when foes are friends adversarial examples as protective
play

When foes are friends adversarial examples as protective - PowerPoint PPT Presentation

Aug 09, 2023 •379 likes •965 views

When foes are friends adversarial examples as protective technologies Carmela Troncoso @carmelatroncoso Security and Privacy Engineering Lab The machine learning revolution 2 Machine Learning ) Definition (Wikipedia) Machine learning [...]

  1. When foes are friends adversarial examples as protective technologies Carmela Troncoso @carmelatroncoso Security and Privacy Engineering Lab

  2. The machine learning revolution 2

  3. Machine Learning ) Definition (Wikipedia) Machine learning [...] gives " computers the ability to learn without being explicitly programmed " [and] [...] explores the study and construction of algorithms that can learn from and make predictions on data – such algorithms overcome following strictly static program instructions by making data-driven predictions or decisions, through building a model from sample inputs. Data Machine learning Services 3

  4. Machine Learning Data Learning / Model Training Expected Output Data Machine learning Services 4

  5. Machine Learning Data New Learning / Model Model Output Data Training Expected Output Data Machine learning Services 5

  6. Adversarial machine learning Adversarial Poisoning examples 6

  7. Adversarial machine learning New Output Model Data Crafted testing samples that get misclassified by an ML algorithm Adversarial examples 7 https://ai.googleblog.com/2018/09/introducing-unrestricted-adversarial.html

  8. Adversarial machine learning Data Model Learning Expected Output Crafted training samples that change the decision boundaries of an ML algorithm Poisoning 8

  9. Adversarial machine learning is here to stay Crafted training Crafted testing samples that samples that get change the decision misclassified by boundaries of an an ML algorithm ML algorithm Adversarial Poisoning examples 9

  10. 10

  11. 11

  12. Three ways of using adversarial examples as defensive technologies For Security For Privacy For Social Justice Adversarial examples to defend from Adversarial examples as adversarial machine learning uses security metrics 12

  13. Three ways of using adversarial examples as defensive technologies For Security For Privacy For Social Justice Adversarial examples to defend from Adversarial examples as adversarial machine learning uses security metrics 13

  14. Defending against adversarial examples?

  15. Defending against adversarial examples?

  16. Defending against adversarial examples? Adversarial training training on simulated adversarial examples

  17. Does this solve security problems? Adversarial training training on simulated adversarial examples

  18. Does this solve security problems? Adversarial training training on simulated adversarial examples Random Noise Images

  19. Does this solve security problems? Malware ??? Twitter ??? Bots ??? Spam

  20. Does this solve security problems? Malware ??? In security problems examples belong to a DISCRETE and CONSTRAINED domain Twitter F EASIBILITY C OST ??? Bots How can we become the enemy? ??? Spam

  21. Does this solve security problems? Malware ??? In security problems examples belong to a DISCRETE and CONSTRAINED domain Twitter F EASIBILITY C OST ??? Bots How can we become the enemy? ??? Spam

  22. Does this solve security problems? Malware ??? In security problems examples belong to a DISCRETE and CONSTRAINED domain Twitter F EASIBILITY C OST ??? Bots How can we become the enemy? ??? Spam

  23. Number of followers : x Our approach: search as a graph Age of account : y ML 23

  24. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new 24

  25. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new Number of followers : few Number of followers : few Number of followers : few Age of account : 3 years Age of account : 1 year Age of account : 2 years 25

  26. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new Number of followers : few Number of followers : few Number of followers : few Age of account : 3 years Age of account : 1 year Age of account : 2 years Number of followers : some Number of followers : many Age of account : 1 year Age of account : 1 year 26

  27. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new In security problems examples belong to a DISCRETE and CONSTRAINED domain Number of followers : few Number of followers : few Number of tweets : few F EASIBILITY C OST Age of account : 3 years Age of account : 1 year Age of account : 2 years How can we become the enemy? Number of followers : some Number of followers : many Age of account : 1 year Age of account : 1 year 27

  28. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new $7 $2 $4 Number of followers : few Number of followers : few Number of tweets : few Age of account : 3 years Age of account : 1 year Age of account : 2 years $8 $2 Number of followers : some Number of followers : many Age of account : 1 year Age of account : 1 year cost = $2 + $2 = $4 cost = $2 + $8 = $10 28

  29. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new In security problems examples belong to a DISCRETE and CONSTRAINED domain $7 $2 $4 Number of followers : few Number of followers : few Number of tweets : few F EASIBILITY C OST Age of account : 3 years Age of account : 1 year Age of account : 2 years How can we become the enemy? $8 $2 Number of followers : some Number of followers : many Age of account : 1 year Age of account : 1 year cost = $2 + $2 = $4 cost = $2 + $8 = $10 29

  30. The graph approach comes with more advantages Enables the use of graph theory to EFFICIENTLY find adversarial examples ( A*, beam search, hill climbing, etc ) C APTURES most attacks in the literature! (comparison base) 30

  31. The graph approach comes with more advantages Enables the use of graph theory to EFFICIENTLY find adversarial examples ( A*, beam search, hill climbing, etc ) C APTURES most attacks in the literature! (comparison base) Find MINIMAL COST adversarial examples if - The discrete domain is a subset of R m For example, categorical one-hot encoded features: [0 1 0 0] - Cost of each single transformation is L p For example, L ∞ ([0 1 0 0], [1 0 0 0]) = 1 - We can compute pointwise robustness for the target classifier over R m 31

  32. A* search with a heuristic Pointwise robustness over R m 32

  33. A* search with a heuristic 33

  34. A* search with a heuristic 34

  35. Minimal adversarial example found! 35

  36. Minimal adversarial example found! 36

  37. Minimal adversarial example found! Confidence of the example 37

  38. Is this really efficient? l =d  just flip decision 38

  39. Is this really efficient? l >d  high confidence example 39

  40. Is this really efficient? l >d  high confidence example 40

  41. Why is this relevant? MINIMAL COST adversarial examples can become security metrics! Cost can be associated with RISK Cannot stop attacks, but can we ensure they are expensive? Constrained domains security Continuous-domains approaches can be very conservative! 41

  42. Applicability Non-linear models: - approximate heuristics - transferability (basic attacks transfer worse than high confidence) Faster search: - tradeoff guarantees vs. search speed (e.g., hill climbing) Other cost functions 42

  43. Three ways of using adversarial examples as defensive technologies For Security For Privacy For Social Justice Adversarial examples to defend from Adversarial examples as adversarial machine learning uses security metrics 43

  44. Adversarial examples are only adversarial when you are the algorithm!

  45. Machine learning as a privacy adversary ML Privacy-oriented Literature Data Service Avoid that learns about data 45

  46. Machine learning as a privacy adversary ML Privacy-oriented Literature Data Actively (maybe not willingly) provide data. Solutions like Service Differential privacy and Encryption are suitable Avoid that learns about data 46

  47. Machine learning as a privacy adversary ML Privacy-oriented Literature Data Actively (maybe not willingly) provide data. Solutions like Service Differential privacy and Encryption are suitable No active sharing! Cannot count on Avoid that learns about data 47

  48. Adversarial examples as privacy defenses Data Inferences 48

  49. Adversarial examples as privacy defenses Data Inferences Goal: modify the data to avoid inferences Social networks data, browsing patterns, traffic patterns, location … 49

  50. Adversarial examples as privacy defenses Data Inferences Goal: modify the data to avoid inferences Social networks data, browsing patterns, traffic patterns, location … Privacy solutions are also CONSTRAINED in FEASIBILITY and COST ! 50

  51. Protecting from traffic analysis Encrypted traffic trace ML Apps, webs, words,… 51

  52. Protecting from traffic analysis Encrypted traffic trace ML Apps, webs, words,… Add 1 packet in position 1 Add 2 packets Add 1 packet Add 1 packet … in position 1 in position 2 in position N F EASIBLE perturbations: - Add packets Add 3 packets Add 2 packets … - Delay packets in position 2 in position 1 52

Recommend

MapReduce and Parallel DBMSs: Friends or Foes? Presented by Guozhang Wang DB Lunch, May 3 rd ,

MapReduce and Parallel DBMSs: Friends or Foes? Presented by Guozhang Wang DB Lunch, May 3 rd ,

MapReduce and Parallel DBMSs: Friends or Foes? Presented by Guozhang Wang DB Lunch, May 3 rd , 2010 Papers to Be Covered in This Talk CACM10 MapReduce and Parallel DBMSs: Friends or Foes? VLDB09 HadoopDB: An Architectural

535 views • 42 slides
Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML models that an attacker has intentionally designed to cause the model to make a mistake 1 Why this is interesting: Safety. Interpretability.

881 views • 22 slides
Friends & Foes: Preventing Selfishness in Mobile Ad Hoc Networks Hugo Miranda and Lu s

Friends & Foes: Preventing Selfishness in Mobile Ad Hoc Networks Hugo Miranda and Lu s

Friends & Foes: Preventing Selfishness in Mobile Ad Hoc Networks Hugo Miranda and Lu s Rodrigues hmiranda@di.fc.ul.pt Universidade de Lisboa DIAL-NP - LaSIGE MDC03 p.1 Outline Motivation Load balancing Selfishness

612 views • 21 slides
Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen Hailes By XincenYu What is it about Propose a new decentralized defense for portable devices called MobID Every device manages two small

256 views • 24 slides
TH3-611 Presentation Outline & Reflection Questions Faith & Science Friends, not Foes!

TH3-611 Presentation Outline & Reflection Questions Faith & Science Friends, not Foes!

TH3-611 Presentation Outline & Reflection Questions Faith & Science Friends, not Foes! How Can Religious Look in a Science Classroom? Mariette P. Baxendale, Ph.D. Science Department Chair Biology & Forensic Science Teacher

320 views • 3 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of California, San Diego Adversarial Examples Gibbon Panda Small perturbation to legitimate inputs causing misclassification Adversarial Examples Can

1.41k views • 42 slides
FROM FOES TO FRIENDS: FOREIGN TROOPS IN POST- CONFLICT SITUATIONS No Self-contained Status

FROM FOES TO FRIENDS: FOREIGN TROOPS IN POST- CONFLICT SITUATIONS No Self-contained Status

Dr Aurel Sari FROM FOES TO FRIENDS: FOREIGN TROOPS IN POST- CONFLICT SITUATIONS No Self-contained Status Regime Status under jus post bellum is useful to start from the legal status under general international law problem: there is no

418 views • 22 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
From Foes to Friends Briefly About Me Trainer, Data Coach, Developer, Project Manager

From Foes to Friends Briefly About Me Trainer, Data Coach, Developer, Project Manager

SQL and NAV: From Foes to Friends Briefly About Me Trainer, Data Coach, Developer, Project Manager Favorites: SQL and PowerShell (and getting into Python) I am data centric not necessarily NAV centric. Accounting and financial

807 views • 47 slides
The World Within Micro-organisms in the Digestive Tract: Friends, Foes, and Visitors Janice M.

The World Within Micro-organisms in the Digestive Tract: Friends, Foes, and Visitors Janice M.

The World Within Micro-organisms in the Digestive Tract: Friends, Foes, and Visitors Janice M. Joneja, Ph.D 2002 The Internal Landscape 2 The Digestive Tract Each site within the digestive tract is designed for optimal function :

1.12k views • 68 slides
Dedicated to Paul Epstein Friends or Foes? Pim Martens Maastricht University-Leuphana University

Dedicated to Paul Epstein Friends or Foes? Pim Martens Maastricht University-Leuphana University

14-11-11 Biodiversity and Health Dedicated to Paul Epstein Friends or Foes? Pim Martens Maastricht University-Leuphana University -Stellenbosch University Thanks to Dolf de Groot Biodiversity and ecosystem func2ons crucial

375 views • 4 slides
Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy* Colin Ra ff el Jacob Ian Buckman* Goodfellow *joint first author Adversarial Examples Adversarial Definitely Probably panda perturbation

607 views • 15 slides
BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto,

BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto,

BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto, Matteo Sereno Dipartimento di informatica Universit di Torino Peer to peer and file sharing applications Peer to peer paradigm has a huge

821 views • 14 slides
Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Slides: http://tiny.cc/adversarial Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are Adversarial Examples? panda gibbon 57.7% confidence 99.3% confidence [Goodfellow et al, ICLR 2015 ]

1.56k views • 43 slides
Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali

Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali

Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali Munir Michigan State University Michigan State University Ghufran Baig, Syed M. Irteza, Ihsan A. Qazi, Alex X. Liu, Fahad R. Dogar Data Center (DC)

1.34k views • 66 slides
? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr

Todays Story: How I got my first Death Threat ? AdVersarial: Defeating Perceptual Ad Blocking with Adversarial Examples Florian Tramr October 8 th 2019 Joint work with Pascal Dupr, Gili Rusak, Giancarlo Pellegrino and Dan Boneh The

415 views • 29 slides
Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &

Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, &

Explaining and Harnessing Adversarial Examples Ian J. Goodfellow, Jonathon Shlens, & Christian Szegedy Presented by - Kawin Ethayarajh and Abhishek Tiwari Introduction - adversarial examples : Inputs formed by applying small but

1.49k views • 103 slides
Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial

Neglected topics CS 446 Adversarial examples and deep networks 1 / 23 Adversarial examples? Standard ML setup: We have training data; try to do well on withheld testing data. Adversarial/robust ML setup: We have training

672 views • 27 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Security Seminar, Stanford University, 2017-01-17 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

939 views • 44 slides
Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning

Physical Adversarial Examples Alex Kurakin Ian Goodfellow Output STOP Machine Learning Training Examples Hidden units / BICYCLE features CAR PEDESTRIA N Parameters Input ImageNet (Russakovsky et al 2015) Adversarial Examples: Images

369 views • 19 slides
On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac

On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac

On the Defense Against Adversarial Examples Beyond the Visible Spectrum Anthony Ortiz 1 , Olac Fuentes 1 , Dalton Rosario 2 , Christopher Kiekintveld 1 1 Department of Computer Science, UTEP 2 US Army Research Laboratory Adversarial Examples on

460 views • 19 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest

Adversarial Examples and Adversarial Training Ian Goodfellow, OpenAI Research Scientist Guest lecture for CS 294-131, UC Berkeley, 2016-10-05 In this presentation Intriguing Properties of Neural Networks Szegedy et al, 2013

660 views • 44 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Standard Adversarial Examples Given image x ; target class y Maximize with projected gradient descent: Standard Adversarial Examples Standard

560 views • 15 slides

More recommend