Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attacks on Machine Learning
Search
prabhant
October 27, 2017
Programming
0
560
Attacks on Machine Learning
Presentation for my talk on attacks on machine learning at PyconUK 2017
prabhant
October 27, 2017
Tweet
Share
More Decks by prabhant
See All by prabhant
Masters Thesis
prabhant
0
46
Class Imbalance Problem
prabhant
0
180
Gotchas of Pandas
prabhant
0
120
Other Decks in Programming
See All in Programming
Amazon RDS 向けに提供されている MCP Server と仕組みを調べてみた/jawsug-okayama-2025-aurora-mcp
takahashiikki
1
110
アルテニア コンサル/ITエンジニア向け 採用ピッチ資料
altenir
0
110
rage against annotate_predecessor
junk0612
0
170
プロポーザル駆動学習 / Proposal-Driven Learning
mackey0225
2
1.3k
奥深くて厄介な「改行」と仲良くなる20分
oguemon
1
540
Oracle Database Technology Night 92 Database Connection control FAN-AC
oracle4engineer
PRO
1
450
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
380
私の後悔をAWS DMSで解決した話
hiramax
4
210
Cache Me If You Can
ryunen344
2
1.4k
Tool Catalog Agent for Bedrock AgentCore Gateway
licux
6
2.5k
Azure SRE Agentで運用は楽になるのか?
kkamegawa
0
2.3k
AIでLINEスタンプを作ってみた
eycjur
1
230
Featured
See All Featured
Into the Great Unknown - MozCon
thekraken
40
2k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Practical Orchestrator
shlominoach
190
11k
Facilitating Awesome Meetings
lara
55
6.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Embracing the Ebb and Flow
colly
87
4.8k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
139
34k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Building Better People: How to give real-time feedback that sticks.
wjessup
368
19k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Transcript
None
About me • Security + Data science • Master’s student
at University of Tartu, Estonia
• What’s adversarial ML
• What’s adversarial ML • Goals of adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)
What’s Machine learning?
What’s Adversarial ML
What’s Adversarial ML =Security + ML
History Lesson!!
Where it started: • PRALab Unica
Where it started: • PRALab Unica Now: • Everyone First
paper: https://arxiv.org/pdf/1312.6199.pdf
Source: https://pralab.diee.unica.it/en/wild-patterns
Types of attacks • Whitebox • Blackbox
Ways to Attacks
Ways to Attacks Poisoning training data (train time attack)
Ways to Attacks Poisoning training data (Train time attack) Crafting
adversarial examples (Test time attack)
Adversarial examples goals • Confidence reduction: reduce the output confidence
classification
Adversarial examples goals • Confidence reduction • Misclassification: Changing the
output class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification: produce inputs that produce the output of a specific class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification • Source target misclassification: specific input gives specific output
How does Attacking ML models work?
How adversarial Examples work Source: cleverhans.io
Deep Neural Networks are Easily Fooled: High Confidence Predictions for
Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf
Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s
BlackBox : How can it even be possible :( ?
Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf
Why should I Care?
Why should I Care?
Why should I Care?
Why should I Care?
None
But they aren’t that easy to make.. Are they :(
None
Then How to defend the Models against adversarial examples •
Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
None
Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML
Library(not released) • Tools from PRA Lab • My blog
Thank You Q/A time <Don’t ask “WHY” because nobody knows>
Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant