機械学習とセキュリティ

Ab40fb58b38d364f318c06e5936c4bc8?s=47 setten-QB
July 07, 2020
Science
8
1.4k

 機械学習とセキュリティ

機械学習モデルへの攻撃とその対策についての概要

Ab40fb58b38d364f318c06e5936c4bc8?s=128

setten-QB

July 07, 2020
Tweet

More Decks by setten-QB

See All by setten-QB
Ab40fb58b38d364f318c06e5936c4bc8?s=48 settenqb
0
92
Ab40fb58b38d364f318c06e5936c4bc8?s=48 settenqb
0
170
Ab40fb58b38d364f318c06e5936c4bc8?s=48 settenqb
0
110
Ab40fb58b38d364f318c06e5936c4bc8?s=48 settenqb
1
200

Other Decks in Science

See All in Science
097c045028b149ca7fd4ca42ff859cd9?s=48 ko_fujita1
1
1.4k
E55f04d00716de969f69dd3c4475dc92?s=48 calpis10000
0
440
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
3
570
A908657344fb7d0f37cdc18ae5148a5b?s=48 kojiro0208
0
2.5k
8fa31051503b09846584c49cd53d2f80?s=48 asei
1
430
C1c88587e4b71cc519f2df6b2ba52502?s=48 qiringji
13
5.9k
Afcf52f6df4e2856cc0fce598c4af4e1?s=48 kamakiri1225
0
380
0ece01ad1513ae4ec0cdb062f9c3e6d8?s=48 pacocat
0
170
749871c7a58ea43cfd1bc23b3b3e3a1e?s=48 cristina512
0
100
3f75a6cf1fb4b66c1d268240e2dd29c3?s=48 nowism
0
1.4k
E09657ebf3fe2de5698d5797266a05c4?s=48 itakeshi
3
1.2k
385da418a213556b734059bd85a205b3?s=48 ayumu0118
0
390

Featured

See All Featured
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
92
2.9k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
2
1.2k
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
66
260k
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
295
27k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
119
7.8k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
585
200k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
274
31k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
205
10k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
237
23k
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1020
370k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
223
47k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
393
60k

Transcript

  1. ػցֶशͱηΩϡϦςΟ ๭௨৴ࣄۀձࣾ ΄͛΄͛։ൃ෦ ઀఺2# !TFUUFO@2# %BUB4DJFODF$BGÉ!৽॓

  2. ػցֶशºηΩϡϦςΟ Ø %PT߈ܸΛػցֶशͰݕ஌ Ø Ϛϧ΢ΣΞΛػցֶशͰݕ஌ ػցֶशΛηΩϡϦςΟʹԠ༻ ػցֶशϞσϧࣗମͷηΩϡϦςΟ ػցֶशͰߏஙͨ͠ϞσϧʢػցֶशϞσϧʣΛ૊ΈࠐΜͩγεςϜͰ͸ ैདྷͷγεςϜͱ͸ҟͳͬͨݻ༗ͷ߈ܸ͕ͳ͞ΕΔϦεΫ͕༗Δ ͦͷͨΊɼػցֶशϞσϧಛ༗ͷηΩϡϦςΟରࡦ͕ඞཁ

    2

  3.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  4. None

  5. "EWFSTBSJBM"UUBDL ܇࿅͞ΕͨػցֶशϞσϧΛὃ͢߈ܸ ݩͷը૾ ఢରతઁಈ "EWFSTBSJBM&YBNQMF ʢςφΨβϧʣ (PPEGFMMPX FUBM  ΑΓҾ༻

    5

  6. ఢରతઁಈΛݟ͚ͭΔͨΊʹ͸ argmin " , s.t. + ≠ argmin " ,

    s.t. + = # ಛఆͷΫϥεʹޡ෼ྨͤ͞Δ͜ͱΛ໨తͱͨ͠ "EWFSTBSJBM"UUBDL ޡ෼ྨͤ͞ΔΫϥε͸ࢦఆͤͣ ͱʹ͔͘Ͳ͔͜ͷΫϥεʹޡ෼ྨͤ͞Δ͜ͱΛ ໨తͱͨ͠"EWFSTBSJBM"UUBDL 6

