Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attacks on Machine Learning
Search
prabhant
October 27, 2017
Programming
610
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Attacks on Machine Learning
Presentation for my talk on attacks on machine learning at PyconUK 2017
prabhant
October 27, 2017
More Decks by prabhant
See All by prabhant
Masters Thesis
prabhant
0
60
Class Imbalance Problem
prabhant
0
220
Gotchas of Pandas
prabhant
0
130
Other Decks in Programming
See All in Programming
act1-costs.pdf
sumedhbala
0
210
気圧・高度・GPSを記録&可視化するアプリ「Koudo」を作った話
hjmkth
1
350
20260623_Loop Engineeringで自分の分身の問い合わせBotを作る
ryugen04
0
210
Creating Composable Callables in Contemporary C++
rollbear
0
210
Performance Engineering for Everyone
elenatanasoiu
0
270
Generative UI & AI-Assistants for Your Angular Solutions
manfredsteyer
PRO
1
170
【やさしく解説 設計編・中級 #4】ルールの寿命と、システムの年輪
panda728
PRO
2
130
そのテスト、説明できますか?~LWテスト戦略FW~のご紹介
nakahara
0
200
SREは、MCPとSRE Agentをこう使え!
kazumax55
0
150
1年で人数1.5倍、PR数5.5倍増。 品質とアウトカムはどうなったか、 何が効いたか
ike002jp
0
130
フィードバックで育てるAI開発
kotaminato
1
110
なぜ関数型プログラミングで「型」と「証明」が語られるのか #fp_matsuri
kajitack
3
860
Featured
See All Featured
Prompt Engineering for Job Search
mfonobong
0
370
The #1 spot is gone: here's how to win anyway
tamaranovitovic
3
1.1k
Context Engineering - Making Every Token Count
addyosmani
9
1k
Ethics towards AI in product and experience design
skipperchong
2
330
Building Flexible Design Systems
yeseniaperezcruz
330
40k
4 Signs Your Business is Dying
shpigford
187
22k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
helenjbeal
1
260
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
240
The Curse of the Amulet
leimatthew05
2
13k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
8.2k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.3k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
2k
Transcript
None
About me • Security + Data science • Master’s student
at University of Tartu, Estonia
• What’s adversarial ML
• What’s adversarial ML • Goals of adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)
What’s Machine learning?
What’s Adversarial ML
What’s Adversarial ML =Security + ML
History Lesson!!
Where it started: • PRALab Unica
Where it started: • PRALab Unica Now: • Everyone First
paper: https://arxiv.org/pdf/1312.6199.pdf
Source: https://pralab.diee.unica.it/en/wild-patterns
Types of attacks • Whitebox • Blackbox
Ways to Attacks
Ways to Attacks Poisoning training data (train time attack)
Ways to Attacks Poisoning training data (Train time attack) Crafting
adversarial examples (Test time attack)
Adversarial examples goals • Confidence reduction: reduce the output confidence
classification
Adversarial examples goals • Confidence reduction • Misclassification: Changing the
output class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification: produce inputs that produce the output of a specific class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification • Source target misclassification: specific input gives specific output
How does Attacking ML models work?
How adversarial Examples work Source: cleverhans.io
Deep Neural Networks are Easily Fooled: High Confidence Predictions for
Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf
Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s
BlackBox : How can it even be possible :( ?
Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf
Why should I Care?
Why should I Care?
Why should I Care?
Why should I Care?
None
But they aren’t that easy to make.. Are they :(
None
Then How to defend the Models against adversarial examples •
Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
None
Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML
Library(not released) • Tools from PRA Lab • My blog
Thank You Q/A time <Don’t ask “WHY” because nobody knows>
Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant