attacks meet interpretability attribute steered detection
play

Attacks Meet Interpretability: Attribute-steered Detection of - PowerPoint PPT Presentation

Nov 18, 2022 •134 likes •482 views

Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples Guanhong Tao , Shiqing Ma, Yingqi Liu, Xiangyu Zhang Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( 50 times)

  1. Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples Guanhong Tao , Shiqing Ma, Yingqi Liu, Xiangyu Zhang

  2. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack A.J. Buckley � 2

  3. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  4. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  5. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  6. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  7. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  8. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley • Idea: is the classification result of a model mainly based on human perceptible attributes? � 2

  9. Architecture of AmI � 3

  10. Architecture of AmI Input � 3

  11. Architecture of AmI 1 Landmark Input generation � 3

  12. Architecture of AmI ✓ Left eye ✓ Right eye 1 2 ✓ Nose ✓ Mouth ✓ … Landmark Attribute Input generation annotation � 3

  13. Architecture of AmI ✓ Left eye ✓ Right eye 1 2 3 ✓ Nose ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction � 3

  14. Architecture of AmI Attribute-steered model 4 ✓ Left eye ✓ Right eye 1 2 3 ✓ Nose ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction � 3

  15. Architecture of AmI Attribute-steered model 4 ✓ Left eye ✓ Right eye 1 2 3 ✓ Nose ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction Original model � 3

  16. Architecture of AmI Attribute-steered model 4 ✓ Left eye ✓ Right eye 1 2 3 5 Consistency ✓ Nose ⊖ observer ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction Original model � 3

  17. Architecture of AmI Attribute-steered model 4 ✓ Left eye ✓ Right eye 1 2 3 5 Consistency ✓ Nose ⊖ observer ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction Original model � 3

  18. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? � 4

  19. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? • Propose: Bi-directional reasoning � 4

  20. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? • Propose: Bi-directional reasoning Forward: attribute changes —> neuron activation changes ‣ � 4

  21. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? • Propose: Bi-directional reasoning Forward: attribute changes —> neuron activation changes ‣ Backward: neuron activation changes —> attribute changes ‣ � 4

  22. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? • Propose: Bi-directional reasoning Forward: attribute changes —> neuron activation changes ‣ Backward: neuron activation changes —> attribute changes ‣ Backward: no attribute changes —> no neuron activation changes ‣ � 4

  23. Attribute Witness Extraction � 5

  24. Attribute Witness Extraction Input � 5

  25. Attribute Witness Extraction ⊖ Model Feature variants Attribute substitution A Model C Input � 5

  26. Attribute Witness Extraction ⊖ Model Feature variants Attribute substitution A Model C D B Model Input Attribute preservation Feature invariants ⊖ Model � 5

  27. Attribute Witness Extraction ⊖ Model Feature variants Attribute substitution A Model C E D Attribute witnesses B Model Input Attribute preservation Feature invariants ⊖ Model � 5

  28. Experimental Results � 6

  29. Experimental Results • Attribute witnesses � 6

  30. Experimental Results • Attribute witnesses The number of witnesses extracted is smaller than 20 , although there are 64-4096 ‣ neurons in each layer � 6

  31. Experimental Results • Attribute witnesses The number of witnesses extracted is smaller than 20 , although there are 64-4096 ‣ neurons in each layer • Adversary detection � 6

  32. Experimental Results • Attribute witnesses The number of witnesses extracted is smaller than 20 , although there are 64-4096 ‣ neurons in each layer • Adversary detection Achieve 94% detection accuracy for 7 different kinds of attacks with 9.91% false ‣ positives on benign inputs � 6

  33. Experimental Results • Attribute witnesses The number of witnesses extracted is smaller than 20 , although there are 64-4096 ‣ neurons in each layer • Adversary detection Achieve 94% detection accuracy for 7 different kinds of attacks with 9.91% false ‣ positives on benign inputs A state-of-the-art technique Feature Squeezing (NDSS '18) can only achieve 55% ‣ accuracy with 23.3% false positives for face recognition systems � 6

  34. Thank you! Please visit our poster #99 05:00-07:00 PM @ Room 210 & 230 AB

Recommend

Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language

Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language

Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language JACOB Grgoire 1/2 , DEBAR Herv 1 , FILIOL Eric 2 1 Orange Labs / France Tlcom R&D, Security and Trusted Transactions (MAPS/STT). 2

327 views • 21 slides
Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim,

Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim,

Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim, Simon Rehwald, Antoine Scemama, Florian Andres, Alexander Pretschner Technische Universitt Mnchen Department of Informatics Chair of Software

512 views • 24 slides
INTERPRETABILITY AND INTERPRETABILITY AND EXPLAINABILITY EXPLAINABILITY Christian Kaestner

INTERPRETABILITY AND INTERPRETABILITY AND EXPLAINABILITY EXPLAINABILITY Christian Kaestner

INTERPRETABILITY AND INTERPRETABILITY AND EXPLAINABILITY EXPLAINABILITY Christian Kaestner Required reading: Data Skeptic Podcast Episode Black Boxes are not Required with Cynthia Rudin (32min) or Rudin, Cynthia. " Stop

1.79k views • 141 slides
Problems and methods for attribute detection of social network users Anton Korshunov Institute

Problems and methods for attribute detection of social network users Anton Korshunov Institute

Problems and methods for attribute detection of social network users Anton Korshunov Institute for System Programming of Russian Academy of Sciences RCDL-2013 Contents Network Level: User Community Detection 1 User Level: Demographic

628 views • 41 slides
Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse) Detection Intrusion Detection Host-based Network-based Boriana Ditcheva and Lisa Fowler Active/Passive University of North Carolina at

401 views • 12 slides
I ntroduction I ntrusion Detection How prevalent are DoS attacks? Backscatter and Global

I ntroduction I ntrusion Detection How prevalent are DoS attacks? Backscatter and Global

I ntroduction I ntrusion Detection How prevalent are DoS attacks? Backscatter and Global Analysis Quantitative analysis Long term predictions and Stefan Zota recurring patterns of attacks Measurement and Global Analysis The UNIVERSITY

474 views • 14 slides
Interpretability and functional transparency Tommi Jaakkola in collaboration with David Alvarez

Interpretability and functional transparency Tommi Jaakkola in collaboration with David Alvarez

Interpretability and functional transparency Tommi Jaakkola in collaboration with David Alvarez Melis, Guang-He Lee, et al. Many facets of interpretability Many facets of interpretability uncover causal mechanisms [Garg et al.

809 views • 31 slides
Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J.

Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J.

Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J. RUBIO-HERNAN and J. GARCIA-ALFARO Agenda Introduction State of the Art Physical-layer Failure Detection Mechanisms Conclusion & Future

465 views • 28 slides
Interpretability of Machine Learning for Computer Vision Xinshuo Weng* *Most slides borrowed

Interpretability of Machine Learning for Computer Vision Xinshuo Weng* *Most slides borrowed

Interpretability of Machine Learning for Computer Vision Xinshuo Weng* *Most slides borrowed from CVPR 2018 tutorial and Stanford Type of interpretability methods Type of interpretability methods Type of interpretability methods Type of

392 views • 27 slides
Interpretability in PRA Marta Bilkova , Dick de Jongh , and Joost J. Joosten ,

Interpretability in PRA Marta Bilkova , Dick de Jongh , and Joost J. Joosten ,

Why and how study interpretability Proof theoretic characteristics of PRA Modal matters Interpretability in PRA Marta Bilkova , Dick de Jongh , and Joost J. Joosten , Institute for Logic Language and Computation University of

743 views • 62 slides
The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline

The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline

The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline What is interpretability ? What are its desiderata? What model properties confer interpretability? Caveats, pitfalls, and takeaways

1.17k views • 25 slides
The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline

The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline

The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline What is interpretability ? What are its desiderata? What model properties confer interpretability? Caveats, pitfalls, and takeaways

604 views • 24 slides
Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea Politehnica University of Timi soara CMACS seminar, CMU, 18 March 2010 In this talk Formalizing attacks on protocols denial of service by

732 views • 45 slides
Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System

Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System

Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System Management Mode ACSAC, December 7, 2017 Ronny Chevalier 1,2 Maugan Villatel 1 David Plaquin 1 Guillaume Hiet 2 1 HP Labs, United Kingdom (

875 views • 45 slides
Interpretability in NLP: Moving Beyond Vision Shuoyang Ding Microsoft Translator Talk Series

Interpretability in NLP: Moving Beyond Vision Shuoyang Ding Microsoft Translator Talk Series

Interpretability in NLP: Moving Beyond Vision Shuoyang Ding Microsoft Translator Talk Series Oct 10th, 2019 Work done in collaboration with Philipp Koehn and Hainan Xu Outline A Quick Tour of Interpretability Model Transparency

974 views • 93 slides
Evaluation of Amplification attacks in large-scale networks to improve detection performance

Evaluation of Amplification attacks in large-scale networks to improve detection performance

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Amplification attacks in large-scale networks to improve detection performance Michael Kpferl Interdisciplinary Project Final

517 views • 49 slides
Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc

Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc

Poisoning Attacks on Federated Le Learning-based In Intrusion Detection System Thien Duc Nguyen, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi Typical IoT Devices 2 IoT The S stands for Security 3 Mirai: Largest Disruptive

508 views • 33 slides
Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez

Introduction Demirci and Sel cuk Attack Differential Enumeration Technique Conclusion Exhausting Demirci-Sel cuk Meet-in-the-Middle Attacks against Reduced-Round AES Patrick Derbez 1 Pierre-Alain Fouque 1 , 2 Ecole Normale Sup

1.25k views • 60 slides
Interpretability and Robustness for Multi-Hop QA Mohit Bansal (MRQA-EMNLP 2019 Workshop) 1

Interpretability and Robustness for Multi-Hop QA Mohit Bansal (MRQA-EMNLP 2019 Workshop) 1

Interpretability and Robustness for Multi-Hop QA Mohit Bansal (MRQA-EMNLP 2019 Workshop) 1 Multihop-QAs Diverse Requirements Interpretability and Modularity Multiple Reasoning Chains Assembling Adversarial Shortcut Robustness

947 views • 52 slides
Interpretability and the arithmetized completeness theorem (Taishi Kurahashi)

Interpretability and the arithmetized completeness theorem (Taishi Kurahashi)

Interpretability The arithmetized completeness theorem An application More investigations Interpretability and the arithmetized completeness theorem (Taishi Kurahashi) (Kobe University) 2011 12 0911

1.11k views • 109 slides
2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image

2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image

2019 Research Experience for Undergraduates Detection of Data Poisoning Attacks on Image Classification Models Harsh Kachhadia Co-Advisors: Dr. Amin Alipour and Dr. Ioannis Kakadiaris Motivation Deep Learning models, due to their

204 views • 19 slides
Customized protocol modeling for detection of guessing and DoS attacks Bogdan Groza Marius Minea

Customized protocol modeling for detection of guessing and DoS attacks Bogdan Groza Marius Minea

Customized protocol modeling for detection of guessing and DoS attacks Bogdan Groza Marius Minea Institute e-Austria Timi soara and Politehnica University of Timi soara Formal Methods for Components and Objects Graz, 30 November 2010

416 views • 26 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides

More recommend