Upgrade to Pro — share decks privately, control downloads, hide ads and more …

機械学習とセキュリティ

setten-QB
July 07, 2020
Science
8
1.6k

 機械学習とセキュリティ

機械学習モデルへの攻撃とその対策についての概要

setten-QB

July 07, 2020
Tweet

More Decks by setten-QB

See All by setten-QB
第4回 確率・統計の基礎勉強会
settenqb
0
110
確率・統計の基礎勉強会3
settenqb
0
230
確率・統計勉強会2
settenqb
0
130
確率・統計の基礎勉強会1
settenqb
1
220

Other Decks in Science

See All in Science
ベイズの定理を感じよう〜ベイズ主義入門〜
ueniki
1
240
Beyond FAIR: What Data Infrastructure does Open Science Need?
rabernat
0
160
Pangeo Forge: Crowdsourcing Open Data in the Cloud
rabernat
0
130
SpaceXから学ぶ人生観 ~元JWが自分の人生を取り戻すヒント~
caesar2022
0
140
20220121_バスケットボール周りの流れ
kamakiri1225
0
350
Behind the Scenes—and Science—of the Earth Observatory
jscarto
0
270
A Fresh Look at Genomics Data: Grammar-Based Visualization
ngehlenborg
0
130
mROS 2:組込みデバイス向けのROS 2ノード軽量実行環境
takasehideki
0
430
Tokyo.R コレスポンデンス分析の正しい使い方
bob3bob3
1
1.3k
Tokoy.R #99 パーマーステーションのペンギンたち #1
bob3bob3
1
660
(2013) Le problème des distances de Erdős
mansuy
0
120
Droidcon Berlin - A ride through AOSP's new colors
siddroid
0
300

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
42
14k
Why Our Code Smells
bkeepers
PRO
325
55k
Designing on Purpose - Digital PM Summit 2013
jponch
107
5.7k
Raft: Consensus for Rubyists
vanstee
128
5.5k
The Web Native Designer (August 2011)
paulrobertlloyd
75
2k
Build The Right Thing And Hit Your Dates
maggiecrowley
21
1.3k
How GitHub Uses GitHub to Build GitHub
holman
465
280k
Pencils Down: Stop Designing & Start Developing
hursman
113
9.9k
Music & Morning Musume
bryan
35
4.4k
GitHub's CSS Performance
jonrohan
1020
420k
Building Flexible Design Systems
yeseniaperezcruz
311
34k
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.5k

Transcript

  1. ػցֶशͱηΩϡϦςΟ ๭௨৴ࣄۀձࣾ ΄͛΄͛։ൃ෦ ઀఺2# !TFUUFO@2# %BUB4DJFODF$BGÉ!৽॓

  2. ػցֶशºηΩϡϦςΟ Ø %PT߈ܸΛػցֶशͰݕ஌ Ø Ϛϧ΢ΣΞΛػցֶशͰݕ஌ ػցֶशΛηΩϡϦςΟʹԠ༻ ػցֶशϞσϧࣗମͷηΩϡϦςΟ ػցֶशͰߏஙͨ͠ϞσϧʢػցֶशϞσϧʣΛ૊ΈࠐΜͩγεςϜͰ͸ ैདྷͷγεςϜͱ͸ҟͳͬͨݻ༗ͷ߈ܸ͕ͳ͞ΕΔϦεΫ͕༗Δ ͦͷͨΊɼػցֶशϞσϧಛ༗ͷηΩϡϦςΟରࡦ͕ඞཁ

    2

  3.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  4. None

  5. "EWFSTBSJBM"UUBDL ܇࿅͞ΕͨػցֶशϞσϧΛὃ͢߈ܸ ݩͷը૾ ఢରతઁಈ "EWFSTBSJBM&YBNQMF ʢςφΨβϧʣ (PPEGFMMPX FUBM  ΑΓҾ༻

    5

  6. ఢରతઁಈΛݟ͚ͭΔͨΊʹ͸ argmin " , s.t. + ≠ argmin " ,

    s.t. + = # ಛఆͷΫϥεʹޡ෼ྨͤ͞Δ͜ͱΛ໨తͱͨ͠ "EWFSTBSJBM"UUBDL ޡ෼ྨͤ͞ΔΫϥε͸ࢦఆͤͣ ͱʹ͔͘Ͳ͔͜ͷΫϥεʹޡ෼ྨͤ͞Δ͜ͱΛ ໨తͱͨ͠"EWFSTBSJBM"UUBDL 6

