Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attacks on Machine Learning
Search
prabhant
October 27, 2017
Programming
590
0
Share
Attacks on Machine Learning
Presentation for my talk on attacks on machine learning at PyconUK 2017
prabhant
October 27, 2017
More Decks by prabhant
See All by prabhant
Masters Thesis
prabhant
0
55
Class Imbalance Problem
prabhant
0
210
Gotchas of Pandas
prabhant
0
120
Other Decks in Programming
See All in Programming
Spec-Driven Development with AI Agents (Workshop, May 2026)
antonarhipov
2
280
JAWS-UG横浜 #100 祝・第100回スペシャル AWS は VPC レスの時代へ
maroon1st
0
210
AI-DLC Deep Dive
yuukiyo
9
5.4k
決定論 vs 確率論:Gemini 3 FlashとTF-IDFを組み合わせた「法規判定エンジン」の構築
shukob
0
150
PicoRuby for IoT: Connecting to the Cloud with MQTT
yuuu
2
740
Back to the roots of date
jinroq
0
650
[RubyKaigi 2026] Require Hooks
palkan
1
280
의존성 주입과 모듈화
fornewid
0
160
ソースコード→AST→オペコード、の旅を覗いてみる
o0h
PRO
1
120
SREに優しいTerraform構成 modulesとstateの組み方
hiyanger
2
160
セグメントとターゲットを意識するプロポーザルの書き方 〜採択の鍵は、誰に刺すかを見極めるマーケティング戦略にある〜
m3m0r7
PRO
0
730
クラウドネイティブなエンジニアに向ける Raycastの魅力と実際の活用事例
nealle
2
230
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.9k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.1k
Building an army of robots
kneath
306
46k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
230
Navigating Weather and Climate Data
rabernat
0
180
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
500
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
110
Deep Space Network (abreviated)
tonyrice
0
130
Thoughts on Productivity
jonyablonski
76
5.1k
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
490
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.2k
Transcript
None
About me • Security + Data science • Master’s student
at University of Tartu, Estonia
• What’s adversarial ML
• What’s adversarial ML • Goals of adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)
What’s Machine learning?
What’s Adversarial ML
What’s Adversarial ML =Security + ML
History Lesson!!
Where it started: • PRALab Unica
Where it started: • PRALab Unica Now: • Everyone First
paper: https://arxiv.org/pdf/1312.6199.pdf
Source: https://pralab.diee.unica.it/en/wild-patterns
Types of attacks • Whitebox • Blackbox
Ways to Attacks
Ways to Attacks Poisoning training data (train time attack)
Ways to Attacks Poisoning training data (Train time attack) Crafting
adversarial examples (Test time attack)
Adversarial examples goals • Confidence reduction: reduce the output confidence
classification
Adversarial examples goals • Confidence reduction • Misclassification: Changing the
output class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification: produce inputs that produce the output of a specific class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification • Source target misclassification: specific input gives specific output
How does Attacking ML models work?
How adversarial Examples work Source: cleverhans.io
Deep Neural Networks are Easily Fooled: High Confidence Predictions for
Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf
Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s
BlackBox : How can it even be possible :( ?
Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf
Why should I Care?
Why should I Care?
Why should I Care?
Why should I Care?
None
But they aren’t that easy to make.. Are they :(
None
Then How to defend the Models against adversarial examples •
Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
None
Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML
Library(not released) • Tools from PRA Lab • My blog
Thank You Q/A time <Don’t ask “WHY” because nobody knows>
Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant
prabhant
antonarhipov
maroon1st
yuukiyo
shukob
yuuu
jinroq
palkan
fornewid
o0h
hiyanger
m3m0r7
nealle
reverentgeek
tammyeverts
kneath
aleyda
retrage
rabernat
marktimemedia
akademiya2063
tonyrice
jonyablonski
portentint
