gradient masking in machine learning
play

Gradient Masking in Machine Learning Nicolas Papernot Pennsylvania - PowerPoint PPT Presentation

Jul 23, 2023 •104 likes •432 views

@NicolasPapernot Gradient Masking in Machine Learning Nicolas Papernot Pennsylvania State University ARO Workshop on Adversarial Machine Learning, Stanford September 2017 @NicolasPapernot Thank you to our collaborators Sandy Huang

  1. @NicolasPapernot Gradient Masking in Machine Learning Nicolas Papernot Pennsylvania State University ARO Workshop on Adversarial Machine Learning, Stanford September 2017

  2. @NicolasPapernot Thank you to our collaborators Sandy Huang (Berkeley) Pieter Abbeel (Berkeley) Somesh Jha (U of Wisconsin) Michael Backes (CISPA) Alexey Kurakin (Google) Dan Boneh (Stanford) Praveen Manoharan (CISPA) Z. Berkay Celik (Penn State) Patrick McDaniel (Penn State) Yan Duan (OpenAI) Arunesh Sinha (U of Michigan) Ian Goodfellow (Google) Ananthram Swami (US ARL) Matt Fredrikson (CMU) Florian Tramèr (Stanford) Kathrin Grosse (CISPA) Michael Wellman (U of Michigan) 2

  3. Gradient Masking 3

  4. Training Small when prediction is correct on legitimate input 4

  5. Adversarial training Small when prediction is Small when prediction is correct on legitimate input correct on adversarial input 5

  6. Gradient masking in adversarially trained models Direction of Direction of the adversarially another model’s trained model’s gradient gradient Tramèr et al. Ensemble Adversarial Training: Attacks and Defenses 6 Illustration adapted from slides by Florian Tramèr

  7. Gradient masking in adversarially trained models Adversarial example Non-adversarial example Direction of Direction of the adversarially another model’s trained model’s gradient gradient Tramèr et al. Ensemble Adversarial Training: Attacks and Defenses 7 Illustration adapted from slides by Florian Tramèr

  8. Gradient masking in adversarially trained models Adversarial example Non-adversarial example Non-adversarial example Direction of the Direction of adversarially trained another model’s model’s gradient gradient Tramèr et al. Ensemble Adversarial Training: Attacks and Defenses 8 Illustration adapted from slides by Florian Tramèr

  9. Evading gradient masking (1) Threat model: white-box adversary Attack: (1) Random step (of norm alpha) (2) FGSM step (of norm eps - alpha) Tramèr et al. Ensemble Adversarial Training: Attacks and Defenses 9 Illustration adapted from slides by Florian Tramèr

  10. Evading gradient masking (2) Threat model: black-box attack Attack: (1) Learn substitute for defended model (2) Find adversarial direction using substitute Papernot et al. Practical Black-Box Attacks against Machine Learning 10 Papernot et al. Towards the Science of Security and Privacy in Machine Learning

  11. Attacking black-box models Local Black-box substitute ML sys “no truck sign” “STOP sign” (1) The adversary queries the remote ML system with synthetic inputs to learn a local substitute. 11 Papernot et al. Practical Black-box Attacks Against Machine Learning

  12. Attacking black-box models “yield sign” Local Black-box substitute ML sys (2) The adversary uses the local substitute to craft adversarial examples. 12 Papernot et al. Practical Black-box Attacks Against Machine Learning

  13. Adversarial example transferability 13 Papernot et al. Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples

  14. Large adversarial subspaces enable transferability On average: 44 orthogonal directions -> 25 transfer 14 Tramèr et al. The Space of Transferable Adversarial Examples

  15. Adversarial training Small when prediction is Small when prediction is correct on legitimate input correct on adversarial input gradient is not adversarial 15

  16. Ensemble Adversarial Training 16

  17. Ensemble adversarial training Intuition: present adversarial gradients from multiple models during training Adversarial Model A gradient 17

  18. Ensemble adversarial training Intuition: present adversarial gradients from multiple models during training Model A Inference 18

  19. Ensemble adversarial training Intuition: present adversarial gradients from multiple models during training Adversarial Model A Model B Model C Model D gradient 19

  20. Ensemble adversarial training Intuition: present adversarial gradients from multiple models during training Adversarial Model A Model B Model C Model D gradient 20

  21. Ensemble adversarial training Intuition: present adversarial gradients from multiple models during training Adversarial Model A Model B Model C Model D gradient 21

  22. Ensemble adversarial training Intuition: present adversarial gradients from multiple models during training Adversarial Model A Model B Model C Model D gradient 22

  23. Ensemble adversarial training Intuition: present adversarial gradients from multiple models during training Adversarial Model A Model B Model C Model D gradient 23

  24. Ensemble adversarial training Intuition: present adversarial gradients from multiple models during training Model A Model B Model C Model D Inference 24

  25. Experimental results on MNIST (from holdout) 25

  26. Experimental results on ImageNet (from holdout) 26

  27. Reproducible Adversarial ML research with CleverHans 27

  28. CleverHans library guiding principles 1. Benchmark reproducibility 2. Can be used with any TensorFlow model 3. Always include state-of-the-art attacks and defenses 28

  29. Growing community 1.1K+ stars 290+ forks 35 contributors 29

  30. Adversarial examples represent worst-case distribution drifts 30 [DDS04] Dalvi et al. Adversarial Classification (KDD)

  31. Adversarial examples are a tangible instance of hypothetical AI safety problems 31 Image source: http://www.nerdist.com/wp-content/uploads/2013/07/Space-Odyssey-4.jpg

  32. nicolas@papernot.fr www.cleverhans.io @NicolasPapernot ? Thank you for listening! Get involved at: github.com/tensorflow/cleverhans This research was funded by: 32

Recommend

Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh COMP 551 (Fall 2020)

Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh COMP 551 (Fall 2020)

Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh COMP 551 (Fall 2020) Learning objectives Basic idea of gradient descent stochastic gradient descent method of momentum using an adaptive learning rate sub-gradient

568 views • 34 slides
Machine Learning (CSE 446): Gradient Descent and Stochastic Gradient Descent Sham M Kakade

Machine Learning (CSE 446): Gradient Descent and Stochastic Gradient Descent Sham M Kakade

Machine Learning (CSE 446): Gradient Descent and Stochastic Gradient Descent Sham M Kakade 2018 c University of Washington cse446-staff@cs.washington.edu 1 / 12 Announcements Midterm: Weds, Feb 7th. Policies: You may use a single

333 views • 18 slides
CS 6316 Machine Learning Gradient Descent Yangfeng Ji Department of Computer Science University

CS 6316 Machine Learning Gradient Descent Yangfeng Ji Department of Computer Science University

CS 6316 Machine Learning Gradient Descent Yangfeng Ji Department of Computer Science University of Virginia Overview 1. Gradient Descent 2. Stochastic Gradient Descent 3. SGD with Momentum 4. Adaptive Learning Rates 1 Gradient Descent

767 views • 66 slides
Rapid Stochastic Gradient Descent Accelerating Machine Learning Statistical Machine Learning

Rapid Stochastic Gradient Descent Accelerating Machine Learning Statistical Machine Learning

The imagination driving Australia s ICT future. Nicol N. Schraudolph Rapid Stochastic Gradient Descent Accelerating Machine Learning Statistical Machine Learning Program www.nicta.com.au The imagination driving

591 views • 27 slides
Reinforcement Learning for Continuous State and Action Spaces Gradient Methods 1 MACHINE LEARNING

Reinforcement Learning for Continuous State and Action Spaces Gradient Methods 1 MACHINE LEARNING

MACHINE LEARNING 2012 MACHINE LEARNING TECHNIQUES AND APPLICATIONS Reinforcement Learning for Continuous State and Action Spaces Gradient Methods 1 MACHINE LEARNING 2012 Reinforcement Learning (RL) Supervised Learning Unsupervised

777 views • 51 slides
Machine Learning (CSE 446): Learning as Minimizing Loss: Regularization and Gradient Descent

Machine Learning (CSE 446): Learning as Minimizing Loss: Regularization and Gradient Descent

Machine Learning (CSE 446): Learning as Minimizing Loss: Regularization and Gradient Descent Sham M Kakade c 2018 University of Washington cse446-staff@cs.washington.edu 1 / 12 Announcements Assignment 2 due tomo. Midterm: Weds,

520 views • 23 slides
Stochastic gradient methods for machine learning Francis Bach INRIA - Ecole Normale Sup

Stochastic gradient methods for machine learning Francis Bach INRIA - Ecole Normale Sup

Stochastic gradient methods for machine learning Francis Bach INRIA - Ecole Normale Sup erieure, Paris, France Joint work with Nicolas Le Roux, Mark Schmidt and Eric Moulines - November 2013 Context Machine learning for big data

961 views • 63 slides
Stochastic gradient methods for machine learning Francis Bach INRIA - Ecole Normale Sup

Stochastic gradient methods for machine learning Francis Bach INRIA - Ecole Normale Sup

Stochastic gradient methods for machine learning Francis Bach INRIA - Ecole Normale Sup erieure, Paris, France Joint work with Eric Moulines, Nicolas Le Roux and Mark Schmidt - January 2013 Context Machine learning for big data

777 views • 52 slides
Learning to learn by gradient descent by gradient descent Liyan Jiang July 18, 2019 1

Learning to learn by gradient descent by gradient descent Liyan Jiang July 18, 2019 1

Learning to learn by gradient descent by gradient descent Liyan Jiang July 18, 2019 1 Introduction The general aim of machine learning is always learning the data by itself, with as less human efforts as possible. Then it comes to the focus

396 views • 10 slides
Dynamic gradient estimation in machine learning Thomas Flynn Abstract The optimization problems

Dynamic gradient estimation in machine learning Thomas Flynn Abstract The optimization problems

Dynamic gradient estimation in machine learning Thomas Flynn Abstract The optimization problems arising in machine learning form some of the most theoret- ically challenging and computationally demanding problems in numerical computing today.

593 views • 45 slides
Machine Learning Lecture 2 Justin Pearson 1 2020 1

Machine Learning Lecture 2 Justin Pearson 1 2020 1

Machine Learning Lecture 2 Justin Pearson 1 2020 1 http://user.it.uu.se/~justin/Teaching/MachineLearning/index.html 1 / 39 Todays plan A (review) of elementary calculus. Gradient Descent for optimisation. Linear Regression as Gradient

407 views • 39 slides
ADVANCED MACHINE LEARNING Non-linear regression techniques (SVR and extensions, GPR, Gradient

ADVANCED MACHINE LEARNING Non-linear regression techniques (SVR and extensions, GPR, Gradient

ADVANCED MACHINE LEARNING ADVANCED MACHINE LEARNING Non-linear regression techniques (SVR and extensions, GPR, Gradient Boosting) 1 1 ADVANCED MACHINE LEARNING Regression: Principle N Map N-dim. input to a continuous

906 views • 89 slides
Thermostatic Controls for Noisy Gradient Systems and Applications to Machine Learning Ben

Thermostatic Controls for Noisy Gradient Systems and Applications to Machine Learning Ben

Thermostatic Controls for Noisy Gradient Systems and Applications to Machine Learning Ben Leimkuhler University of Edinburgh Joint work with C. Matthews (Chicago), G. Stoltz (ENPC-Paris), M. Tretyakov (Nottingham) X. Shang (PhD student,

370 views • 34 slides
Applied Machine Learning Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh

Applied Machine Learning Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh

Applied Machine Learning Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh Siamak Ravanbakhsh COMP 551 COMP 551 (winter 2020) (winter 2020) 1 Learning objectives Learning objectives Basic idea of gradient descent

1.17k views • 103 slides
Applied Machine Learning Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh

Applied Machine Learning Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh

Applied Machine Learning Applied Machine Learning Gradient Descent Methods Siamak Ravanbakhsh Siamak Ravanbakhsh COMP 551 COMP 551 (winter 2020) (winter 2020) 1 Learning objectives Learning objectives Basic idea of gradient descent

520 views • 37 slides
Large Scale Machine Learning with Stochastic Gradient Descent L eon Bottou leon@bottou.org

Large Scale Machine Learning with Stochastic Gradient Descent L eon Bottou leon@bottou.org

Large Scale Machine Learning with Stochastic Gradient Descent L eon Bottou leon@bottou.org Microsoft (since June) Summary i. Learning with Stochastic Gradient Descent. ii. The Tradeoffs of Large Scale Learning. iii. Asymptotic Analysis.

853 views • 37 slides
CSI5180. MachineLearningfor BioinformaticsApplications Fundamentals of Machine Learning

CSI5180. MachineLearningfor BioinformaticsApplications Fundamentals of Machine Learning

CSI5180. MachineLearningfor BioinformaticsApplications Fundamentals of Machine Learning Gradient Descent by Marcel Turcotte Version November 6, 2019 Preamble Preamble 2/52 Preamble Fundamentals of Machine Learning Gradient Descent

1.37k views • 90 slides
Logistic Regression Gradient Descent + SGD Machine Learning for Big Data CSE547/STAT548,

Logistic Regression Gradient Descent + SGD Machine Learning for Big Data CSE547/STAT548,

Case Study 1: Estimating Click Probabilities Intro Logistic Regression Gradient Descent + SGD Machine Learning for Big Data CSE547/STAT548, University of Washington Sham Kakade March 29, 2016 1 Ad Placement Strategies Companies bid on

426 views • 26 slides
Op Optimization for Machine Learning: g: Be Beyon ond St Stoc ochastic Gradient Descent

Op Optimization for Machine Learning: g: Be Beyon ond St Stoc ochastic Gradient Descent

Op Optimization for Machine Learning: g: Be Beyon ond St Stoc ochastic Gradient Descent Elad Hazan References and more info: http://www.cs.princeton.edu/~ehazan/tutorial/MLSStutorial.htm Based on: [Agarwal, Bullins, Hazan ICML 16]

860 views • 40 slides
In-Database Machine Learning: Using Gradient Descent and Tensor Algebra Maximilian E. Schle,

In-Database Machine Learning: Using Gradient Descent and Tensor Algebra Maximilian E. Schle,

Chair III: Database Systems, Professorship for Data Mining and Analytics Chair XXV: Data Science and Engineering Department of Informatics Technical University of Munich In-Database Machine Learning: Using Gradient Descent and Tensor Algebra

370 views • 19 slides
Outline IAML: Optimization Why we use optimization in machine learning The general

Outline IAML: Optimization Why we use optimization in machine learning The general

Outline IAML: Optimization Why we use optimization in machine learning The general optimization problem Gradient descent Nigel Goddard Problems with gradient descent School of Informatics Batch versus online Second-order

333 views • 6 slides
Conditional gradient algorithms for machine learning Zaid Harchaoui LEAR and LJK, INRIA Joint

Conditional gradient algorithms for machine learning Zaid Harchaoui LEAR and LJK, INRIA Joint

Conditional gradient algorithms for machine learning Zaid Harchaoui LEAR and LJK, INRIA Joint work with A. Juditsky (Grenoble U., France) and A. Nemirovski (GeorgiaTech) and Matthijs Douze, Miro Dudik, Jerome Malick, Mattis Paulin Gargantua

901 views • 41 slides
Machine Learning Lecture 03: Logistic Regression and Gradient Descent Nevin L. Zhang

Machine Learning Lecture 03: Logistic Regression and Gradient Descent Nevin L. Zhang

Machine Learning Lecture 03: Logistic Regression and Gradient Descent Nevin L. Zhang lzhang@cse.ust.hk Department of Computer Science and Engineering The Hong Kong University of Science and Technology This set of notes is based on internet

538 views • 51 slides
Applied Machine Learning Applied Machine Learning Gradient Computation & Automatic

Applied Machine Learning Applied Machine Learning Gradient Computation & Automatic

Applied Machine Learning Applied Machine Learning Gradient Computation & Automatic Differentiation Siamak Ravanbakhsh Siamak Ravanbakhsh COMP 551 COMP 551 (winter 2020) (winter 2020) 1 Learning objectives Learning objectives using the

539 views • 25 slides

More recommend