  7. ୅දతͳ"EWFSTBSJBM"UUBDL (PPEGFMMPX FUBM  !"# = + sign ∇ ℓ

    , /PUBUJPO ɿઁಈڧ౓ʢͲΕ͙Β͍ઁಈΛڧ͘༩͑Δ͔Λද͢ʣ ℓɿଛࣦؔ਺ 3FNBSL '(4.͸Ұ౓ͷޯ഑্ঢͰ࠷దԽΛऴྃ͢Δ͕ɼ͜ΕΛෳ਺ճʹ֦ுͨ͠ͷ͕#*.Ͱɼ CBMMʹऩ·ΔΑ͏ͳ੍໿ͷ΋ͱͰޯ഑্ঢΛ܁Γฦ͢ɽ '(4.΋#*.΋! ϊϧϜͰͷઁಈΛੜ੒͓ͯ͠Γɼ%FFQGPPM͸͜ͷϊϧϜΛ" ʹɼ $8͸# ʹͨ͠΋ͷͱݟΔ͜ͱ͕Ͱ͖Δɽ 7

  8. 8IJUF#PY4FUUJOHʹ͓͚Δఢରతઁಈͷݟ͚ͭํ '(4.BUUBDL (PPEGFMMPX FUBM  #*. ,VSBLJO FUBM  BUUBDL.*'(4.

    %POHFUBM  %FFQGPPM .PPTBWJ%F[GPPMJ FUBM  /FXUPO'PPM +BOHFUBM  +4." 1BQFSOPU FUBM  (SBEJFOU #BTFE 0CKFDUJWF 'VODUJPO #BTFE $8 $BSMJOJ FUBM  &"% $IFOFUBM  0QU.BSHJO 8BSSFOFUBM  ˞8IJUF#PY4FUUJOHɿଛࣦؔ਺ͷޯ഑͕ܭࢉͰ͖ͨΓɼϞσϧͷDPOGJEFODFTDPSFΛ஌Δ͜ͱ͕Ͱ͖Δઃఆ 8

  9. "EWFSTBSJBM"UUBDL΁ͷରࡦɿ"EWFSTBSJBM5SBJOJOH Ϟσϧͷֶश࣌ʹBEWFSTBSJBMFYBNQMFTͰl༧๷઀छz͓͚ͯ͠͹ BEWFSTBSJBMFYBNQMFTʹର͢Δϩόετੑ΋্͕ΔΜ͡Όͳ͍͔ʁ 9 ℓ!"# , () ≔ ℓ !"#,

    !"# + 1 − ℓ , *EFB 3FTVMU n ࣮ࡍʹBEWFSTBSJBMFYBNQMFTʹର͢Δϩόετੑ͸޲্͢Δ ҰํͰʜ n ֶशʹཁ͢Δ͕࣌ؒ૿͑Δ n "EWFSTBSJBMFYBNQMFT΁ͷϩόετੑ͸BEWFSTBSJBMFYBNQMFTͷ࡞Γํʹґଘ͢Δ n ѱҙͷͳ͍ϊΠζ͕৐ͬͨը૾Λ͏·͘෼ྨͰ͖ͳ͘ͳΔ ͱ͍ͬͨ໰୊΋ൃੜ͢Δ

  10.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  11. .PEFM&YUSBDUJPOɿϞσϧΛ౪Ή & "SDIJUFDUVSF %FDJTJPO#PVOEBSZ 'VODUJPOBMJUZ ϨΠϠʔͷ਺΍χϡʔϩϯͷ਺ ͞Βʹ׆ੑԽؔ਺ͳͲͷ Ϟσϧͷߏ଄Λ౪ΉλΠϓ ϞσϧͷܾఆڥքΛ ౪ΉλΠϓ

    ϞσϧʹΑΔ ೖྗͱग़ྗͷରԠؔ܎Λ ౪ΉλΠϓ 11

  12. .PEFM&YUSBDUJPOͷओཁͳΞϓϩʔν $ , $ $%& ' : ℝ( → ֶश

    ), ) )%& * +: ℝ( → ֶश 0SJHJOBM.PEFM 4VCTUJUVUF.PEFM "1*ʹΑͬͯฦ͞ΕΔ Λ໨తม਺ͱͯ͠ར༻͢Δ͜ͱͰ୅ཧϞσϧΛߏங͢Δɽ ୅දతͳݚڀͱͯ͠$PSSFJB4JMWBFUBM  ΍0SFLPOEZ FUBM  ͕ڍ͛ΒΕΔɽ 12

  13. 4VCTUJUVUF.PEFMʹؔ͢Δ߈๷ %FGFODF 0GGFODF "1*ୟ͚Δճ਺Λ੍ݶ গͳ͍Ԡ౴ճ਺Ͱ΋ 4VCTUJUVUF.PEFMΛߏங͢Δํ๏͕ఏҊ͞ΕΔ 0SFLPOEZ FUBM  3PTFOCFSHFUBM

     13

  14.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  15. ʢ޿ٛͷʣ.PEFM*OWFSTJPO"UUBDL ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ 1SPQFSUZ*OGFSFODF"UUBDL .PEFM*OWFSTJPO"UUBDL ద౰ͳ ͕Ϟσϧͷֶशσʔληοτʹؚ·Ε͍ͯΔ͔ʁ Λ໌Β͔ʹ͢Δ߈ܸ ֶशσʔληοτʹؔ͢Δੑ࣭Λਪଌ͢Δ߈ܸ FH൅͕௕͍ਓ΍υϨεΛண͍ͯΔਓ͕ ੑผ෼ྨͷϞσϧͷֶशσʔλʹؚ·Ε͍ͯΔ͔ʁ

    ֶशσʔλΛ෮ݩ͢Δ߈ܸ ˞.PEFM*OWFSTJPO"UUBDLʹ.FNCFSTIJQ*OGFSFODF΍1SPQFSUZ*OGFSFODFΛؚΊΔ͔ʹ͸ॾઆ͋Γ 15

  16. ("/Λ༻͍ͨ.PEFM*OWFSTJPO ,VTBOP FUBM  ิॿσʔληοτ ) , )%& * ,

    , ∼$$( ℱ′ ֶशσʔληοτ $ , $ $%& ' , ∼$$( ℱ ΫΤϦ & ,, … * , Ԡ౴ (& ,), … * , (FOFSBUPS Ͱ ℱ ʢͬΆ͍΋ͷʣΛۙࣅ αϯϓϦϯά (FOFSBUPS͔Β ֶशσʔλͬΆ͍΋ͷΛੜ੒ 16

  17. σʔλͷҰ෦͔Β࢒Γͷ෦෼Λ෮ݩ ֶशσʔλ ∈ ℝ( ͔ΒҰ෦ͷಛ௃ྔ͚ͩΛൈ͖ग़ͯ͠ ࡞੒ͨ͠ϕΫτϧ " ∈ ℝ-, <

    ͔Β ࢒Γͷಛ௃ྔΛ෮ݩ͢Δ ࿦จͰ͸ " ͸࿙Ӯͯ͠΋໰୊ͳ͍ηϯγςΟϒͰͳ͍ಛ௃ྔͰ ࢒Γͷಛ௃ྔ͸ηϯγςΟϒͳಛ௃ྔͩͱ૝ఆ͍ͯ͠Δ ("/Λ༻͍ͨ.PEFM*OWFSTJPO ;IBOFUBM  17

  18. ͍΍ɼϜζ͘Ͷʜʁ ./*45Λֶशσʔλͱͨ͠෼ྨϞσϧʹରͯ͠.PEFM *OWFSTJPO"UUBDLΛߦͬͨ݁Ռ ิॿσʔλ͸खॻ͖จࣈͷ਺ࣈͱΞϧϑΝϕοτ ࣮ࡍʹ෮ݩͯ͠Έͨ݁Ռ 18

  19. None

  20. ػցֶशϞσϧ΁ͷ߈ܸʹؔ͢Δݚڀ ΍ͬͺΓ"EWFSTBSJBM"UUBDL͕μϯτπͳײ͡ ݚڀ͞ΕͯΔײ ֶशσʔλΛ͢΂ͯ෮ݩ͢ΔλΠϓͷ.PEFM*OWFSTJPO"UUBDL͕Ұ൪೉ͦ͠͏ ʢ࣮ࡍʹ೉͔ͬͨ͠ʣ ߈ܸͷ೉͠͞ n "EWFSTBSJBM"UUBDL͸σʔλ͕ߴ࣍ݩʹͳΔͱෆՄආతʹੜ͡ΔͨΊ ຊ࣭తʹରࡦ͕ࠔ೉ʁ n

    .PEFM&YUSBDUJPO"UUBDL͸ΫΤϦ੍ݶ͕༗ޮʹࢥ͑Δ͕ ΫΤϦ੍ݶͷ΋ͱͰ΋͋Δఔ౓ͷϞσϧෳ੡͕ग़དྷ͓ͯΓ ࠓޙͷಈ޲ʹ஫໨ ରࡦͷ೉͠͞ 20

