Adversarial Examples and Adversarial Training Innova&ve - - PowerPoint PPT Presentation

adversarial examples and
SMART_READER_LITE
LIVE PREVIEW

Adversarial Examples and Adversarial Training Innova&ve - - PowerPoint PPT Presentation

Mar 28, 2024 326 likes •453 views

Adversarial Examples and Adversarial Training Innova&ve Technology Leader program January 22 nd 2018 Florian Tramr Stanford Deep Learning is Super Smart! 2 Is it really? + . 007 = Im sure this Im certain this is a panda is

slide-1
SLIDE 1

Adversarial Examples and Adversarial Training

Innova&ve Technology Leader program January 22nd 2018 Florian Tramèr Stanford

slide-2
SLIDE 2

Deep Learning is Super Smart!

2

slide-3
SLIDE 3

Is it really?

+ .007 ⇥ =

3

(Goodfellow et al. 2015)

I’m sure this is a panda I’m certain this is a gibbon (or an airplane)

slide-4
SLIDE 4

Adversarial Examples in ML

  • Images

Szegedy et al. 2013, Nguyen et al. 2015, Goodfellow et al. 2015, Papernot et al. 2016, Liu et al. 2016, Kurakin et al. 2016, …

  • Physical Objects

Sharif et al. 2016, Kurakin et al. 2017, EvWmov et al. 2017, Lu et al. 2017, Athalye et al. 2017

  • Malware

Šrndić & Laskov 2014, Xu et al. 2016, Grosse et al. 2016, Hu et al. 2017

  • Text Understanding

Papernot et al. 2016, Jia & Liang 2017

  • Speech

Carlini et al. 2015, Cisse et al. 2017

4

slide-5
SLIDE 5

CreaWng an adversarial example

5

ML Model

bird tree plane

Loss

bird

What happens if I nudge this pixel?

slide-6
SLIDE 6

CreaWng an adversarial example

6

ML Model

bird tree plane

Loss

bird

What happens if I nudge this pixel?

slide-7
SLIDE 7

CreaWng an adversarial example

7

ML Model

bird tree plane

Loss

bird

What about this one?

Maximize loss with gradient ascent

slide-8
SLIDE 8

Threat Model: Black-Box Adacks

8

ML Model

plane plane plane

Adversarial Examples transfer

ML Model

ML Model

slide-9
SLIDE 9

Defenses?

  • Ensembles
  • Preprocessing (blurring, cropping, etc.)
  • DisWllaWon
  • GeneraWve modeling
  • Adversarial training

9

slide-10
SLIDE 10

Adversarial Training

10

ML Model

bird

Loss ML Model

plane

Loss

adack

slide-11
SLIDE 11

Adversarial Training +/-

  • Pros

– IntuiWve approach – Gives strong formal and empirical guarantees

  • Cons

– Makes assumpWons on adacks – Can overfit (gradient masking)

11

  • f bird class

lp noise rotaWons lighWng

slide-12
SLIDE 12

Gradient-Masking: A non-defense

12

“smooth” model

  • Gradient-based adacks work
  • Black-box adacks work
  • Model is not robust!

“non-smooth” model

  • Model has no useful gradients
  • Black-box adacks sWll work!
  • Model is not robust either!

TKPBM, “Ensemble Adversarial Training: A5acks and Defenses”, 2017

birds airplanes birds airplanes