Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attacks on Machine Learning
Search
prabhant
October 27, 2017
Programming
0
580
Attacks on Machine Learning
Presentation for my talk on attacks on machine learning at PyconUK 2017
prabhant
October 27, 2017
Tweet
Share
More Decks by prabhant
See All by prabhant
Masters Thesis
prabhant
0
50
Class Imbalance Problem
prabhant
0
200
Gotchas of Pandas
prabhant
0
120
Other Decks in Programming
See All in Programming
Rails Girls Tokyo 18th GMO Pepabo Sponsor Talk
yutokyokutyo
0
200
朝日新聞のデジタル版を支えるGoバックエンド ー価値ある情報をいち早く確実にお届けするために
junkiishida
1
370
今、アーキテクトとして 品質保証にどう関わるか
nealle
0
200
Head of Engineeringが現場で回した生産性向上施策 2025→2026
gessy0129
0
210
encoding/json/v2のUnmarshalはこう変わった:内部実装で見る設計改善
kurakura0916
0
320
AIプロダクト時代のQAエンジニアに求められること
imtnd
2
720
AIコーディングの理想と現実 2026 | AI Coding: Expectations vs. Reality 2026
tomohisa
0
1.1k
Python’s True Superpower
hynek
0
200
API Platformを活用したPHPによる本格的なWeb API開発 / api-platform-book-intro
ttskch
1
120
PJのドキュメントを全部Git管理にしたら、一番喜んだのはAIだった
nanaism
0
240
CopilotKit + AG-UIを学ぶ
nearme_tech
PRO
1
130
New in Go 1.26 Implementing go fix in product development
sunecosuri
0
350
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
128
17k
How to Ace a Technical Interview
jacobian
281
24k
Music & Morning Musume
bryan
47
7.1k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Sam Torres - BigQuery for SEOs
techseoconnect
PRO
0
210
Git: the NoSQL Database
bkeepers
PRO
432
66k
GraphQLとの向き合い方2022年版
quramy
50
14k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
330
SEO Brein meetup: CTRL+C is not how to scale international SEO
lindahogenes
0
2.4k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
280
Color Theory Basics | Prateek | Gurzu
gurzu
0
230
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
22k
Transcript
None
About me • Security + Data science • Master’s student
at University of Tartu, Estonia
• What’s adversarial ML
• What’s adversarial ML • Goals of adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)
What’s Machine learning?
What’s Adversarial ML
What’s Adversarial ML =Security + ML
History Lesson!!
Where it started: • PRALab Unica
Where it started: • PRALab Unica Now: • Everyone First
paper: https://arxiv.org/pdf/1312.6199.pdf
Source: https://pralab.diee.unica.it/en/wild-patterns
Types of attacks • Whitebox • Blackbox
Ways to Attacks
Ways to Attacks Poisoning training data (train time attack)
Ways to Attacks Poisoning training data (Train time attack) Crafting
adversarial examples (Test time attack)
Adversarial examples goals • Confidence reduction: reduce the output confidence
classification
Adversarial examples goals • Confidence reduction • Misclassification: Changing the
output class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification: produce inputs that produce the output of a specific class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification • Source target misclassification: specific input gives specific output
How does Attacking ML models work?
How adversarial Examples work Source: cleverhans.io
Deep Neural Networks are Easily Fooled: High Confidence Predictions for
Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf
Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s
BlackBox : How can it even be possible :( ?
Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf
Why should I Care?
Why should I Care?
Why should I Care?
Why should I Care?
None
But they aren’t that easy to make.. Are they :(
None
Then How to defend the Models against adversarial examples •
Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
None
Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML
Library(not released) • Tools from PRA Lab • My blog
Thank You Q/A time <Don’t ask “WHY” because nobody knows>
Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant
prabhant
yutokyokutyo
junkiishida
nealle
gessy0129
kurakura0916
imtnd
tomohisa
hynek
ttskch
nanaism
nearme_tech
sunecosuri
keavy
jacobian
bryan
bluesmoon
techseoconnect
bkeepers
quramy
reverentgeek
lindahogenes
gurzu
danielanewman
