Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Attacks on Machine Learning
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
prabhant
October 27, 2017
Programming
0
580
Attacks on Machine Learning
Presentation for my talk on attacks on machine learning at PyconUK 2017
prabhant
October 27, 2017
Tweet
Share
More Decks by prabhant
See All by prabhant
Masters Thesis
prabhant
0
51
Class Imbalance Problem
prabhant
0
200
Gotchas of Pandas
prabhant
0
120
Other Decks in Programming
See All in Programming
AIコードレビューの導入・運用と AI駆動開発における「AI4QA」の取り組みについて
hagevvashi
0
500
米国のサイバーセキュリティタイムラインと見る Goの暗号パッケージの進化
tomtwinkle
2
610
コーディングルールの鮮度を保ちたい / keep-fresh-go-internal-conventions
handlename
0
210
Swift ConcurrencyでよりSwiftyに
yuukiw00w
0
270
CS教育のDX AIによる育成の効率化
niftycorp
PRO
0
140
Docコメントで始める簡単ガードレール
keisukeikeda
1
120
ロボットのための工場に灯りは要らない
watany
11
3k
今からFlash開発できるわけないじゃん、ムリムリ! (※ムリじゃなかった!?)
arkw
0
110
grapheme_strrev関数が採択されました(あと雑感)
youkidearitai
PRO
1
230
Everything Claude Code OSS詳細 — 5層構造の中身と導入方法
targe
0
130
Goの型安全性で実現する複数プロダクトの権限管理
ishikawa_pro
2
450
エンジニアの「手元の自動化」を加速するn8n 2026.02.27
symy2co
0
160
Featured
See All Featured
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
640
Speed Design
sergeychernyshev
33
1.6k
A better future with KSS
kneath
240
18k
Context Engineering - Making Every Token Count
addyosmani
9
760
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
110
Mobile First: as difficult as doing things right
swwweet
225
10k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.2k
Building Applications with DynamoDB
mza
96
7k
Testing 201, or: Great Expectations
jmmastey
46
8.1k
Raft: Consensus for Rubyists
vanstee
141
7.4k
Optimizing for Happiness
mojombo
378
71k
30 Presentation Tips
portentint
PRO
1
250
Transcript
None
About me • Security + Data science • Master’s student
at University of Tartu, Estonia
• What’s adversarial ML
• What’s adversarial ML • Goals of adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples
• What’s adversarial ML • Goals of adversarial examples •
Algorithms to craft adversarial examples • Defense against adversarial examples(BONUS)
What’s Machine learning?
What’s Adversarial ML
What’s Adversarial ML =Security + ML
History Lesson!!
Where it started: • PRALab Unica
Where it started: • PRALab Unica Now: • Everyone First
paper: https://arxiv.org/pdf/1312.6199.pdf
Source: https://pralab.diee.unica.it/en/wild-patterns
Types of attacks • Whitebox • Blackbox
Ways to Attacks
Ways to Attacks Poisoning training data (train time attack)
Ways to Attacks Poisoning training data (Train time attack) Crafting
adversarial examples (Test time attack)
Adversarial examples goals • Confidence reduction: reduce the output confidence
classification
Adversarial examples goals • Confidence reduction • Misclassification: Changing the
output class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification: produce inputs that produce the output of a specific class
Adversarial examples goals • Confidence reduction • Misclassification • Targeted
misclassification • Source target misclassification: specific input gives specific output
How does Attacking ML models work?
How adversarial Examples work Source: cleverhans.io
Deep Neural Networks are Easily Fooled: High Confidence Predictions for
Unrecognizable Images :https://arxiv.org/pdf/1412.1897.pdf
Source: Adversarial Examples for Evaluating Reading Comprehension Systems Source: https://arxiv.org/pdf/1707.07328.pdf
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks
Algorithms to craft adversarial examples for NN 1. FGSM: fast
gradient sign method 2. JSMA: jacobian based saliency map attack 3. Carlini wagner attack 4. DeepFool 5. The Basic Iterative Method 6. EAD: Elastic-Net Attacks 7. Projected Gradient Descent Attack PS: these are only the famous one’s
BlackBox : How can it even be possible :( ?
Transferability The Space of Transferable Adversarial Examples: https://arxiv.org/pdf/1704.03453.pdf
Why should I Care?
Why should I Care?
Why should I Care?
Why should I Care?
None
But they aren’t that easy to make.. Are they :(
None
Then How to defend the Models against adversarial examples •
Adversarial Training ◦ Ensemble adversarial training • Defensive distillation
None
Libraries and resources • Cleverhans(Tensorflow) • FoolBox(bethgelab) • Secure ML
Library(not released) • Tools from PRA Lab • My blog
Thank You Q/A time <Don’t ask “WHY” because nobody knows>
Twitter: @prabhantsingh Linkedin: https://www.linkedin.com/in/prabhantsingh Github: @prabhant
prabhant
hagevvashi
tomtwinkle
handlename
yuukiw00w
niftycorp
keisukeikeda
watany
arkw
youkidearitai
targe
ishikawa_pro
symy2co
baasie
sergeychernyshev
kneath
addyosmani
greggifford
swwweet
aleyda
mza
jmmastey
vanstee
mojombo
portentint
