ai and security lessons challenges future directions
play

AI and Security: Lessons, Challenges & Future Directions Dawn - PowerPoint PPT Presentation

Jun 21, 2023 •122 likes •919 views

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AlphaGo: Winning over World Champion Source: David Silver Achieving Human-Level Performance on ImageNet Classification Source: Kaiming He Deep Learning

  1. AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley

  2. AlphaGo: Winning over World Champion Source: David Silver

  3. Achieving Human-Level Performance on ImageNet Classification Source: Kaiming He

  4. Deep Learning Powering Everyday Products theverge.com pcmag.com

  5. Attacks are increasing in scale & sophistication

  6. Massive DDoS Caused by IoT Devices Botnet of over 400,000 Mirai bots over 160 countries • Security cameras/webcams/baby monitors • Home routers • • One of the biggest DDoS attacks • Over 1Tbps combined attack traffic source: Incpasula Geographical distribution of Mirai bots in recent DDoS attack

  7. WannaCry: One of the Largest Ransomware Breakout • Used EternalBlue, an exploit of Windows’ Server Message Block (SMB) protocol. • Infected over 200,000 machines across 150 countries in a few days • Ask for bitcoin payment to unlock encrypted files

  8. Biggest Data Breaches Of the 21st Century Equifax (2017) 143000000 Adult Friend Finder (2016) 412200000 Anthem (2015) 78800000 eBay (2014) 145000000 JP Morgan Chase (2014) 76000000 Home Depot (2014) 56000000 Yahoo (2013) 3000000000 Target Stores (2013) 110000000 Adobe (2013) 38000000 US Office of Personnel Management (2012) 22000000 Sony's Playstation Network (2011) 77000000 RSA Security (2011) 40000000 Heartland Payment Systems (2008) 134000000 TJX Companies, Inc (2006) 94000000 0 750 1,500 2,250 3,000 Millions Source: csoonline.com

  9. Attacks Entering New Landscape Ukrain power outage by cyber attack Millions of dollars lost in targeted impacted over 250,000 customers attacks in SWIFT banking system

  10. How will (in)security impact 
 the deployment of AI? Security AI How will the rise of AI 
 alter the security landscape?

  11. IoT devices are plagued with vulnerabilities from third-party code

  12. Deep learning for vulnerability detection in IoT Devices Firmware Raw Feature (dissembler) Files Extraction Code Graph Cosine Similarity Vulnerability Code Graph Function Neural Network-based Graph Embedding for Cross-Platform Binary Code Search [XLFSSY, ACM Computer and Communication Symposium 2017]

  13. Deep learning for vulnerability detection in IoT Devices Training time: Identified vulnerabilities Previous work: > 1 week among top 50: Our approach: < 30 mins Previous work: 10/50 Our approach: 42/50 Serving time (per function): Previous work: a few mins Our work: a few milliseconds 10,000 times faster

  14. AI Enables Stronger Security Capabilities • Automatic vulnerability detection & patching • Automatic agents for attack detection, analysis, & defense

  15. One fundamental weakness of cyber systems is humans 80+% of penetrations and hacks start with a social engineering attack 70+% of nation state attacks [FBI, 2011/Verizon 2014]

  16. AI Enables Chatbot for Phishing Detection Phishing Detection Chatbot for booking flights, Chatbot for social engineering attack finding restaurants detection & defense

  17. AI Enables Stronger Security Capabilities • Automatic vulnerability detection & patching • Automatic agents for attack detection, analysis, & defense • Automatic verification of software security

  18. AI Agents to Prove Theorems & Verify Programs Automatic Theorem Proving Deep Reinforcement Learning for Program Verification Agent Learning to Play Go

  19. 
 
 
 Enabler • AI enables new security capabilities • Security enables better AI 
 Integrity: produces intended/correct results 
 (adversarial machine learning) 
 Security AI Confidentiality/Privacy: does not leak users’ sensitive data 
 (secure, privacy-preserving machine learning) 
 Preventing misuse of AI Enabler

  20. AI and Security: AI in the presence of attacker Important to • History has shown attacker always follows footsteps of new consider the technology development (or sometimes even leads it) 
 presence of • The stake is even higher with AI attacker • As AI controls more and more systems, attacker will have higher & higher incentives • As AI becomes more and more capable, the consequence of misuse by attacker will become more and more severe

  21. 
 AI and Security: AI in the presence of attacker • Attack AI Cause the learning system to not produce intended/correct results • Cause learning system to produce targeted outcome designed by attacker • Learn sensitive information about individuals • • Need security in learning systems 
 • Misuse AI Misuse AI to attack other systems • Find vulnerabilities in other systems; Devise attacks • • Need security in other systems

  22. Deep Learning Systems Are Easily Fooled ostrich Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. Intriguing properties of neural networks. ICLR 2014.

  24. STOP Signs in Berkeley

  25. Adversarial Examples in Physical World Adversarial examples in physical world remain effective under different viewing distances, angles, other conditions Lab Test Summary (Stationary) Target Class: Speed Limit 45 Misclassify Camo Subtle Poster Camo Art Subtle Poster Camo Graffiti Art Evtimov, Ivan, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, and Dawn Song. “Robust Physical-World Attacks on Machine Learning Models.” arXiv preprint arXiv:1707.08945 (2017).

