making and measuring progress in adversarial machine
play

Making and Measuring Progress in Adversarial Machine Learning - PowerPoint PPT Presentation

Sep 15, 2023 •316 likes •1.12k views

Making and Measuring Progress in Adversarial Machine Learning Nicholas Carlini Google Research Act I Background Why should we care about adversarial examples? Make ML Make ML robust better Act II An Apparent Problem Let's go

  1. Making and Measuring Progress in Adversarial Machine Learning Nicholas Carlini Google Research

  3. Act I 
 Background

  8. Why should we care about adversarial examples? Make ML Make ML robust better

  10. Act II 
 An Apparent Problem

  11. Let's go back to ~5 years ago ...

  12. Generative Adversarial Nets SotA, 2014

  13. Progressive Growing of GANs SotA, 2017

  15. Evasion Attacks against ML 
 at Test Time SotA, 2013

  16. Exploiting Excessive Invariance caused by Norm-Bounded Adversarial Robustness SotA, 2019

  17. that is ... ... less impressive

  18. 3 years: 6 years:

  19. Why?

  21. Act III 
 Measuring Progress

  22. Have we even made any progress?

  23. A Brief History of time defenses - Oakland'16 - broken - ICLR'17 - broken - CCS'17 - broken - ICLR'18 - broken (mostly) - CVPR'18 - broken - NeurIPS'18 - broken (some)

  24. Have we even made any progress?

  25. Is this a constant cat-and-mouse game?

  26. What does it mean to make progress?

  27. What does it mean to make progress? Learning something new .

  28. A Brief History of time defenses - Oakland'16 - gradient masking - ICLR'17 - attack objective functions - CCS'17 - transferability of examples - ICLR'18 - obfuscated gradients

  29. A Brief History of time defenses - Oakland'16 - gradient masking - ICLR'17 - attack objective functions - CCS'17 - transferability of examples - ICLR'18 - obfuscated gradients - 2019 - ???

  30. Measure by how much 
 we learn; not by how 
 much robustness we gain.

  32. Act IV 
 Making Progress 
 (for defenses)

  33. While we have learned 
 a lot, it's less than I would have hoped.

  35. Cargo Cult Evaluations

  36. Going through the motions is insufficient to do proper security evaluations

  37. An all too common paper:

  38. An all too common paper:

  39. The two types of defenses: Defenses that 
 Defenses that 
 are broken by 
 are broken by 
 existing attacks new attacks

  40. Exciting new directions

  41. Exciting new directions

  42. Exciting new directions

  43. Exciting new directions

  45. Act IV ½
 Making Progress 
 (for attacks)

  46. Advice for performing evaluations

  48. Perform Adaptive Attacks

  49. An all too common paper:

  50. Ensure correct implementations

  51. An all too common paper:

  52. An all too common paper:

  53. Use meaningful threat models

  54. An all too common paper:

  55. An all too common paper:

  56. An all too common paper:

  57. Compute Worst-Case Robustness

  58. An all too common paper:

  59. An all too common paper:

  60. An all too common paper:

  61. Compare to Prior Work

  62. An all too common paper:

  63. Sanity-Check Conclusions

  64. An all too common paper:

  65. An all too common paper:

  66. Making errors in defense evaluations is okay . Making errors in 
 attack evaluations is not.

  67. Breaking a defense is useful ... ... teaching a lesson is better

  68. Exciting new directions

  69. Exciting new directions

  70. Exciting new directions

  71. Exciting new directions

  72. Exciting new directions

  73. Exciting new directions

  74. Exciting new directions

  76. Act VI 
 Conclusions

  77. Research new topics Do good science Progress is learning

  78. Questions? nicholas@carlini.com https://nicholas.carlini.com

  79. References Biggio et al. Evasion Attacks on Machine Learning at Test Time. 
 https://arxiv.org/abs/1708.06131 Jaconbsen et al. Exploiting Excessive Invariance caused by Norm-Bounded Adversarial Robustness 
 https://arxiv.org/abs/1903.10484 Carlini et al. On Evaluating Adversarial Robustness. 
 https://arxiv.org/abs/1902.06705 Chou et al. SentiNet: Detecting Physical Attacks Against Deep Learning Systems. 
 https://arxiv.org/abs/1812.00292 Shumailov et al. Sitatapatra: Blocking the Transfer of Adversarial Samples. 
 https://arxiv.org/abs/1901.08121 Ilyas et al. Adversarial Examples Are Not Bugs, They Are Features. 
 https://arxiv.org/abs/1905.02175 Brendel et al. Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning 
 https://arxiv.org/abs/1712.04248 Wong et al. Wasserstein Adversarial Examples via Projected Sinkhorn Iterations 
 https://arxiv.org/abs/1902.07906.

Recommend

AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning Florian Tramr November

AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning Florian Tramr November

AdVersarial: Perceptual Ad Blocking meets Adversarial Machine Learning Florian Tramr November 14 th 2019 Joint work with Pascal Dupr, Gili Rusak, Giancarlo Pellegrino and Dan Boneh The Future of Ad-Blocking easylist.txt markup

612 views • 23 slides
Making the case and measuring progress: towards a systems approach to healthy and sustainable

Making the case and measuring progress: towards a systems approach to healthy and sustainable

Making the case and measuring progress: towards a systems approach to healthy and sustainable food Sustainable Food Cities Cardiff University Agenda 2 2.05 Housekeeping 2.05 2.20 1- Sustainable Food Cities & the problem of

726 views • 39 slides
Measuring and Achieving Societal Progress: A Paradigm Shift Enrico Giovannini President of the

Measuring and Achieving Societal Progress: A Paradigm Shift Enrico Giovannini President of the

Measuring and Achieving Societal Progress: A Paradigm Shift Enrico Giovannini President of the Italian Statistical Institute The Istanbul Declaration (1) A culture of evidence-based decision making has to be promoted at all levels of

409 views • 18 slides
Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections

Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections

Towards Measuring Adversarial Twitter Interactions against Candidates in the US Midterm Elections Yiqing Hua Thomas Ristenpart Mor Naaman Cornell Tech, Cornell University Presentation for ICWSM 2020 Find the slides and paper on

357 views • 21 slides
Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop September 14, 2017 Why Prove Things? Attackers often have more motivation/resources than defenders Heuristic defenses: arms race between attack and

738 views • 52 slides
Measuring Progress against Diversity Objectives: A Quantitative Workshop Workshop Description

Measuring Progress against Diversity Objectives: A Quantitative Workshop Workshop Description

Minority Corporate Counsel Association (MCCA) 9 th Annual Creating Pathways to Diversity Conference November 20, 2008 Measuring Progress against Diversity Objectives: A Quantitative Workshop Workshop Description Measuring Progress against

188 views • 4 slides
Adversarial Machine Learning (AML) Somesh Jha University of Wisconsin, Madison Thanks to

Adversarial Machine Learning (AML) Somesh Jha University of Wisconsin, Madison Thanks to

Adversarial Machine Learning (AML) Somesh Jha University of Wisconsin, Madison Thanks to Nicolas Papernot, Ian Goodfellow, and Jerry Zhu for some slides . Machine learning brings social disruption at scale Healthcare Energy Source: Peng and

821 views • 71 slides
Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of

Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of

Vulnerability of machine learning models to adversarial examples Petra Vidnerov Institute of Computer Science The Czech Academy of Sciences Hora Informaticae 2016 Outline Introduction Works on adversarial examples Our work Genetic

855 views • 46 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning Training Examples Hidden units / BICYCLE features CAR PEDESTRIA N Parameters Input ImageNet (Russakovsky et al 2015) Adversarial Examples: Images

369 views • 19 slides
Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann Department of Informatics Technical University of Munich 28.10.2019 Adversarial Robustness of Machine Learning Models for Graphs S. Gnnemann Can you

669 views • 27 slides
1. Making SpaceFor Reflection 2. NavigatingAndCommunicatingConstantChange 3. Making Progress

1. Making SpaceFor Reflection 2. NavigatingAndCommunicatingConstantChange 3. Making Progress

1. Making SpaceFor Reflection 2. NavigatingAndCommunicatingConstantChange 3. Making Progress AmidstChaos 4. StayingAheadOfTheCompetition 5. FindingT alentInAGoodEconomy 6. Overwhelm 7. Retaining T opT alent 8. BuildingAStrongManagementT

669 views • 63 slides
Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine

Towards Attack-Agnostic Defense for 2D and 3D Recognition Hao Su Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems Long Beach, CA, USA 1 Outline Background and Motivation Project-based Defense Mechanism

761 views • 72 slides
Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain

Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain

Progressive GAN CoGAN LR-GAN MedGAN CGAN IcGAN A ff GAN DiscoGAN LS-GAN BIM LAPGAN MPM-GAN AdaGAN FGSM iGAN LSGAN InfoGAN IAN ATN Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain McGAN

562 views • 39 slides
Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain

Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain

Progressive GAN CoGAN LR-GAN MedGAN CGAN IcGAN A ff GAN DiscoGAN LS-GAN BIM LAPGAN MPM-GAN AdaGAN FGSM iGAN LSGAN InfoGAN IAN ATN Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain McGAN

860 views • 45 slides
Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain

Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain

Progressive GAN CoGAN LR-GAN MedGAN CGAN IcGAN A ff GAN DiscoGAN LS-GAN BIM LAPGAN MPM-GAN AdaGAN FGSM iGAN LSGAN InfoGAN IAN ATN Adversarial Machine Learning MIX+GAN Ian Goodfellow, Sta ff Research Scientist, Google Brain McGAN

797 views • 42 slides
Generative Adversarial Nets(GANs) Troy Cary and Chenzhi Zhao A generative adversarial net is

Generative Adversarial Nets(GANs) Troy Cary and Chenzhi Zhao A generative adversarial net is

Generative Adversarial Nets(GANs) Troy Cary and Chenzhi Zhao A generative adversarial net is a type of neural net, used in deep learning/machine learning problems The goal of a GAN is to train two simultaneous models: a generative model

441 views • 18 slides
Adversarial Decision-Making Brian J. Stankiewicz University of Texas, Austin Department Of

Adversarial Decision-Making Brian J. Stankiewicz University of Texas, Austin Department Of

Introduction Empirical Studies Future Directions/Ideas Summary & Conclusions Adversarial Decision-Making Brian J. Stankiewicz University of Texas, Austin Department Of Psychology & Center for Perceptual Systems & Consortium for

588 views • 37 slides
When foes are friends adversarial examples as protective technologies Carmela Troncoso

When foes are friends adversarial examples as protective technologies Carmela Troncoso

When foes are friends adversarial examples as protective technologies Carmela Troncoso @carmelatroncoso Security and Privacy Engineering Lab The machine learning revolution 2 Machine Learning ) Definition (Wikipedia) Machine learning [...]

965 views • 58 slides
Machine Learning Lecture 13: Generative Adversarial Networks (I) Nevin L. Zhang

Machine Learning Lecture 13: Generative Adversarial Networks (I) Nevin L. Zhang

Machine Learning Lecture 13: Generative Adversarial Networks (I) Nevin L. Zhang lzhang@cse.ust.hk Department of Computer Science and Engineering The Hong Kong University of Science and Technology This set of notes is based on internet

826 views • 54 slides
Recent Advances in Adversarial Machine Learning Nicholas Carlini Google Research Recent

Recent Advances in Adversarial Machine Learning Nicholas Carlini Google Research Recent

Recent Advances in Adversarial Machine Learning Nicholas Carlini Google Research Recent Advances in Adversarial (Examples in) Machine Learning Nicholas Carlini Google Research The Year is 2014 Someone tells you they have a new algorithm to

1.52k views • 139 slides
Adversarial Machine Learning Daniel Lowd University of Oregon

Adversarial Machine Learning Daniel Lowd University of Oregon

Adversarial Machine Learning Daniel Lowd University of Oregon Example: Spam Filtering From: spammer@example.com 1. Cheap mortgage now!!! Feature Weights cheap = 1.0

316 views • 14 slides
Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of

Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of

@NicolasPapernot Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of California, Berkeley Nicolas Papernot Pennsylvania State University Did you git clone https://github.com/carlini/odsc_adversarial_nn ?

493 views • 46 slides
Recent Trends in Adversarial Machine Learning Thanks to Ian Goodfellow, Somesh Jha, Patrick

Recent Trends in Adversarial Machine Learning Thanks to Ian Goodfellow, Somesh Jha, Patrick

Recent Trends in Adversarial Machine Learning Thanks to Ian Goodfellow, Somesh Jha, Patrick McDaniel, and Nicolas Papernot for some slides December 4, 2018 Berkay Celik How it works training Learning Algorithm Training Data Model

536 views • 35 slides

More recommend