abuses and misuses of ai prevention vs reaction
play

Abuses and misuses of AI: prevention vs reaction Red Teaming in the - PowerPoint PPT Presentation

Mar 06, 2023 •192 likes •983 views

Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world Cristian Canton Ferrer Research Manager (AI Red Team @ Facebook) Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world ...with Manipulated

  1. Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world Cristian Canton Ferrer Research Manager (AI Red Team @ Facebook)

  2. Abuses and misuses of AI: prevention vs reaction Red Teaming in the AI world ...with Manipulated Media as an example Cristian Canton Ferrer Research Manager (AI Red Team @ Facebook)

  3. Outline Introduction Abuses Misuses Prevention Reaction and Mitigation

  4. Introduction

  5. What is the current situation of AI? Research on adversarial attacks has growth since the advent of DNNs Credits: Nicolas Carlini for the graph (https://nicholas.carlini.com/)

  6. Adversarial attack ⇏ GAN

  7. Input image Attacked image Adversarial noise Category: Panda (57.7% confidence) Category: Gibbon (99.3% confidence) + = Abuse of an AI system to force it to make a calculated mistake Credit: Goodfellow et al. "Explaining and harnessing adversarial examples" , ICLR 2015.

  8. What is a Red Team?

  9. What is a Red Team? Wikipedia T "A Red Team is a group that helps organizations to improve themselves by providing opposition to the point of view of the organization that they are helping."

  10. What is a Red Team? At the origin, everything started with the: "Advocatus Diaboli" Pope Sixtus V (1521-1590)

  11. What is a Red Team? The advent of Red Teaming in the modern era: The Yom Kippur War and the 10th Man Rule

  12. What is a Red Team? The advent of Red Teaming in the modern era: The Yom Kippur War and the 10th Man Rule Bryce G. Ho ff man, "Red Teaming", 2017. Micah Zenko, "Red Team", 2015.

  13. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production

  14. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company

  15. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks

  16. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI

  17. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI • Conform a group of experts across all involved aspects of a real system

  18. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI • Conform a group of experts across all involved aspects of a real system • Convince stakeholders of the importance and potential impact of a worst case scenario and ideate solutions: preventions or mitigations

  19. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI • Conform a group of experts across all involved aspects of a real system • Convince stakeholders of the importance and potential impact of a worst case scenario and ideate solutions: preventions or mitigations • Define iterative and periodic interactions with stakeholders

  20. What does an AI Red Team do? • Bring the "loyal" adversarial mentality into the AI world, specially for systems in production • Understand the risk landscape of your company • Identify, evaluate and prioritize risks and feasible attacks • Conceive worst case scenarios derived from abuses and misuses of AI • Conform a group of experts across all involved aspects of a real system • Convince stakeholders of the importance and potential impact of a worst case scenario and ideate solutions: preventions or mitigations • Define iterative and periodic interactions with stakeholders • Defenses? No: that's for the blue team!

  21. Red Queen Dynamics "...it takes all the running you can do, to keep in the same place. If you want to get somewhere else, you must run at least twice as fast as that!" Lewis Carroll, Through the Looking-Glass

  22. Red Queen Dynamics

  23. Risk estimation AI Risk = Severity x Likelihood

  24. Risk estimation AI Risk = Severity x Likelihood • Core metrics for your company • Financial • Data leakage, privacy • PR • Human • Mitigation cost, response time • ...

  25. Risk estimation AI Risk = Severity x Likelihood • Discoverability • Implementation cost / Feasibility • Motivation • ...

  26. Risk estimation AI Risk = Severity x Likelihood

  27. A first (real) example This is"objectionable content" (99%)

  28. A first (real) example This is safe content (95%)

  29. Abuses Maximum speed 60 MPH Eykholt et al. "Robust Physical-World Attacks on Deep Learning Visual Classification", 2018.

  30. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019.

  31. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019.

  32. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019. Sitawarin et al., "DARTS: Deceiving Autonomous Cars with Toxic Signs", 2018.

  33. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019. Wu et al., "Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors", 2020.

  34. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019. Alberti et al., "Are You Tampering With My Data?", 2018. Origina

  35. Origina

  36. Attacking dateset biases De Vries et al., "Does Object RecognitionWork for Everyone?", 2019.

  37. Attacking dateset biases De Vries et al., "Does Object RecognitionWork for Everyone?", 2019.

  38. Attacking dateset biases Geographical distribution of classification accuracy De Vries et al., "Does Object RecognitionWork for Everyone?", 2019.

  39. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019. Alberti et al., "Are You Tampering With My Data?", 2018. Original Origina Poisoned

  40. Tabassi et al., "A Taxonomy and Terminology of Adversarial Machine Learning", 2019.

  41. Misuses

  42. Example case: Synthetic people Disclaimer: None of these individuals exist! StyleGAN Karras et al. "A Style-Based Generator Architecture for Generative Adversarial Networks" , 2019. Karras et al. "Analyzing and Improving the Image Quality of StyleGAN" , 2020.

  43. Example case: Synthetic people Disclaimer: None of these individuals exist! Plenty of potential good uses: • Creative purposes • Virtual characters • Semantic face editing Smile edition Karras et al. "A Style-Based Generator Architecture for Generative Adversarial Networks" , 2019. Shen et al. "Interpreting the Latent Space of GANs for Semantic Face Editing" , 2020. Karras et al. "Analyzing and Improving the Image Quality of StyleGAN" , 2020.

  44. Example case: Synthetic people Disclaimer: None of these individuals exist! Potentially "easy" to spot: • Generator residuals (in the image) Karras et al. "A Style-Based Generator Architecture for Generative Adversarial Networks" , 2019. Karras et al. "Analyzing and Improving the Image Quality of StyleGAN" , 2020.

  45. Example case: Synthetic people Disclaimer: None of these individuals exist! Potentially "easy" to spot: • Generator residuals (in the image) • Patterns in the frequency domain Karras et al. "A Style-Based Generator Architecture for Generative Adversarial Networks" , 2019. Wang et al. "CNN-generated images are surprisingly easy to spot... for now" , 2020. Karras et al. "Analyzing and Improving the Image Quality of StyleGAN" , 2020.

  46. Example case: Synthetic people Disclaimer: None of these individuals exist! Andrew Waltz Katie Jones Matilda Romero

  47. Example case: Synthetic people Disclaimer: None of these individuals exist! Andrew Waltz Katie Jones Matilda Romero "Real" profile pictures from fake social media users

  48. Example case: Synthetic people Disclaimer: None of these individuals exist! 87% Fake Carlini and Farid "Evading Deepfake-Image Detectors with White- and Black-Box Attacks" , 2020.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evolution of Pollution Prevention Reaction Mode Didnt look at the horizon, just

Evolution of Pollution Prevention Reaction Mode Didnt look at the horizon, just

O VERVIEW OF P OLLUTION P REVENTION IN THE W ASTEWATER I NDUSTRY Melody LaBella, PE and Colleen Henry BAYWORK Training Buffet November 14, 2018 Evolution of Pollution Prevention Reaction Mode Didnt look at the horizon, just responded

677 views • 67 slides
Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson

Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson

Prevention and Reaction Defending Privacy in the Web 2.0 Michael Hart Rob Johnson mhart@cs.stonybrook.edu Stony Brook University For all the Webs successes what is the cost to privacy? Main sources of privacy invasions

863 views • 21 slides
Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary

Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary

Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis Fabio Pagani 1 , Matteo DellAmico 2 , Davide Balzarotti 1 1 EURECOM 2 Symantec Research Labs ACM Conference on Data and Application Security

509 views • 36 slides
1 Enthaply vs. entropy in chemical reaction: S solid < S liquid << S gas Spontaneous

1 Enthaply vs. entropy in chemical reaction: S solid < S liquid << S gas Spontaneous

There are two fundamental tendencies in nature that help determine whether a reaction will occur: Topic 9.4 1. Enthalpy Enthalpy, entropy and spontaneity Energy change during reaction = heat of reaction ( H) Reactions tend toward lower

338 views • 3 slides
Throwing Light on Reaction Dynamics: H + HBr The thermal reaction of hydrogen gas ( H 2 ) and

Throwing Light on Reaction Dynamics: H + HBr The thermal reaction of hydrogen gas ( H 2 ) and

Throwing Light on Reaction Dynamics: H + HBr The thermal reaction of hydrogen gas ( H 2 ) and bromine gas ( Br 2 ) to form hydrogen bromide vapor ( HBr ) is a classic reaction: 22 +2rHBrHB Energetics ( thermodynamics ) tells us that

1.16k views • 83 slides
Resonances in the 12 C( , ) 16 O reaction I have asked myself the question what is the

Resonances in the 12 C( , ) 16 O reaction I have asked myself the question what is the

Resonances in the 12 C( , ) 16 O reaction I have asked myself the question what is the consequences of the nuclear resonances in the proposed experiment in inverse kinematics of the capture reaction? So far, the reaction was discussed as

222 views • 10 slides
The target of chemical organization theory are reaction networks. A reaction network consists of a

The target of chemical organization theory are reaction networks. A reaction network consists of a

The target of chemical organization theory are reaction networks. A reaction network consists of a set of molecules M and a set of reaction rules R. Therefore, we define a reaction network formally as a tuple M, R and call this tuple an

267 views • 22 slides
Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of

Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of

Share of Dealership Profits 70.0% 60.0% 50.0% Auto Lending Abuses: 40.0% The Pitfalls of Financing Cars 30.0% F&I Share of Dealer 20.0% Profits Presentation of Chris Kukla 10.0% NC State Bar Legal Assistance for Military Personnel

425 views • 5 slides
. . H Br Br H (radicals) . . H Br H Br reactions involving radicals and sequential

. . H Br Br H (radicals) . . H Br H Br reactions involving radicals and sequential

How is a chemical reaction happening? reaction mechanisms A reaction mechanism is the process by which chemical bonds are broken and formed in sequence so as to convert starting reagents into the observed products. There are three ways to break

439 views • 8 slides
(n,xn ) reaction cross section measurements for (n,xn) reaction studies M. Kerveno A.

(n,xn ) reaction cross section measurements for (n,xn) reaction studies M. Kerveno A.

WONDER 2012 3rd International Workshop on Nuclear Data Evaluation for Reactor Applications September 25-28, 2012 Aix en Provence, France (n,xn ) reaction cross section measurements for (n,xn) reaction studies M. Kerveno A. Bacquias, C.

526 views • 25 slides
Satire What is satire? Artistic form in which individual or human vices, abuses, or shortcomings

Satire What is satire? Artistic form in which individual or human vices, abuses, or shortcomings

Satire What is satire? Artistic form in which individual or human vices, abuses, or shortcomings are criticized using certain characteristics or methods Usually found in dramas and literature, but popping up in modern media forms such as

624 views • 21 slides
Invariant Relationships for Heterogeneous Reaction Systems Chemical Reaction Systems in Open

Invariant Relationships for Heterogeneous Reaction Systems Chemical Reaction Systems in Open

Invariants - Chemical Reaction Systems Introduction Motivation Definitions Heterogeneous Invariant Relationships for Heterogeneous Reaction Systems Chemical Reaction Systems in Open Reactors System Description Transformation to Vessel

251 views • 21 slides
Reaction Rates Reaction Rates C 4 H 9 Cl( aq ) + H 2 O( l ) C 4 H 9 OH( aq ) + HCl( aq )

Reaction Rates Reaction Rates C 4 H 9 Cl( aq ) + H 2 O( l ) C 4 H 9 OH( aq ) + HCl( aq )

kineticspresentationstudent notes 2014.notebook Kinetics Chemical Kinetics kineticsmultiplechoicefreeresponse questions only.doc 25 Rate and Order Comp.doc AP Reaction Rates 2013.docx ChemQuest 4442.doc Skill Practice 4244.doc

587 views • 14 slides
Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide

Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide

Uses and Abuses of Server-Side Requests Giancarlo Pellegrino 1 , Onur Catakoglu 2 , Davide Balzarotti 2 , and Christian Rossow 1 giancarlo.pellegrino@cispa.saarland 19th International Symposium on Research in Attacks, Intrusions and Defenses

564 views • 38 slides
Transfusion Reaction Algorithm 2018 Definition of Transfusion Reaction *Any untoward event that

Transfusion Reaction Algorithm 2018 Definition of Transfusion Reaction *Any untoward event that