  7. ୅දతͳ"EWFSTBSJBM"UUBDL (PPEGFMMPX FUBM  !"# = + sign ∇ ℓ

    , /PUBUJPO ɿઁಈڧ౓ʢͲΕ͙Β͍ઁಈΛڧ͘༩͑Δ͔Λද͢ʣ ℓɿଛࣦؔ਺ 3FNBSL '(4.͸Ұ౓ͷޯ഑্ঢͰ࠷దԽΛऴྃ͢Δ͕ɼ͜ΕΛෳ਺ճʹ֦ுͨ͠ͷ͕#*.Ͱɼ CBMMʹऩ·ΔΑ͏ͳ੍໿ͷ΋ͱͰޯ഑্ঢΛ܁Γฦ͢ɽ '(4.΋#*.΋! ϊϧϜͰͷઁಈΛੜ੒͓ͯ͠Γɼ%FFQGPPM͸͜ͷϊϧϜΛ" ʹɼ $8͸# ʹͨ͠΋ͷͱݟΔ͜ͱ͕Ͱ͖Δɽ 7

  8. 8IJUF#PY4FUUJOHʹ͓͚Δఢରతઁಈͷݟ͚ͭํ '(4.BUUBDL (PPEGFMMPX FUBM  #*. ,VSBLJO FUBM  BUUBDL.*'(4.

    %POHFUBM  %FFQGPPM .PPTBWJ%F[GPPMJ FUBM  /FXUPO'PPM +BOHFUBM  +4." 1BQFSOPU FUBM  (SBEJFOU #BTFE 0CKFDUJWF 'VODUJPO #BTFE $8 $BSMJOJ FUBM  &"% $IFOFUBM  0QU.BSHJO 8BSSFOFUBM  ˞8IJUF#PY4FUUJOHɿଛࣦؔ਺ͷޯ഑͕ܭࢉͰ͖ͨΓɼϞσϧͷDPOGJEFODFTDPSFΛ஌Δ͜ͱ͕Ͱ͖Δઃఆ 8

  9. "EWFSTBSJBM"UUBDL΁ͷରࡦɿ"EWFSTBSJBM5SBJOJOH Ϟσϧͷֶश࣌ʹBEWFSTBSJBMFYBNQMFTͰl༧๷઀छz͓͚ͯ͠͹ BEWFSTBSJBMFYBNQMFTʹର͢Δϩόετੑ΋্͕ΔΜ͡Όͳ͍͔ʁ 9 ℓ!"# , () ≔ ℓ !"#,

    !"# + 1 − ℓ , *EFB 3FTVMU n ࣮ࡍʹBEWFSTBSJBMFYBNQMFTʹର͢Δϩόετੑ͸޲্͢Δ ҰํͰʜ n ֶशʹཁ͢Δ͕࣌ؒ૿͑Δ n "EWFSTBSJBMFYBNQMFT΁ͷϩόετੑ͸BEWFSTBSJBMFYBNQMFTͷ࡞Γํʹґଘ͢Δ n ѱҙͷͳ͍ϊΠζ͕৐ͬͨը૾Λ͏·͘෼ྨͰ͖ͳ͘ͳΔ ͱ͍ͬͨ໰୊΋ൃੜ͢Δ

  10.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  11. .PEFM&YUSBDUJPOɿϞσϧΛ౪Ή & "SDIJUFDUVSF %FDJTJPO#PVOEBSZ 'VODUJPOBMJUZ ϨΠϠʔͷ਺΍χϡʔϩϯͷ਺ ͞Βʹ׆ੑԽؔ਺ͳͲͷ Ϟσϧͷߏ଄Λ౪ΉλΠϓ ϞσϧͷܾఆڥքΛ ౪ΉλΠϓ

    ϞσϧʹΑΔ ೖྗͱग़ྗͷରԠؔ܎Λ ౪ΉλΠϓ 11

  12. .PEFM&YUSBDUJPOͷओཁͳΞϓϩʔν $ , $ $%& ' : ℝ( → ֶश

    ), ) )%& * +: ℝ( → ֶश 0SJHJOBM.PEFM 4VCTUJUVUF.PEFM "1*ʹΑͬͯฦ͞ΕΔ Λ໨తม਺ͱͯ͠ར༻͢Δ͜ͱͰ୅ཧϞσϧΛߏங͢Δɽ ୅දతͳݚڀͱͯ͠$PSSFJB4JMWBFUBM  ΍0SFLPOEZ FUBM  ͕ڍ͛ΒΕΔɽ 12

  13. 4VCTUJUVUF.PEFMʹؔ͢Δ߈๷ %FGFODF 0GGFODF "1*ୟ͚Δճ਺Λ੍ݶ গͳ͍Ԡ౴ճ਺Ͱ΋ 4VCTUJUVUF.PEFMΛߏங͢Δํ๏͕ఏҊ͞ΕΔ 0SFLPOEZ FUBM  3PTFOCFSHFUBM

     13

  14.    "EWFSTBSJBM"UUBDL ϞσϧΛὃ͢߈ܸ .PEFM&YUSBDUJPO ϞσϧΛ౪Ή߈ܸ .PEFM*OWFSTJPO ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ

  15. ʢ޿ٛͷʣ.PEFM*OWFSTJPO"UUBDL ֶशσʔλʹؔ͢Δ৘ใΛ෮ݩ͢Δ߈ܸ 1SPQFSUZ*OGFSFODF"UUBDL .PEFM*OWFSTJPO"UUBDL ద౰ͳ ͕Ϟσϧͷֶशσʔληοτʹؚ·Ε͍ͯΔ͔ʁ Λ໌Β͔ʹ͢Δ߈ܸ ֶशσʔληοτʹؔ͢Δੑ࣭Λਪଌ͢Δ߈ܸ FH൅͕௕͍ਓ΍υϨεΛண͍ͯΔਓ͕ ੑผ෼ྨͷϞσϧͷֶशσʔλʹؚ·Ε͍ͯΔ͔ʁ

    ֶशσʔλΛ෮ݩ͢Δ߈ܸ ˞.PEFM*OWFSTJPO"UUBDLʹ.FNCFSTIJQ*OGFSFODF΍1SPQFSUZ*OGFSFODFΛؚΊΔ͔ʹ͸ॾઆ͋Γ 15

  16. ("/Λ༻͍ͨ.PEFM*OWFSTJPO ,VTBOP FUBM  ิॿσʔληοτ ) , )%& * ,

    , ∼$$( ℱ′ ֶशσʔληοτ $ , $ $%& ' , ∼$$( ℱ ΫΤϦ & ,, … * , Ԡ౴ (& ,), … * , (FOFSBUPS Ͱ ℱ ʢͬΆ͍΋ͷʣΛۙࣅ αϯϓϦϯά (FOFSBUPS͔Β ֶशσʔλͬΆ͍΋ͷΛੜ੒ 16

  17. σʔλͷҰ෦͔Β࢒Γͷ෦෼Λ෮ݩ ֶशσʔλ ∈ ℝ( ͔ΒҰ෦ͷಛ௃ྔ͚ͩΛൈ͖ग़ͯ͠ ࡞੒ͨ͠ϕΫτϧ " ∈ ℝ-, <

    ͔Β ࢒Γͷಛ௃ྔΛ෮ݩ͢Δ ࿦จͰ͸ " ͸࿙Ӯͯ͠΋໰୊ͳ͍ηϯγςΟϒͰͳ͍ಛ௃ྔͰ ࢒Γͷಛ௃ྔ͸ηϯγςΟϒͳಛ௃ྔͩͱ૝ఆ͍ͯ͠Δ ("/Λ༻͍ͨ.PEFM*OWFSTJPO ;IBOFUBM  17

  18. ͍΍ɼϜζ͘Ͷʜʁ ./*45Λֶशσʔλͱͨ͠෼ྨϞσϧʹରͯ͠.PEFM *OWFSTJPO"UUBDLΛߦͬͨ݁Ռ ิॿσʔλ͸खॻ͖จࣈͷ਺ࣈͱΞϧϑΝϕοτ ࣮ࡍʹ෮ݩͯ͠Έͨ݁Ռ 18

  19. None

  20. ػցֶशϞσϧ΁ͷ߈ܸʹؔ͢Δݚڀ ΍ͬͺΓ"EWFSTBSJBM"UUBDL͕μϯτπͳײ͡ ݚڀ͞ΕͯΔײ ֶशσʔλΛ͢΂ͯ෮ݩ͢ΔλΠϓͷ.PEFM*OWFSTJPO"UUBDL͕Ұ൪೉ͦ͠͏ ʢ࣮ࡍʹ೉͔ͬͨ͠ʣ ߈ܸͷ೉͠͞ n "EWFSTBSJBM"UUBDL͸σʔλ͕ߴ࣍ݩʹͳΔͱෆՄආతʹੜ͡ΔͨΊ ຊ࣭తʹରࡦ͕ࠔ೉ʁ n

    .PEFM&YUSBDUJPO"UUBDL͸ΫΤϦ੍ݶ͕༗ޮʹࢥ͑Δ͕ ΫΤϦ੍ݶͷ΋ͱͰ΋͋Δఔ౓ͷϞσϧෳ੡͕ग़དྷ͓ͯΓ ࠓޙͷಈ޲ʹ஫໨ ରࡦͷ೉͠͞ 20

