870
20年もののレガシープロダクトに 0からPHPStanを入れるまで / phpcon2024
hirobe1999
0
1k
Amazon Nova Reelの可能性
hideg
0
190
Simple組み合わせ村から大都会Railsにやってきた俺は / Coming to Rails from the Simple
moznion
3
2.1k
『改訂新版 良いコード/悪いコードで学ぶ設計入門』活用方法−爆速でスキルアップする!効果的な学習アプローチ / effective-learning-of-good-code
minodriven
28
4k
PHPとAPI Platformで作る本格的なWeb APIアプリケーション(入門編) / phpcon 2024 Intro to API Platform
ttskch
0
390
為你自己學 Python
eddie
0
510
functionalなアプローチで動的要素を排除する
ryopeko
1
190
shadcn/uiを使ってReactでの開発を加速させよう!
lef237
0
290
선언형 UI에서의 상태관리
l2hyunwoo
0
270

Featured

See All Featured
A Modern Web Designer's Workflow
chriscoyier
693
190k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
How to Ace a Technical Interview
jacobian
276
23k
Reflections from 52 weeks, 52 projects
jeffersonlam
348
20k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
1.2k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.8k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
Fireside Chat
paigeccino
34
3.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
The World Runs on Bad Software
bkeepers
PRO
66
11k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
98
18k

Transcript

  1. None

  2. About me • Security + Data science • Master’s student

    at University of Tartu, Estonia

  3. • What’s adversarial ML

  4. • What’s adversarial ML • Goals of adversarial examples

  5. • What’s adversarial ML • Goals of adversarial examples •

    Algorithms to craft adversarial examples

  6. • What’s adversarial ML • Goals of adversarial examples •

    Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)

  7. What’s Machine learning?

  8. What’s Adversarial ML

  9. What’s Adversarial ML =Security + ML

  10. History Lesson!!

  11. Where it started: • PRALab Unica

  12. Where it started: • PRALab Unica Now: • Everyone First

    paper: https://arxiv.org/pdf/1312.6199.pdf

  13. Source: https://pralab.diee.unica.it/en/wild-patterns

  14. Types of attacks • Whitebox • Blackbox

  15. Ways to Attacks

  16. Ways to Attacks Poisoning training data (train time attack)

  17. Ways to Attacks Poisoning training data (Train time attack) Crafting

    adversarial examples (Test time attack)

  18. Adversarial examples goals • Confidence reduction: reduce the output confidence

    classification

  19. Adversarial examples goals • Confidence reduction • Misclassification: Changing the

    output class

  20. Adversarial examples goals • Confidence reduction • Misclassification • Targeted

    misclassification: produce inputs that produce the output of a specific class

  21. Adversarial examples goals • Confidence reduction • Misclassification • Targeted

    misclassification • Source target misclassification: specific input gives specific output

  22. How does Attacking ML models work?

  23. How adversarial Examples work Source: cleverhans.io

  24. Deep Neural Networks are Easily Fooled: High Confidence Predictions for

    Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf

  25. Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf

  26. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method

  27. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack

  28. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack

  29. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool

  30. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method

  31. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks

  32. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s

  33. BlackBox : How can it even be possible :( ?

  34. Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf

  35. Why should I Care?

  36. Why should I Care?

  37. Why should I Care?

  38. Why should I Care?

  39. None

  40. But they aren’t that easy to make.. Are they :(

  41. None

  42. Then How to defend the Models against adversarial examples •

    Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
  43. None

  44. Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML

    Library(not released) • Tools from PRA Lab • My blog

  45. Thank You Q/A time <Don’t ask “WHY” because nobody knows>

    Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant