Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Attacks on Machine Learning

prabhant
October 27, 2017

Attacks on Machine Learning

Presentation for my talk on attacks on machine learning at PyconUK 2017

prabhant

October 27, 2017
Tweet

More Decks by prabhant

Other Decks in Programming

Transcript

  1. • What’s adversarial ML • Goals of adversarial examples •

    Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)
  2. Where it started: • PRALab Unica Now: • Everyone First

    paper: https://arxiv.org/pdf/1312.6199.pdf
  3. Adversarial examples goals • Confidence reduction • Misclassification • Targeted

    misclassification: produce inputs that produce the output of a specific class
  4. Adversarial examples goals • Confidence reduction • Misclassification • Targeted

    misclassification • Source target misclassification: specific input gives specific output
  5. Deep Neural Networks are Easily Fooled: High Confidence Predictions for

    Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf
  6. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack
  7. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack
  8. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool
  9. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method
  10. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks
  11. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s
  12. Then How to defend the Models against adversarial examples •

    Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
  13. Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML

    Library(not released) • Tools from PRA Lab • My blog
  14. Thank You Q/A time <Don’t ask “WHY” because nobody knows>

    Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant