Attacks on Machine Learning

Transcript

1. None

2. About me • Security + Data science • Master’s student

   at University of Tartu, Estonia

3. • What’s adversarial ML

4. • What’s adversarial ML • Goals of adversarial examples

5. • What’s adversarial ML • Goals of adversarial examples •

   Algorithms to craft adversarial examples

6. • What’s adversarial ML • Goals of adversarial examples •

   Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)

7. What’s Machine learning?

8. What’s Adversarial ML

9. What’s Adversarial ML =Security + ML

10. History Lesson!!

11. Where it started: • PRALab Unica

12. Where it started: • PRALab Unica Now: • Everyone First

    paper: https://arxiv.org/pdf/1312.6199.pdf

13. Source: https://pralab.diee.unica.it/en/wild-patterns

14. Types of attacks • Whitebox • Blackbox

15. Ways to Attacks

16. Ways to Attacks Poisoning training data (train time attack)

17. Ways to Attacks Poisoning training data (Train time attack) Crafting

    adversarial examples (Test time attack)

18. Adversarial examples goals • Confidence reduction: reduce the output confidence

    classification

19. Adversarial examples goals • Confidence reduction • Misclassification: Changing the

    output class

20. Adversarial examples goals • Confidence reduction • Misclassification • Targeted

    misclassification: produce inputs that produce the output of a specific class

21. Adversarial examples goals • Confidence reduction • Misclassification • Targeted

    misclassification • Source target misclassification: specific input gives specific output

22. How does Attacking ML models work?

23. How adversarial Examples work Source: cleverhans.io

24. Deep Neural Networks are Easily Fooled: High Confidence Predictions for

    Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf

25. Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf

26. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method

27. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack

28. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack

29. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool

30. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method

31. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks

32. Algorithms to craft adversarial examples for NN 1. FGSM: fast

    gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s

33. BlackBox : How can it even be possible :( ?

34. Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf

35. Why should I Care?

36. Why should I Care?

37. Why should I Care?

38. Why should I Care?

39. None

40. But they aren’t that easy to make.. Are they :(

41. None

42. Then How to defend the Models against adversarial examples •

    Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
43. None

44. Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML

    Library(not released) • Tools from PRA Lab • My blog

45. Thank You Q/A time <Don’t ask “WHY” because nobody knows>

    Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant