機械学習とセキュリティ

Ab40fb58b38d364f318c06e5936c4bc8?s=47 setten-QB
July 07, 2020
Science
8
1.4k

 機械学習とセキュリティ

機械学習モデルへの攻撃とその対策についての概要

Ab40fb58b38d364f318c06e5936c4bc8?s=128

setten-QB

July 07, 2020
Tweet

More Decks by setten-QB

See All by setten-QB
Ab40fb58b38d364f318c06e5936c4bc8?s=48 settenqb
0
85
Ab40fb58b38d364f318c06e5936c4bc8?s=48 settenqb
0
160
Ab40fb58b38d364f318c06e5936c4bc8?s=48 settenqb
0
110
Ab40fb58b38d364f318c06e5936c4bc8?s=48 settenqb
1
190

Other Decks in Science

See All in Science
C4c6c7b4fdf9285bcf12c5caa58c8d53?s=48 nyk510
1
2.6k
Dca4f8abd1e78940052ee52c85c4d2ed?s=48 shimacos
5
1.5k
Ea29e2b19d11b48f867ae71d6a6de5df?s=48 opelab
0
290
7cf213f4930be5a6a21edae1674bcb36?s=48 ktnyt
1
3.1k
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
0
250
8f5c72286a3cac9fc87d2b81689d4b7b?s=48 satokeiju
6
1.7k
874ff503a00697a857e198a0ebb8f55f?s=48 ailaboocu
0
160
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
1
270
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
1
480
D0a72daa3738ec03ac6bec53fd5df04e?s=48 scrummasudar
0
140
0ece01ad1513ae4ec0cdb062f9c3e6d8?s=48 pacocat
0
140
Fed6420561c9fe84d529ff2aa7b5c9aa?s=48 yuricat
0
470

Featured

See All Featured
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
124
21k
245cee81a9c424266e5e401d844ea881?s=48 lara
589
60k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
55
5.2k
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
220
14k
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
224
8.3k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
101
4.8k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
144
6.5k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
112
24k
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
49
3.2k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
104
10k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
621
40k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
494
110k

Transcript

  1. ػցֶशͱηΩϡϦςΟ ๭௨৴ࣄۀձࣾ ΄͛΄͛։ൃ෦ ઀఺2# !TFUUFO@2# %BUB4DJFODF$BGÉ!৽॓

  2. ػցֶशºηΩϡϦςΟ Ø %PT߈ܸΛػցֶशͰݕ஌ Ø Ϛϧ΢ΣΞΛػցֶशͰݕ஌ ػցֶशΛηΩϡϦςΟʹԠ༻ ػցֶशϞσϧࣗମͷηΩϡϦςΟ ػցֶशͰߏஙͨ͠ϞσϧʢػցֶशϞσϧʣΛ૊ΈࠐΜͩγεςϜͰ͸ ैདྷͷγεςϜͱ͸ҟͳͬͨݻ༗ͷ߈ܸ͕ͳ͞ΕΔϦεΫ͕༗Δ ͦͷͨΊɼػցֶशϞσϧಛ༗ͷηΩϡϦςΟରࡦ͕ඞཁ

    2

  3.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  4. None

  5. "EWFSTBSJBM"UUBDL ܇࿅͞ΕͨػցֶशϞσϧΛὃ͢߈ܸ ݩͷը૾ ఢରతઁಈ "EWFSTBSJBM&YBNQMF ʢςφΨβϧʣ (PPEGFMMPX FUBM  ΑΓҾ༻

    5

  6. ఢରతઁಈΛݟ͚ͭΔͨΊʹ͸ argmin " , s.t. + ≠ argmin " ,

    s.t. + = # ಛఆͷΫϥεʹޡ෼ྨͤ͞Δ͜ͱΛ໨తͱͨ͠ "EWFSTBSJBM"UUBDL ޡ෼ྨͤ͞ΔΫϥε͸ࢦఆͤͣ ͱʹ͔͘Ͳ͔͜ͷΫϥεʹޡ෼ྨͤ͞Δ͜ͱΛ ໨తͱͨ͠"EWFSTBSJBM"UUBDL 6

  7. ୅දతͳ"EWFSTBSJBM"UUBDL (PPEGFMMPX FUBM  !"# = + sign ∇ ℓ

    , /PUBUJPO ɿઁಈڧ౓ʢͲΕ͙Β͍ઁಈΛڧ͘༩͑Δ͔Λද͢ʣ ℓɿଛࣦؔ਺ 3FNBSL '(4.͸Ұ౓ͷޯ഑্ঢͰ࠷దԽΛऴྃ͢Δ͕ɼ͜ΕΛෳ਺ճʹ֦ுͨ͠ͷ͕#*.Ͱɼ CBMMʹऩ·ΔΑ͏ͳ੍໿ͷ΋ͱͰޯ഑্ঢΛ܁Γฦ͢ɽ '(4.΋#*.΋! ϊϧϜͰͷઁಈΛੜ੒͓ͯ͠Γɼ%FFQGPPM͸͜ͷϊϧϜΛ" ʹɼ $8͸# ʹͨ͠΋ͷͱݟΔ͜ͱ͕Ͱ͖Δɽ 7

  8. 8IJUF#PY4FUUJOHʹ͓͚Δఢରతઁಈͷݟ͚ͭํ '(4.BUUBDL (PPEGFMMPX FUBM  #*. ,VSBLJO FUBM  BUUBDL.*'(4.

    %POHFUBM  %FFQGPPM .PPTBWJ%F[GPPMJ FUBM  /FXUPO'PPM +BOHFUBM  +4." 1BQFSOPU FUBM  (SBEJFOU #BTFE 0CKFDUJWF 'VODUJPO #BTFE $8 $BSMJOJ FUBM  &"% $IFOFUBM  0QU.BSHJO 8BSSFOFUBM  ˞8IJUF#PY4FUUJOHɿଛࣦؔ਺ͷޯ഑͕ܭࢉͰ͖ͨΓɼϞσϧͷDPOGJEFODFTDPSFΛ஌Δ͜ͱ͕Ͱ͖Δઃఆ 8

  9. "EWFSTBSJBM"UUBDL΁ͷରࡦɿ"EWFSTBSJBM5SBJOJOH Ϟσϧͷֶश࣌ʹBEWFSTBSJBMFYBNQMFTͰl༧๷઀छz͓͚ͯ͠͹ BEWFSTBSJBMFYBNQMFTʹର͢Δϩόετੑ΋্͕ΔΜ͡Όͳ͍͔ʁ 9 ℓ!"# , () ≔ ℓ !"#,

    !"# + 1 − ℓ , *EFB 3FTVMU n ࣮ࡍʹBEWFSTBSJBMFYBNQMFTʹର͢Δϩόετੑ͸޲্͢Δ ҰํͰʜ n ֶशʹཁ͢Δ͕࣌ؒ૿͑Δ n "EWFSTBSJBMFYBNQMFT΁ͷϩόετੑ͸BEWFSTBSJBMFYBNQMFTͷ࡞Γํʹґଘ͢Δ n ѱҙͷͳ͍ϊΠζ͕৐ͬͨը૾Λ͏·͘෼ྨͰ͖ͳ͘ͳΔ ͱ͍ͬͨ໰୊΋ൃੜ͢Δ

  10.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  11. .PEFM&YUSBDUJPOɿϞσϧΛ౪Ή & "SDIJUFDUVSF %FDJTJPO#PVOEBSZ 'VODUJPOBMJUZ ϨΠϠʔͷ਺΍χϡʔϩϯͷ਺ ͞Βʹ׆ੑԽؔ਺ͳͲͷ Ϟσϧͷߏ଄Λ౪ΉλΠϓ ϞσϧͷܾఆڥքΛ ౪ΉλΠϓ

    ϞσϧʹΑΔ ೖྗͱग़ྗͷରԠؔ܎Λ ౪ΉλΠϓ 11

  12. .PEFM&YUSBDUJPOͷओཁͳΞϓϩʔν $ , $ $%& ' : ℝ( → ֶश

    ), ) )%& * +: ℝ( → ֶश 0SJHJOBM.PEFM 4VCTUJUVUF.PEFM "1*ʹΑͬͯฦ͞ΕΔ Λ໨తม਺ͱͯ͠ར༻͢Δ͜ͱͰ୅ཧϞσϧΛߏங͢Δɽ ୅දతͳݚڀͱͯ͠$PSSFJB4JMWBFUBM  ΍0SFLPOEZ FUBM  ͕ڍ͛ΒΕΔɽ 12

  13. 4VCTUJUVUF.PEFMʹؔ͢Δ߈๷ %FGFODF 0GGFODF "1*ୟ͚Δճ਺Λ੍ݶ গͳ͍Ԡ౴ճ਺Ͱ΋ 4VCTUJUVUF.PEFMΛߏங͢Δํ๏͕ఏҊ͞ΕΔ 0SFLPOEZ FUBM  3PTFOCFSHFUBM

