ai and security lessons challenges future directions
play

AI and Security: Lessons, Challenges & Future Directions Dawn - PowerPoint PPT Presentation

Jun 21, 2023 •122 likes •919 views

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AlphaGo: Winning over World Champion Source: David Silver Achieving Human-Level Performance on ImageNet Classification Source: Kaiming He Deep Learning

  1. AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley

  2. AlphaGo: Winning over World Champion Source: David Silver

  3. Achieving Human-Level Performance on ImageNet Classification Source: Kaiming He

  4. Deep Learning Powering Everyday Products theverge.com pcmag.com

  5. Attacks are increasing in scale & sophistication

  6. Massive DDoS Caused by IoT Devices Botnet of over 400,000 Mirai bots over 160 countries • Security cameras/webcams/baby monitors • Home routers • • One of the biggest DDoS attacks • Over 1Tbps combined attack traffic source: Incpasula Geographical distribution of Mirai bots in recent DDoS attack

  7. WannaCry: One of the Largest Ransomware Breakout • Used EternalBlue, an exploit of Windows’ Server Message Block (SMB) protocol. • Infected over 200,000 machines across 150 countries in a few days • Ask for bitcoin payment to unlock encrypted files

  8. Biggest Data Breaches Of the 21st Century Equifax (2017) 143000000 Adult Friend Finder (2016) 412200000 Anthem (2015) 78800000 eBay (2014) 145000000 JP Morgan Chase (2014) 76000000 Home Depot (2014) 56000000 Yahoo (2013) 3000000000 Target Stores (2013) 110000000 Adobe (2013) 38000000 US Office of Personnel Management (2012) 22000000 Sony's Playstation Network (2011) 77000000 RSA Security (2011) 40000000 Heartland Payment Systems (2008) 134000000 TJX Companies, Inc (2006) 94000000 0 750 1,500 2,250 3,000 Millions Source: csoonline.com

  9. Attacks Entering New Landscape Ukrain power outage by cyber attack Millions of dollars lost in targeted impacted over 250,000 customers attacks in SWIFT banking system

  10. How will (in)security impact 
 the deployment of AI? Security AI How will the rise of AI 
 alter the security landscape?

  11. IoT devices are plagued with vulnerabilities from third-party code

  12. Deep learning for vulnerability detection in IoT Devices Firmware Raw Feature (dissembler) Files Extraction Code Graph Cosine Similarity Vulnerability Code Graph Function Neural Network-based Graph Embedding for Cross-Platform Binary Code Search [XLFSSY, ACM Computer and Communication Symposium 2017]

  13. Deep learning for vulnerability detection in IoT Devices Training time: Identified vulnerabilities Previous work: > 1 week among top 50: Our approach: < 30 mins Previous work: 10/50 Our approach: 42/50 Serving time (per function): Previous work: a few mins Our work: a few milliseconds 10,000 times faster

  14. AI Enables Stronger Security Capabilities • Automatic vulnerability detection & patching • Automatic agents for attack detection, analysis, & defense

  15. One fundamental weakness of cyber systems is humans 80+% of penetrations and hacks start with a social engineering attack 70+% of nation state attacks [FBI, 2011/Verizon 2014]

  16. AI Enables Chatbot for Phishing Detection Phishing Detection Chatbot for booking flights, Chatbot for social engineering attack finding restaurants detection & defense

  17. AI Enables Stronger Security Capabilities • Automatic vulnerability detection & patching • Automatic agents for attack detection, analysis, & defense • Automatic verification of software security

  18. AI Agents to Prove Theorems & Verify Programs Automatic Theorem Proving Deep Reinforcement Learning for Program Verification Agent Learning to Play Go

  19. 
 
 
 Enabler • AI enables new security capabilities • Security enables better AI 
 Integrity: produces intended/correct results 
 (adversarial machine learning) 
 Security AI Confidentiality/Privacy: does not leak users’ sensitive data 
 (secure, privacy-preserving machine learning) 
 Preventing misuse of AI Enabler

  20. AI and Security: AI in the presence of attacker Important to • History has shown attacker always follows footsteps of new consider the technology development (or sometimes even leads it) 
 presence of • The stake is even higher with AI attacker • As AI controls more and more systems, attacker will have higher & higher incentives • As AI becomes more and more capable, the consequence of misuse by attacker will become more and more severe

  21. 
 AI and Security: AI in the presence of attacker • Attack AI Cause the learning system to not produce intended/correct results • Cause learning system to produce targeted outcome designed by attacker • Learn sensitive information about individuals • • Need security in learning systems 
 • Misuse AI Misuse AI to attack other systems • Find vulnerabilities in other systems; Devise attacks • • Need security in other systems

  22. Deep Learning Systems Are Easily Fooled ostrich Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. Intriguing properties of neural networks. ICLR 2014.

  24. STOP Signs in Berkeley

  25. Adversarial Examples in Physical World Adversarial examples in physical world remain effective under different viewing distances, angles, other conditions Lab Test Summary (Stationary) Target Class: Speed Limit 45 Misclassify Camo Subtle Poster Camo Art Subtle Poster Camo Graffiti Art Evtimov, Ivan, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, and Dawn Song. “Robust Physical-World Attacks on Machine Learning Models.” arXiv preprint arXiv:1707.08945 (2017).

  26. Drive-by Test Adversarial examples in physical world & remain effective under different viewing distances, angles, other conditions

  27. Adversarial Examples Are Prevalent in Deep Learning Systems

  28. Adversarial Examples Prevalent in Deep Learning Systems • Most existing work on adversarial examples: • Image classification task • Target model is known • Our investigation on adversarial examples: Deep Generative Blackbox Reinforcement Models Attacks Learning Weaker Threat Models (Target model is unknown) VisualQA/ New Attack Image-to-code Methods Other tasks and model classes Provide more diversity of attacks

  29. Generative models ● VAE-like models (VAE, VAE-GAN) use an intermediate latent representation ● An encoder : maps a high-dimensional input into lower- dimensional latent representation z . ● A decoder: maps the latent representation back to a high-dimensional reconstruction.

  30. Adversarial Examples in Generative Models ● An example attack scenario: ● Generative model used as a compression scheme ● Attacker’s goal: for the decompressor to reconstruct a different image from the one that the compressor sees.

  31. Adversarial Examples for VAE-GAN in MNIST Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  32. Adversarial Examples for VAE-GAN in SVHN Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  33. Adversarial Examples for VAE-GAN in SVHN Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  34. Visual Question & Answer (VQA) Multimodal Compact Bilinear Pooling for Visual Question Answering and Visual Grounding, Fukui et al., https://arxiv.org/abs/1606.01847

  35. Answer: VQA Q: Where is Runway Mode the plane? l Benign image VQA Fooling VQA Sky Mode Target: Sky l Adversarial example

  36. Answer: VQA Q: How many 1 Mode cats are there? l Benign image VQA Fooling VQA 2 Mode Target: 2 l Adversarial example

  37. Adversarial Examples Fooling Deep Reinforcement Learning Agents Score Original Frames with Original Frames No. of steps Adversarial Perturbation Jernej Kos and Dawn Song: Delving into adversarial attacks on deep policies [ICLR Workshop 2017].

  38. A General Framework for Black-box attacks • Zero-Query Attack (Previous methods) • Random perturbation • Difference of means • Transferability-based attack • Practical Black-Box Attacks against Machine Learning [Papernot et al. 2016] • Ensemble transferability-based attack [ Yanpei Liu, Xinyun Chen, Chang Liu, Dawn Song: Delving into Transferable Adversarial Examples and Black-box Attacks, ICLR 2017] • Query Based Attack (new method) • Finite difference gradient estimation • Query reduced gradient estimation • Results: similar effectiveness to whitebox attack • A general active query game model 


  39. Black-box Attack on Clarifai Adversarial example, classified Original image, classified as as “safe” with a confidence of “drug” with a confidence of 0.99 0.96 The Gradient-Estimation black-box attack on Clarifai’s Content Moderation Model

  40. Numerous Defenses Proposed Ensemble Normalization Distributional detection Detection PCA detection Secondary classification Stochastic Generative Training process Prevention Architecture Retrain Pre-process input

Recommend

AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and Security Enabler AI Security Enabler AI enables security applications Security enables better AI Integrity: produces intended/correct

1.03k views • 81 slides
DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by technology trends, unforeseen events, special needs, previous commitments, policy, mistakes, innovation, etc. What follows is some personal

538 views • 20 slides
International social security standards and challenges to social security Lessons for a

International social security standards and challenges to social security Lessons for a

15 th PPF MEMBERS CONFERENCE Arusha 19-21 October 2005 International social security standards and challenges to social security Lessons for a Tanzanian reform debate Krzysztof Hagemejer Policy coordinator Social Security Department,

499 views • 47 slides
U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles

U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles

U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles Policy Director Natural Resources Defense Council Senate Briefing on Alternative Fuels Sponsored by the American Chemical Society February 6, 2009

421 views • 14 slides
Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for

Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for

Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for Accelerator R&amp;D at Fermilab Workshop May 11-13, 2009 - Lake Geneva, Wisconsin Joachim Grillenberger Paul-Scherrer-Institut, CH-Villigen Workshop on the

547 views • 21 slides
Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in

Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in

Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in Spatial Demography December 12, 2011 US Census 2010 Standard Hierarchy of Census Geographic Entities Boundaries and Mobility Immigration

323 views • 18 slides
Future directions in convective Future directions in convective parameterization

Future directions in convective Future directions in convective parameterization

Future directions in convective Future directions in convective parameterization parameterization What has a NWP to do ? Provide best possible short-range Forecast (not too difficult with a good Analysis System) Provide best possible

595 views • 21 slides
Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions

Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions

Andreas Holzinger VO 709.049 Medical Informatics 14.10.2015 11:15 12:45 Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions a.holzinger@tugraz.at Tutor: markus.plass@student.tugraz.at http://hci

972 views • 80 slides
Future Directions in High Future Directions in High P Performance Computing Performance

Future Directions in High Future Directions in High P Performance Computing Performance

Future Directions in High Future Directions in High P Performance Computing Performance Computing P f f C C ti ti Jack Dongarra k INNOVATIVE COMP ING LABORATORY U i University of Tennessee i f T Oak Ridge National Laboratory

653 views • 46 slides
CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural

CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural

Current challenges in intellectual property rights and biotechnology Bansk Bystrica, May 2 and 3, 2007 CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural Sciences Comenius Univ. in Bratislava

182 views • 14 slides
Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio Garcia University of Birmingham Joint work with Roel Verdult, David Oswald, Timo Kasper, Josep Balasch, Baris Ege, Pierre Pavlides The automotive

697 views • 65 slides
WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein,

WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein,

WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein, Director Energy &amp; Extractives Global Practice E NERGY S ECTOR D IRECTIONS P APER , 2013 Towards a Sustainable Energy Future for All O BJECTIVE

226 views • 22 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018

The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018

The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018 Basics Generally, the manner in which utilities must procure contracts and evaluate tenders is determined by the Utilities Contracts Regulations 2016

537 views • 14 slides
Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future research directions Ian Goodfellow, Sta ff Research Scientist, Google Brain 1st IEEE Deep Learning and Security Workshop, May 24, 2018 This document

726 views • 36 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information Security Theory and Practices 1 4 September 2009, Brussels, Belgium Summary A brief reminder about RFID. Description of the threats, state of

880 views • 41 slides
mid-term growth directions Agora Group: -1- Agenda Key challenges 3-7 Growth directions of

mid-term growth directions Agora Group: -1- Agenda Key challenges 3-7 Growth directions of

mid-term growth directions Agora Group: -1- Agenda Key challenges 3-7 Growth directions of the Agora Group 8 TASK 1: Transformation of print media 9-11 TASK 2: Building a position in the TV market 12-13 TASK 3: Improving contribution of

404 views • 25 slides
The Challenges of Energy Security and Affordability of our Future Energy Supplies Institution

The Challenges of Energy Security and Affordability of our Future Energy Supplies Institution

The Energy Trilema: The Challenges of Energy Security and Affordability of our Future Energy Supplies Institution of Civil Engineers Leeds: October 14 th 2014 Recipient of James Watt Gold Medal Keith Tovey ( ) MA, PhD, CEng, MICE,

589 views • 40 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on RFID Technology Concepts, Applications, Challenges in the Eleventh International Conference on Enterprise Information Systems 6 10 May

552 views • 37 slides
Current Developments and Future Directions in Testing Dr. Louis Woodruff Bucks County Community

Current Developments and Future Directions in Testing Dr. Louis Woodruff Bucks County Community

National College Testing Association 2014 Conference - Denver CO Mining for Success Current Developments and Future Directions in Testing Dr. Louis Woodruff Bucks County Community College Caveon Test Security Presentation Topics Testing

1.03k views • 88 slides
Security Challenges For Future System s Steve Purser Head of Technical Competence Department

Security Challenges For Future System s Steve Purser Head of Technical Competence Department

Security Challenges For Future System s Steve Purser Head of Technical Competence Department June 2011 Agenda Introduction to ENISA The Trends Scope &amp; Requirements Design Considerations Deploying Secure Systems ENISAs contribution

663 views • 31 slides
U.S. Climate Reference Network: Current Status and Future Directions Sharon LeDuc Michael

U.S. Climate Reference Network: Current Status and Future Directions Sharon LeDuc Michael

U.S. Climate Reference Network: Current Status and Future Directions Sharon LeDuc Michael Palecki National Climatic Data Center DOC/NOAA/NESDIS USCRN Current Status and Future Directions, May 2009 1 USCRN Goals Making science quality

316 views • 27 slides
Research Directions and Challenges for EPAs Air Climate and Energy Research Program Tim

Research Directions and Challenges for EPAs Air Climate and Energy Research Program Tim

Research Directions and Challenges for EPAs Air Climate and Energy Research Program Tim Watkins Deputy National Program Director Office of Research and Development 2011 NYSERDA/EMEP Conference November 15, 2011 New Directions for EPAs

165 views • 16 slides
EXCHANGE RATE ARRANGEMENTS OF ACCESSION COUNTRIES: RECENT LESSONS AND CHALLENGES FOR THE FUTURE

EXCHANGE RATE ARRANGEMENTS OF ACCESSION COUNTRIES: RECENT LESSONS AND CHALLENGES FOR THE FUTURE

Vladimir Lavra Institute for Economic Research, Ljubljana, Slovenia EXCHANGE RATE ARRANGEMENTS OF ACCESSION COUNTRIES: RECENT LESSONS AND CHALLENGES FOR THE FUTURE Vladimir Lavra, Senior Research Fellow Institute for Economic Research

219 views • 18 slides

More recommend