  21. 3FGFSFODF (PPEGFMMPX *+ 4IMFOT + 4[FHFEZ $  &YQMBJOJOHBOEIBSOFTTJOHBEWFSTBSJBMFYBNQMFT BS9JW

    QSFQSJOU BS9JW ,VSBLJO " (PPEGFMMPX * #FOHJP 4  "EWFSTBSJBMFYBNQMFTJOUIFQIZTJDBMXPSME BS9JW QSFQSJOU BS9JW %POH : -JBP ' 1BOH 5 4V ) ;IV + )V 9 -J +  #PPTUJOHBEWFSTBSJBMBUUBDLTXJUINPNFOUVN *O 1SPDFFEJOHTPGUIF*&&&DPOGFSFODFPODPNQVUFSWJTJPOBOEQBUUFSOSFDPHOJUJPO QQ  .PPTBWJ%F[GPPMJ 4. 'BX[J " 'SPTTBSE 1  %FFQGPPMBTJNQMFBOEBDDVSBUFNFUIPEUPGPPMEFFQ OFVSBMOFUXPSLT*O 1SPDFFEJOHTPGUIF*&&&DPOGFSFODFPODPNQVUFSWJTJPOBOEQBUUFSOSFDPHOJUJPO QQ   +BOH 6 8V 9 +IB 4  %FDFNCFS 0CKFDUJWFNFUSJDTBOEHSBEJFOUEFTDFOUBMHPSJUINTGPSBEWFSTBSJBM FYBNQMFTJONBDIJOFMFBSOJOH*O 1SPDFFEJOHTPGUIFSE"OOVBM$PNQVUFS4FDVSJUZ"QQMJDBUJPOT $POGFSFODF QQ  1BQFSOPU / .D%BOJFM 1 +IB 4 'SFESJLTPO . $FMJL ;# 4XBNJ "  .BSDI 5IFMJNJUBUJPOTPG EFFQMFBSOJOHJOBEWFSTBSJBMTFUUJOHT*O *&&&&VSPQFBOTZNQPTJVNPOTFDVSJUZBOEQSJWBDZ &VSP41 QQ  *&&& $BSMJOJ / 8BHOFS %  .BZ 5PXBSETFWBMVBUJOHUIFSPCVTUOFTTPGOFVSBMOFUXPSLT*O JFFF TZNQPTJVNPOTFDVSJUZBOEQSJWBDZ TQ QQ *&&& $IFO 1: 4IBSNB : ;IBOH ) :J + )TJFI $+  "QSJM &BEFMBTUJDOFUBUUBDLTUPEFFQOFVSBM OFUXPSLTWJBBEWFSTBSJBMFYBNQMFT*O 5IJSUZTFDPOE"""*DPOGFSFODFPOBSUJGJDJBMJOUFMMJHFODF 21

  22. 3FGFSFODF 8BSSFO ) #P - %BXO 4  %FDJTJPO#PVOEBSZ"OBMZTJTPG"EWFSTBSJBM&YBNQMFT*OUFSOBUJPOBM $POGFSFODFPG-FBSOJOH3FQSFTFOUBUJPOT

    $PSSFJB4JMWB +3 #FSSJFM 3' #BEVF $ EF4PV[B "' 0MJWFJSB4BOUPT 5  +VMZ $PQZDBUDOO 4UFBMJOHLOPXMFEHFCZQFSTVBEJOHDPOGFTTJPOXJUISBOEPNOPOMBCFMFEEBUB*O *OUFSOBUJPOBM+PJOU $POGFSFODFPO/FVSBM/FUXPSLT *+$// QQ *&&& 0SFLPOEZ 5 4DIJFMF # 'SJU[ .  ,OPDLPGGOFUT4UFBMJOHGVODUJPOBMJUZPGCMBDLCPYNPEFMT *O 1SPDFFEJOHTPGUIF*&&&$POGFSFODFPO$PNQVUFS7JTJPOBOE1BUUFSO3FDPHOJUJPO QQ  3PTFOCFSH * 4IBCUBJ " 3PLBDI - &MPWJDJ :  4FQUFNCFS (FOFSJDCMBDLCPYFOEUPFOEBUUBDL BHBJOTUTUBUFPGUIFBSU"1*DBMMCBTFENBMXBSFDMBTTJGJFST*O *OUFSOBUJPOBM4ZNQPTJVNPO3FTFBSDIJO"UUBDLT  *OUSVTJPOT BOE%FGFOTFT QQ 4QSJOHFS $IBN ,VTBOP , 4BLVNB +  $MBTTJGJFSUP(FOFSBUPS"UUBDL&TUJNBUJPOPG5SBJOJOH%BUB%JTUSJCVUJPOGSPN $MBTTJGJFS ;IBOH : +JB 3 1FJ ) 8BOH 8 -J # 4POH %  5IFTFDSFUSFWFBMFSHFOFSBUJWFNPEFMJOWFSTJPO BUUBDLTBHBJOTUEFFQOFVSBMOFUXPSLT*O 1SPDFFEJOHTPGUIF*&&&$7'$POGFSFODFPO$PNQVUFS7JTJPOBOE 1BUUFSO3FDPHOJUJPO QQ  22