  21. 3FGFSFODF (PPEGFMMPX *+ 4IMFOT + 4[FHFEZ $  &YQMBJOJOHBOEIBSOFTTJOHBEWFSTBSJBMFYBNQMFT BS9JW

    QSFQSJOU BS9JW ,VSBLJO " (PPEGFMMPX * #FOHJP 4  "EWFSTBSJBMFYBNQMFTJOUIFQIZTJDBMXPSME BS9JW QSFQSJOU BS9JW %POH : -JBP ' 1BOH 5 4V ) ;IV + )V 9 -J +  #PPTUJOHBEWFSTBSJBMBUUBDLTXJUINPNFOUVN *O 1SPDFFEJOHTPGUIF*&&&DPOGFSFODFPODPNQVUFSWJTJPOBOEQBUUFSOSFDPHOJUJPO QQ  .PPTBWJ%F[GPPMJ 4. 'BX[J " 'SPTTBSE 1  %FFQGPPMBTJNQMFBOEBDDVSBUFNFUIPEUPGPPMEFFQ OFVSBMOFUXPSLT*O 1SPDFFEJOHTPGUIF*&&&DPOGFSFODFPODPNQVUFSWJTJPOBOEQBUUFSOSFDPHOJUJPO QQ   +BOH 6 8V 9 +IB 4  %FDFNCFS 0CKFDUJWFNFUSJDTBOEHSBEJFOUEFTDFOUBMHPSJUINTGPSBEWFSTBSJBM FYBNQMFTJONBDIJOFMFBSOJOH*O 1SPDFFEJOHTPGUIFSE"OOVBM$PNQVUFS4FDVSJUZ"QQMJDBUJPOT $POGFSFODF QQ  1BQFSOPU / .D%BOJFM 1 +IB 4 'SFESJLTPO . $FMJL ;# 4XBNJ "  .BSDI 5IFMJNJUBUJPOTPG EFFQMFBSOJOHJOBEWFSTBSJBMTFUUJOHT*O *&&&&VSPQFBOTZNQPTJVNPOTFDVSJUZBOEQSJWBDZ &VSP41 QQ  *&&& $BSMJOJ / 8BHOFS %  .BZ 5PXBSETFWBMVBUJOHUIFSPCVTUOFTTPGOFVSBMOFUXPSLT*O JFFF TZNQPTJVNPOTFDVSJUZBOEQSJWBDZ TQ QQ *&&& $IFO 1: 4IBSNB : ;IBOH ) :J + )TJFI $+  "QSJM &BEFMBTUJDOFUBUUBDLTUPEFFQOFVSBM OFUXPSLTWJBBEWFSTBSJBMFYBNQMFT*O 5IJSUZTFDPOE"""*DPOGFSFODFPOBSUJGJDJBMJOUFMMJHFODF 21

  22. 3FGFSFODF 8BSSFO ) #P - %BXO 4  %FDJTJPO#PVOEBSZ"OBMZTJTPG"EWFSTBSJBM&YBNQMFT*OUFSOBUJPOBM $POGFSFODFPG-FBSOJOH3FQSFTFOUBUJPOT

    $PSSFJB4JMWB +3 #FSSJFM 3' #BEVF $ EF4PV[B "' 0MJWFJSB4BOUPT 5  +VMZ $PQZDBUDOO 4UFBMJOHLOPXMFEHFCZQFSTVBEJOHDPOGFTTJPOXJUISBOEPNOPOMBCFMFEEBUB*O *OUFSOBUJPOBM+PJOU $POGFSFODFPO/FVSBM/FUXPSLT *+$// QQ *&&& 0SFLPOEZ 5 4DIJFMF # 'SJU[ .  ,OPDLPGGOFUT4UFBMJOHGVODUJPOBMJUZPGCMBDLCPYNPEFMT *O 1SPDFFEJOHTPGUIF*&&&$POGFSFODFPO$PNQVUFS7JTJPOBOE1BUUFSO3FDPHOJUJPO QQ  3PTFOCFSH * 4IBCUBJ " 3PLBDI - &MPWJDJ :  4FQUFNCFS (FOFSJDCMBDLCPYFOEUPFOEBUUBDL BHBJOTUTUBUFPGUIFBSU"1*DBMMCBTFENBMXBSFDMBTTJGJFST*O *OUFSOBUJPOBM4ZNQPTJVNPO3FTFBSDIJO"UUBDLT  *OUSVTJPOT BOE%FGFOTFT QQ 4QSJOHFS $IBN ,VTBOP , 4BLVNB +  $MBTTJGJFSUP(FOFSBUPS"UUBDL&TUJNBUJPOPG5SBJOJOH%BUB%JTUSJCVUJPOGSPN $MBTTJGJFS ;IBOH : +JB 3 1FJ ) 8BOH 8 -J # 4POH %  5IFTFDSFUSFWFBMFSHFOFSBUJWFNPEFMJOWFSTJPO BUUBDLTBHBJOTUEFFQOFVSBMOFUXPSLT*O 1SPDFFEJOHTPGUIF*&&&$7'$POGFSFODFPO$PNQVUFS7JTJPOBOE 1BUUFSO3FDPHOJUJPO QQ  22