     13

  14.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  15. ʢ޿ٛͷʣ.PEFM*OWFSTJPO"UUBDL ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ 1SPQFSUZ*OGFSFODF"UUBDL .PEFM*OWFSTJPO"UUBDL ద౰ͳ ͕Ϟσϧͷֶशσʔληοτʹؚ·Ε͍ͯΔ͔ʁ Λ໌Β͔ʹ͢Δ߈ܸ ֶशσʔληοτʹؔ͢Δੑ࣭Λਪଌ͢Δ߈ܸ FH൅͕௕͍ਓ΍υϨεΛண͍ͯΔਓ͕ ੑผ෼ྨͷϞσϧͷֶशσʔλʹؚ·Ε͍ͯΔ͔ʁ

    ֶशσʔλΛ෮ݩ͢Δ߈ܸ ˞.PEFM*OWFSTJPO"UUBDLʹ.FNCFSTIJQ*OGFSFODF΍1SPQFSUZ*OGFSFODFΛؚΊΔ͔ʹ͸ॾઆ͋Γ 15

  16. ("/Λ༻͍ͨ.PEFM*OWFSTJPO ,VTBOP FUBM  ิॿσʔληοτ ) , )%& * ,

    , ∼$$( ℱ′ ֶशσʔληοτ $ , $ $%& ' , ∼$$( ℱ ΫΤϦ & ,, … * , Ԡ౴ (& ,), … * , (FOFSBUPS Ͱ ℱ ʢͬΆ͍΋ͷʣΛۙࣅ αϯϓϦϯά (FOFSBUPS͔Β ֶशσʔλͬΆ͍΋ͷΛੜ੒ 16

  17. σʔλͷҰ෦͔Β࢒Γͷ෦෼Λ෮ݩ ֶशσʔλ ∈ ℝ( ͔ΒҰ෦ͷಛ௃ྔ͚ͩΛൈ͖ग़ͯ͠ ࡞੒ͨ͠ϕΫτϧ " ∈ ℝ-, <

    ͔Β ࢒Γͷಛ௃ྔΛ෮ݩ͢Δ ࿦จͰ͸ " ͸࿙Ӯͯ͠΋໰୊ͳ͍ηϯγςΟϒͰͳ͍ಛ௃ྔͰ ࢒Γͷಛ௃ྔ͸ηϯγςΟϒͳಛ௃ྔͩͱ૝ఆ͍ͯ͠Δ ("/Λ༻͍ͨ.PEFM*OWFSTJPO ;IBOFUBM  17

  18. ͍΍ɼϜζ͘Ͷʜʁ ./*45Λֶशσʔλͱͨ͠෼ྨϞσϧʹରͯ͠.PEFM *OWFSTJPO"UUBDLΛߦͬͨ݁Ռ ิॿσʔλ͸खॻ͖จࣈͷ਺ࣈͱΞϧϑΝϕοτ ࣮ࡍʹ෮ݩͯ͠Έͨ݁Ռ 18

  19. None

  20. ػցֶशϞσϧ΁ͷ߈ܸʹؔ͢Δݚڀ ΍ͬͺΓ"EWFSTBSJBM"UUBDL͕μϯτπͳײ͡ ݚڀ͞ΕͯΔײ ֶशσʔλΛ͢΂ͯ෮ݩ͢ΔλΠϓͷ.PEFM*OWFSTJPO"UUBDL͕Ұ൪೉ͦ͠͏ ʢ࣮ࡍʹ೉͔ͬͨ͠ʣ ߈ܸͷ೉͠͞ n "EWFSTBSJBM"UUBDL͸σʔλ͕ߴ࣍ݩʹͳΔͱෆՄආతʹੜ͡ΔͨΊ ຊ࣭తʹରࡦ͕ࠔ೉ʁ n

    .PEFM&YUSBDUJPO"UUBDL͸ΫΤϦ੍ݶ͕༗ޮʹࢥ͑Δ͕ ΫΤϦ੍ݶͷ΋ͱͰ΋͋Δఔ౓ͷϞσϧෳ੡͕ग़དྷ͓ͯΓ ࠓޙͷಈ޲ʹ஫໨ ରࡦͷ೉͠͞ 20

  21. 3FGFSFODF (PPEGFMMPX *+ 4IMFOT + 4[FHFEZ $  &YQMBJOJOHBOEIBSOFTTJOHBEWFSTBSJBMFYBNQMFT BS9JW

    QSFQSJOU BS9JW ,VSBLJO " (PPEGFMMPX * #FOHJP 4  "EWFSTBSJBMFYBNQMFTJOUIFQIZTJDBMXPSME BS9JW QSFQSJOU BS9JW %POH : -JBP ' 1BOH 5 4V ) ;IV + )V 9 -J +  #PPTUJOHBEWFSTBSJBMBUUBDLTXJUINPNFOUVN *O 1SPDFFEJOHTPGUIF*&&&DPOGFSFODFPODPNQVUFSWJTJPOBOEQBUUFSOSFDPHOJUJPO QQ  .PPTBWJ%F[GPPMJ 4. 'BX[J " 'SPTTBSE 1  %FFQGPPMBTJNQMFBOEBDDVSBUFNFUIPEUPGPPMEFFQ OFVSBMOFUXPSLT*O 1SPDFFEJOHTPGUIF*&&&DPOGFSFODFPODPNQVUFSWJTJPOBOEQBUUFSOSFDPHOJUJPO QQ   +BOH 6 8V 9 +IB 4  %FDFNCFS 0CKFDUJWFNFUSJDTBOEHSBEJFOUEFTDFOUBMHPSJUINTGPSBEWFSTBSJBM FYBNQMFTJONBDIJOFMFBSOJOH*O 1SPDFFEJOHTPGUIFSE"OOVBM$PNQVUFS4FDVSJUZ"QQMJDBUJPOT $POGFSFODF QQ  1BQFSOPU / .D%BOJFM 1 +IB 4 'SFESJLTPO . $FMJL ;# 4XBNJ "  .BSDI 5IFMJNJUBUJPOTPG EFFQMFBSOJOHJOBEWFSTBSJBMTFUUJOHT*O *&&&&VSPQFBOTZNQPTJVNPOTFDVSJUZBOEQSJWBDZ &VSP41 QQ  *&&& $BSMJOJ / 8BHOFS %  .BZ 5PXBSETFWBMVBUJOHUIFSPCVTUOFTTPGOFVSBMOFUXPSLT*O JFFF TZNQPTJVNPOTFDVSJUZBOEQSJWBDZ TQ QQ *&&& $IFO 1: 4IBSNB : ;IBOH ) :J + )TJFI $+  "QSJM &BEFMBTUJDOFUBUUBDLTUPEFFQOFVSBM OFUXPSLTWJBBEWFSTBSJBMFYBNQMFT*O 5IJSUZTFDPOE"""*DPOGFSFODFPOBSUJGJDJBMJOUFMMJHFODF 21

  22. 3FGFSFODF 8BSSFO ) #P - %BXO 4  %FDJTJPO#PVOEBSZ"OBMZTJTPG"EWFSTBSJBM&YBNQMFT*OUFSOBUJPOBM $POGFSFODFPG-FBSOJOH3FQSFTFOUBUJPOT

    $PSSFJB4JMWB +3 #FSSJFM 3' #BEVF $ EF4PV[B "' 0MJWFJSB4BOUPT 5  +VMZ $PQZDBUDOO 4UFBMJOHLOPXMFEHFCZQFSTVBEJOHDPOGFTTJPOXJUISBOEPNOPOMBCFMFEEBUB*O *OUFSOBUJPOBM+PJOU $POGFSFODFPO/FVSBM/FUXPSLT *+$// QQ *&&& 0SFLPOEZ 5 4DIJFMF # 'SJU[ .  ,OPDLPGGOFUT4UFBMJOHGVODUJPOBMJUZPGCMBDLCPYNPEFMT *O 1SPDFFEJOHTPGUIF*&&&$POGFSFODFPO$PNQVUFS7JTJPOBOE1BUUFSO3FDPHOJUJPO QQ  3PTFOCFSH * 4IBCUBJ " 3PLBDI - &MPWJDJ :  4FQUFNCFS (FOFSJDCMBDLCPYFOEUPFOEBUUBDL BHBJOTUTUBUFPGUIFBSU"1*DBMMCBTFENBMXBSFDMBTTJGJFST*O *OUFSOBUJPOBM4ZNQPTJVNPO3FTFBSDIJO"UUBDLT  *OUSVTJPOT BOE%FGFOTFT QQ 4QSJOHFS $IBN ,VTBOP , 4BLVNB +  $MBTTJGJFSUP(FOFSBUPS"UUBDL&TUJNBUJPOPG5SBJOJOH%BUB%JTUSJCVUJPOGSPN $MBTTJGJFS ;IBOH : +JB 3 1FJ ) 8BOH 8 -J # 4POH %  5IFTFDSFUSFWFBMFSHFOFSBUJWFNPEFMJOWFSTJPO BUUBDLTBHBJOTUEFFQOFVSBMOFUXPSLT*O 1SPDFFEJOHTPGUIF*&&&$7'$POGFSFODFPO$PNQVUFS7JTJPOBOE 1BUUFSO3FDPHOJUJPO QQ  22