Education for the Revised Transfusion Reaction Algorithm 2018 Definition of Transfusion Reaction *Any untoward event that occurs as a result of infusion of blood components or derivatives(plasma protein products) *Immediate or delayed

744 views • 40 slides
Making Users Feel Accountable: Deterring Abuses of Private Information within Information Systems

Making Users Feel Accountable: Deterring Abuses of Private Information within Information Systems

Making Users Feel Accountable: Deterring Abuses of Private Information within Information Systems Anthony Vance Braden Molyneux A long-standing tenet of information security is the Principle of Least Privilege: the concept that every

76 views • 5 slides
Navigating Phylogenetic Trees using Graphing Algorithms Giorlando Ramirez So...Whats the

Navigating Phylogenetic Trees using Graphing Algorithms Giorlando Ramirez So...Whats the

Navigating Phylogenetic Trees using Graphing Algorithms Giorlando Ramirez So...Whats the problem? -Phylogenetic trees can be huge, and calculating the distance in between species that are far away from each other in the tree can be

191 views • 7 slides
March 18 19, 2019 Sponsors and Organizers Summit Objectives Facilitate information

March 18 19, 2019 Sponsors and Organizers Summit Objectives Facilitate information

March 18 19, 2019 Sponsors and Organizers Summit Objectives Facilitate information exchange Build connections and community Explore specific challenges Launch ongoing collaboration Accelerate GB development globally

1.24k views • 54 slides
DOLPHINS, GIBBONS, AND GIANT SALAMANDERS: Is it possible to save Chinas threatened

DOLPHINS, GIBBONS, AND GIANT SALAMANDERS: Is it possible to save Chinas threatened

DOLPHINS, GIBBONS, AND GIANT SALAMANDERS: Is it possible to save Chinas threatened biodiversity? Samuel T. Turvey, Zoological Society of London SO LONG, AND THANKS FOR ALL THE FISHING: THE SORRY STORY OF THE YANGTZE RIVER DOLPHIN Samuel T.

471 views • 44 slides
ive Init nitiat iativ Henry Neeman, University of Oklahoma Assistant Vice President,

ive Init nitiat iativ Henry Neeman, University of Oklahoma Assistant Vice President,

The he OneOklahoma OneOklahoma Cyber berinf infras astruct uctur ure ive Init nitiat iativ Henry Neeman, University of Oklahoma Assistant Vice President, Information Technology Research Strategy Advisor Director, OU Supercomputing

449 views • 26 slides
Enabling Phylogenetic Research via the CIPRES Science Gateway Wayne Pfeiffer SDSC/UCSD

Enabling Phylogenetic Research via the CIPRES Science Gateway Wayne Pfeiffer SDSC/UCSD

Enabling Phylogenetic Research via the CIPRES Science Gateway Wayne Pfeiffer SDSC/UCSD August 5, 2013 In collaboration with Mark A. Miller, Terri Schwartz, & Bryan Lunt SDSC/UCSD Supported by NSF

238 views • 19 slides
Bootable Cluster CD Supercomputing 2011 Ivan Babic Andrew Fitz Gibbon Mobeen Ludin Earlham

Bootable Cluster CD Supercomputing 2011 Ivan Babic Andrew Fitz Gibbon Mobeen Ludin Earlham

Bootable Cluster CD Supercomputing 2011 Ivan Babic Andrew Fitz Gibbon Mobeen Ludin Earlham College Shodor Foundation Earlham College ibabic09 at cs.earlham.edu fitz at cs.earlham.edu mmludin08 at cs.earlham.edu Tom Murphy Charlie Peck

487 views • 17 slides
The Limited Power of Verification Queries in Message Authentication and Authenticated Encryption

The Limited Power of Verification Queries in Message Authentication and Authenticated Encryption

The Limited Power of Verification Queries in Message Authentication and Authenticated Encryption September 29, 2015 Atul Luykx, Bart Preneel, Kan Yasuda 1 / 15 Modes of Operation p E K F K E K 2 / 15 Modes of Operation p E K F K

428 views • 42 slides
Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API, High-Speed ImplementaCons in VHDL/Verilog, and Benchmarking Using FPGAs Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Michael

908 views • 53 slides

More recommend