Upgrade to Pro — share decks privately, control downloads, hide ads and more …

機械学習とセキュリティ

setten-QB
July 07, 2020
Science
8
1.9k

 機械学習とセキュリティ

機械学習モデルへの攻撃とその対策についての概要

setten-QB

July 07, 2020
Tweet

More Decks by setten-QB

See All by setten-QB
第4回 確率・統計の基礎勉強会
settenqb
0
160
確率・統計の基礎勉強会3
settenqb
0
240
確率・統計勉強会2
settenqb
0
150
確率・統計の基礎勉強会1
settenqb
1
250

Other Decks in Science

See All in Science
Machine Learning for Materials (Lecture 8)
aronwalsh
0
410
ultraArmをモニター提供してもらった話
miura55
0
190
Machine Learning for Materials (Lecture 6)
aronwalsh
0
510
いまAI組織が求める企画開発エンジニアとは?
roadroller
2
1.3k
Transformers are Universal in Context Learners
gpeyre
0
550
(論文読み)贈り物の交換による地位の競争と社会構造の変化 - 文化人類学への統計物理学的アプローチ -
__ymgc__
1
100
WeMeet Group - 採用資料
wemeet
0
3.2k
『データ可視化学入門』を PythonからRに翻訳した話

bob3bob3
1
500
LIMEを用いた判断根拠の可視化
kentaitakura
0
340
Celebrate UTIG: Staff and Student Awards 2024
utig
0
460
(2024) Livres, Femmes et Math
mansuy
0
110
山形とさくらんぼに関するレクチャー(YG-900)
07jp27
1
220

Featured

See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Unsuck your backbone
ammeep
668
57k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
A better future with KSS
kneath
238
17k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Optimizing for Happiness
mojombo
376
70k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
For a Future-Friendly Web
brad_frost
175
9.4k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410
Building Applications with DynamoDB
mza
90
6.1k

Transcript

  1. ػցֶशͱηΩϡϦςΟ ๭௨৴ࣄۀձࣾ ΄͛΄͛։ൃ෦ ઀఺2# !TFUUFO@2# %BUB4DJFODF$BGÉ!৽॓

  2. ػցֶशºηΩϡϦςΟ Ø %PT߈ܸΛػցֶशͰݕ஌ Ø Ϛϧ΢ΣΞΛػցֶशͰݕ஌ ػցֶशΛηΩϡϦςΟʹԠ༻ ػցֶशϞσϧࣗମͷηΩϡϦςΟ ػցֶशͰߏஙͨ͠ϞσϧʢػցֶशϞσϧʣΛ૊ΈࠐΜͩγεςϜͰ͸ ैདྷͷγεςϜͱ͸ҟͳͬͨݻ༗ͷ߈ܸ͕ͳ͞ΕΔϦεΫ͕༗Δ ͦͷͨΊɼػցֶशϞσϧಛ༗ͷηΩϡϦςΟରࡦ͕ඞཁ

    2

  3.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  4. None

  5. "EWFSTBSJBM"UUBDL ܇࿅͞ΕͨػցֶशϞσϧΛὃ͢߈ܸ ݩͷը૾ ఢରతઁಈ "EWFSTBSJBM&YBNQMF ʢςφΨβϧʣ (PPEGFMMPX FUBM  ΑΓҾ༻

    5

  6. ఢରతઁಈΛݟ͚ͭΔͨΊʹ͸ argmin " , s.t. + ≠ argmin " ,

    s.t. + = # ಛఆͷΫϥεʹޡ෼ྨͤ͞Δ͜ͱΛ໨తͱͨ͠ "EWFSTBSJBM"UUBDL ޡ෼ྨͤ͞ΔΫϥε͸ࢦఆͤͣ ͱʹ͔͘Ͳ͔͜ͷΫϥεʹޡ෼ྨͤ͞Δ͜ͱΛ ໨తͱͨ͠"EWFSTBSJBM"UUBDL 6

  7. ୅දతͳ"EWFSTBSJBM"UUBDL (PPEGFMMPX FUBM  !"# = + sign ∇ ℓ

    , /PUBUJPO ɿઁಈڧ౓ʢͲΕ͙Β͍ઁಈΛڧ͘༩͑Δ͔Λද͢ʣ ℓɿଛࣦؔ਺ 3FNBSL '(4.͸Ұ౓ͷޯ഑্ঢͰ࠷దԽΛऴྃ͢Δ͕ɼ͜ΕΛෳ਺ճʹ֦ுͨ͠ͷ͕#*.Ͱɼ CBMMʹऩ·ΔΑ͏ͳ੍໿ͷ΋ͱͰޯ഑্ঢΛ܁Γฦ͢ɽ '(4.΋#*.΋! ϊϧϜͰͷઁಈΛੜ੒͓ͯ͠Γɼ%FFQGPPM͸͜ͷϊϧϜΛ" ʹɼ $8͸# ʹͨ͠΋ͷͱݟΔ͜ͱ͕Ͱ͖Δɽ 7

  8. 8IJUF#PY4FUUJOHʹ͓͚Δఢରతઁಈͷݟ͚ͭํ '(4.BUUBDL (PPEGFMMPX FUBM  #*. ,VSBLJO FUBM  BUUBDL.*'(4.

    %POHFUBM  %FFQGPPM .PPTBWJ%F[GPPMJ FUBM  /FXUPO'PPM +BOHFUBM  +4." 1BQFSOPU FUBM  (SBEJFOU #BTFE 0CKFDUJWF 'VODUJPO #BTFE $8 $BSMJOJ FUBM  &"% $IFOFUBM  0QU.BSHJO 8BSSFOFUBM  ˞8IJUF#PY4FUUJOHɿଛࣦؔ਺ͷޯ഑͕ܭࢉͰ͖ͨΓɼϞσϧͷDPOGJEFODFTDPSFΛ஌Δ͜ͱ͕Ͱ͖Δઃఆ 8

  9. "EWFSTBSJBM"UUBDL΁ͷରࡦɿ"EWFSTBSJBM5SBJOJOH Ϟσϧͷֶश࣌ʹBEWFSTBSJBMFYBNQMFTͰl༧๷઀छz͓͚ͯ͠͹ BEWFSTBSJBMFYBNQMFTʹର͢Δϩόετੑ΋্͕ΔΜ͡Όͳ͍͔ʁ 9 ℓ!"# , () ≔ ℓ !"#,

    !"# + 1 − ℓ , *EFB 3FTVMU n ࣮ࡍʹBEWFSTBSJBMFYBNQMFTʹର͢Δϩόετੑ͸޲্͢Δ ҰํͰʜ n ֶशʹཁ͢Δ͕࣌ؒ૿͑Δ n "EWFSTBSJBMFYBNQMFT΁ͷϩόετੑ͸BEWFSTBSJBMFYBNQMFTͷ࡞Γํʹґଘ͢Δ n ѱҙͷͳ͍ϊΠζ͕৐ͬͨը૾Λ͏·͘෼ྨͰ͖ͳ͘ͳΔ ͱ͍ͬͨ໰୊΋ൃੜ͢Δ

  10.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  11. .PEFM&YUSBDUJPOɿϞσϧΛ౪Ή & "SDIJUFDUVSF %FDJTJPO#PVOEBSZ 'VODUJPOBMJUZ ϨΠϠʔͷ਺΍χϡʔϩϯͷ਺ ͞Βʹ׆ੑԽؔ਺ͳͲͷ Ϟσϧͷߏ଄Λ౪ΉλΠϓ ϞσϧͷܾఆڥքΛ ౪ΉλΠϓ

    ϞσϧʹΑΔ ೖྗͱग़ྗͷରԠؔ܎Λ ౪ΉλΠϓ 11

  12. .PEFM&YUSBDUJPOͷओཁͳΞϓϩʔν $ , $ $%& ' : ℝ( → ֶश

    ), ) )%& * +: ℝ( → ֶश 0SJHJOBM.PEFM 4VCTUJUVUF.PEFM "1*ʹΑͬͯฦ͞ΕΔ Λ໨తม਺ͱͯ͠ར༻͢Δ͜ͱͰ୅ཧϞσϧΛߏங͢Δɽ ୅දతͳݚڀͱͯ͠$PSSFJB4JMWBFUBM  ΍0SFLPOEZ FUBM  ͕ڍ͛ΒΕΔɽ 12

  13. 4VCTUJUVUF.PEFMʹؔ͢Δ߈๷ %FGFODF 0GGFODF "1*ୟ͚Δճ਺Λ੍ݶ গͳ͍Ԡ౴ճ਺Ͱ΋ 4VCTUJUVUF.PEFMΛߏங͢Δํ๏͕ఏҊ͞ΕΔ 0SFLPOEZ FUBM  3PTFOCFSHFUBM

     13

  14.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  15. ʢ޿ٛͷʣ.PEFM*OWFSTJPO"UUBDL ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ 1SPQFSUZ*OGFSFODF"UUBDL .PEFM*OWFSTJPO"UUBDL ద౰ͳ ͕Ϟσϧͷֶशσʔληοτʹؚ·Ε͍ͯΔ͔ʁ Λ໌Β͔ʹ͢Δ߈ܸ ֶशσʔληοτʹؔ͢Δੑ࣭Λਪଌ͢Δ߈ܸ FH൅͕௕͍ਓ΍υϨεΛண͍ͯΔਓ͕ ੑผ෼ྨͷϞσϧͷֶशσʔλʹؚ·Ε͍ͯΔ͔ʁ

    ֶशσʔλΛ෮ݩ͢Δ߈ܸ ˞.PEFM*OWFSTJPO"UUBDLʹ.FNCFSTIJQ*OGFSFODF΍1SPQFSUZ*OGFSFODFΛؚΊΔ͔ʹ͸ॾઆ͋Γ 15

  16. ("/Λ༻͍ͨ.PEFM*OWFSTJPO ,VTBOP FUBM  ิॿσʔληοτ ) , )%& * ,

    , ∼$$( ℱ′ ֶशσʔληοτ $ , $ $%& ' , ∼$$( ℱ ΫΤϦ & ,, … * , Ԡ౴ (& ,), … * , (FOFSBUPS Ͱ ℱ ʢͬΆ͍΋ͷʣΛۙࣅ αϯϓϦϯά (FOFSBUPS͔Β ֶशσʔλͬΆ͍΋ͷΛੜ੒ 16

  17. σʔλͷҰ෦͔Β࢒Γͷ෦෼Λ෮ݩ ֶशσʔλ ∈ ℝ( ͔ΒҰ෦ͷಛ௃ྔ͚ͩΛൈ͖ग़ͯ͠ ࡞੒ͨ͠ϕΫτϧ " ∈ ℝ-, <

    ͔Β ࢒Γͷಛ௃ྔΛ෮ݩ͢Δ ࿦จͰ͸ " ͸࿙Ӯͯ͠΋໰୊ͳ͍ηϯγςΟϒͰͳ͍ಛ௃ྔͰ ࢒Γͷಛ௃ྔ͸ηϯγςΟϒͳಛ௃ྔͩͱ૝ఆ͍ͯ͠Δ ("/Λ༻͍ͨ.PEFM*OWFSTJPO ;IBOFUBM  17

  18. ͍΍ɼϜζ͘Ͷʜʁ ./*45Λֶशσʔλͱͨ͠෼ྨϞσϧʹରͯ͠.PEFM *OWFSTJPO"UUBDLΛߦͬͨ݁Ռ ิॿσʔλ͸खॻ͖จࣈͷ਺ࣈͱΞϧϑΝϕοτ ࣮ࡍʹ෮ݩͯ͠Έͨ݁Ռ 18

  19. None

  20. ػցֶशϞσϧ΁ͷ߈ܸʹؔ͢Δݚڀ ΍ͬͺΓ"EWFSTBSJBM"UUBDL͕μϯτπͳײ͡ ݚڀ͞ΕͯΔײ ֶशσʔλΛ͢΂ͯ෮ݩ͢ΔλΠϓͷ.PEFM*OWFSTJPO"UUBDL͕Ұ൪೉ͦ͠͏ ʢ࣮ࡍʹ೉͔ͬͨ͠ʣ ߈ܸͷ೉͠͞ n "EWFSTBSJBM"UUBDL͸σʔλ͕ߴ࣍ݩʹͳΔͱෆՄආతʹੜ͡ΔͨΊ ຊ࣭తʹରࡦ͕ࠔ೉ʁ n

    .PEFM&YUSBDUJPO"UUBDL͸ΫΤϦ੍ݶ͕༗ޮʹࢥ͑Δ͕ ΫΤϦ੍ݶͷ΋ͱͰ΋͋Δఔ౓ͷϞσϧෳ੡͕ग़དྷ͓ͯΓ ࠓޙͷಈ޲ʹ஫໨ ରࡦͷ೉͠͞ 20

  21. 3FGFSFODF (PPEGFMMPX *+ 4IMFOT + 4[FHFEZ $  &YQMBJOJOHBOEIBSOFTTJOHBEWFSTBSJBMFYBNQMFT BS9JW

    QSFQSJOU BS9JW ,VSBLJO " (PPEGFMMPX * #FOHJP 4  "EWFSTBSJBMFYBNQMFTJOUIFQIZTJDBMXPSME BS9JW QSFQSJOU BS9JW %POH : -JBP ' 1BOH 5 4V ) ;IV + )V 9 -J +  #PPTUJOHBEWFSTBSJBMBUUBDLTXJUINPNFOUVN *O 1SPDFFEJOHTPGUIF*&&&DPOGFSFODFPODPNQVUFSWJTJPOBOEQBUUFSOSFDPHOJUJPO QQ  .PPTBWJ%F[GPPMJ 4. 'BX[J " 'SPTTBSE 1  %FFQGPPMBTJNQMFBOEBDDVSBUFNFUIPEUPGPPMEFFQ OFVSBMOFUXPSLT*O 1SPDFFEJOHTPGUIF*&&&DPOGFSFODFPODPNQVUFSWJTJPOBOEQBUUFSOSFDPHOJUJPO QQ   +BOH 6 8V 9 +IB 4  %FDFNCFS 0CKFDUJWFNFUSJDTBOEHSBEJFOUEFTDFOUBMHPSJUINTGPSBEWFSTBSJBM FYBNQMFTJONBDIJOFMFBSOJOH*O 1SPDFFEJOHTPGUIFSE"OOVBM$PNQVUFS4FDVSJUZ"QQMJDBUJPOT $POGFSFODF QQ  1BQFSOPU / .D%BOJFM 1 +IB 4 'SFESJLTPO . $FMJL ;# 4XBNJ "  .BSDI 5IFMJNJUBUJPOTPG EFFQMFBSOJOHJOBEWFSTBSJBMTFUUJOHT*O *&&&&VSPQFBOTZNQPTJVNPOTFDVSJUZBOEQSJWBDZ &VSP41 QQ  *&&& $BSMJOJ / 8BHOFS %  .BZ 5PXBSETFWBMVBUJOHUIFSPCVTUOFTTPGOFVSBMOFUXPSLT*O JFFF TZNQPTJVNPOTFDVSJUZBOEQSJWBDZ TQ QQ *&&& $IFO 1: 4IBSNB : ;IBOH ) :J + )TJFI $+  "QSJM &BEFMBTUJDOFUBUUBDLTUPEFFQOFVSBM OFUXPSLTWJBBEWFSTBSJBMFYBNQMFT*O 5IJSUZTFDPOE"""*DPOGFSFODFPOBSUJGJDJBMJOUFMMJHFODF 21

  22. 3FGFSFODF 8BSSFO ) #P - %BXO 4  %FDJTJPO#PVOEBSZ"OBMZTJTPG"EWFSTBSJBM&YBNQMFT*OUFSOBUJPOBM $POGFSFODFPG-FBSOJOH3FQSFTFOUBUJPOT

    $PSSFJB4JMWB +3 #FSSJFM 3' #BEVF $ EF4PV[B "' 0MJWFJSB4BOUPT 5  +VMZ $PQZDBUDOO 4UFBMJOHLOPXMFEHFCZQFSTVBEJOHDPOGFTTJPOXJUISBOEPNOPOMBCFMFEEBUB*O *OUFSOBUJPOBM+PJOU $POGFSFODFPO/FVSBM/FUXPSLT *+$// QQ *&&& 0SFLPOEZ 5 4DIJFMF # 'SJU[ .  ,OPDLPGGOFUT4UFBMJOHGVODUJPOBMJUZPGCMBDLCPYNPEFMT *O 1SPDFFEJOHTPGUIF*&&&$POGFSFODFPO$PNQVUFS7JTJPOBOE1BUUFSO3FDPHOJUJPO QQ  3PTFOCFSH * 4IBCUBJ " 3PLBDI - &MPWJDJ :  4FQUFNCFS (FOFSJDCMBDLCPYFOEUPFOEBUUBDL BHBJOTUTUBUFPGUIFBSU"1*DBMMCBTFENBMXBSFDMBTTJGJFST*O *OUFSOBUJPOBM4ZNQPTJVNPO3FTFBSDIJO"UUBDLT  *OUSVTJPOT BOE%FGFOTFT QQ 4QSJOHFS $IBN ,VTBOP , 4BLVNB +  $MBTTJGJFSUP(FOFSBUPS"UUBDL&TUJNBUJPOPG5SBJOJOH%BUB%JTUSJCVUJPOGSPN $MBTTJGJFS ;IBOH : +JB 3 1FJ ) 8BOH 8 -J # 4POH %  5IFTFDSFUSFWFBMFSHFOFSBUJWFNPEFMJOWFSTJPO BUUBDLTBHBJOTUEFFQOFVSBMOFUXPSLT*O 1SPDFFEJOHTPGUIF*&&&$7'$POGFSFODFPO$PNQVUFS7JTJPOBOE 1BUUFSO3FDPHOJUJPO QQ  22