  26. Drive-by Test Adversarial examples in physical world & remain effective under different viewing distances, angles, other conditions

  27. Adversarial Examples Are Prevalent in Deep Learning Systems

  28. Adversarial Examples Prevalent in Deep Learning Systems • Most existing work on adversarial examples: • Image classification task • Target model is known • Our investigation on adversarial examples: Deep Generative Blackbox Reinforcement Models Attacks Learning Weaker Threat Models (Target model is unknown) VisualQA/ New Attack Image-to-code Methods Other tasks and model classes Provide more diversity of attacks

  29. Generative models ● VAE-like models (VAE, VAE-GAN) use an intermediate latent representation ● An encoder : maps a high-dimensional input into lower- dimensional latent representation z . ● A decoder: maps the latent representation back to a high-dimensional reconstruction.

  30. Adversarial Examples in Generative Models ● An example attack scenario: ● Generative model used as a compression scheme ● Attacker’s goal: for the decompressor to reconstruct a different image from the one that the compressor sees.

  31. Adversarial Examples for VAE-GAN in MNIST Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  32. Adversarial Examples for VAE-GAN in SVHN Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  33. Adversarial Examples for VAE-GAN in SVHN Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  34. Visual Question & Answer (VQA) Multimodal Compact Bilinear Pooling for Visual Question Answering and Visual Grounding, Fukui et al., https://arxiv.org/abs/1606.01847

  35. Answer: VQA Q: Where is Runway Mode the plane? l Benign image VQA Fooling VQA Sky Mode Target: Sky l Adversarial example

  36. Answer: VQA Q: How many 1 Mode cats are there? l Benign image VQA Fooling VQA 2 Mode Target: 2 l Adversarial example

  37. Adversarial Examples Fooling Deep Reinforcement Learning Agents Score Original Frames with Original Frames No. of steps Adversarial Perturbation Jernej Kos and Dawn Song: Delving into adversarial attacks on deep policies [ICLR Workshop 2017].

  38. A General Framework for Black-box attacks • Zero-Query Attack (Previous methods) • Random perturbation • Difference of means • Transferability-based attack • Practical Black-Box Attacks against Machine Learning [Papernot et al. 2016] • Ensemble transferability-based attack [ Yanpei Liu, Xinyun Chen, Chang Liu, Dawn Song: Delving into Transferable Adversarial Examples and Black-box Attacks, ICLR 2017] • Query Based Attack (new method) • Finite difference gradient estimation • Query reduced gradient estimation • Results: similar effectiveness to whitebox attack • A general active query game model 


  39. Black-box Attack on Clarifai Adversarial example, classified Original image, classified as as “safe” with a confidence of “drug” with a confidence of 0.99 0.96 The Gradient-Estimation black-box attack on Clarifai’s Content Moderation Model

  40. Numerous Defenses Proposed Ensemble Normalization Distributional detection Detection PCA detection Secondary classification Stochastic Generative Training process Prevention Architecture Retrain Pre-process input

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and

AI and Security: Lessons, Challenges &amp; Future Directions Dawn Song UC Berkeley AI and Security Enabler AI Security Enabler AI enables security applications Security enables better AI Integrity: produces intended/correct

1.03k views • 81 slides
DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by technology trends, unforeseen events, special needs, previous commitments, policy, mistakes, innovation, etc. What follows is some personal

538 views • 20 slides
International social security standards and challenges to social security Lessons for a

International social security standards and challenges to social security Lessons for a

15 th PPF MEMBERS CONFERENCE Arusha 19-21 October 2005 International social security standards and challenges to social security Lessons for a Tanzanian reform debate Krzysztof Hagemejer Policy coordinator Social Security Department,

499 views • 47 slides
U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles

U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles

U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles Policy Director Natural Resources Defense Council Senate Briefing on Alternative Fuels Sponsored by the American Chemical Society February 6, 2009

421 views • 14 slides
Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for

Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for

Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for Accelerator R&amp;D at Fermilab Workshop May 11-13, 2009 - Lake Geneva, Wisconsin Joachim Grillenberger Paul-Scherrer-Institut, CH-Villigen Workshop on the

547 views • 21 slides
Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in

Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in

Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in Spatial Demography December 12, 2011 US Census 2010 Standard Hierarchy of Census Geographic Entities Boundaries and Mobility Immigration

323 views • 18 slides
Future directions in convective Future directions in convective parameterization

Future directions in convective Future directions in convective parameterization

Future directions in convective Future directions in convective parameterization parameterization What has a NWP to do ? Provide best possible short-range Forecast (not too difficult with a good Analysis System) Provide best possible

595 views • 21 slides
Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions

Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions

Andreas Holzinger VO 709.049 Medical Informatics 14.10.2015 11:15 12:45 Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions a.holzinger@tugraz.at Tutor: markus.plass@student.tugraz.at http://hci

972 views • 80 slides
Future Directions in High Future Directions in High P Performance Computing Performance

Future Directions in High Future Directions in High P Performance Computing Performance

Future Directions in High Future Directions in High P Performance Computing Performance Computing P f f C C ti ti Jack Dongarra k INNOVATIVE COMP ING LABORATORY U i University of Tennessee i f T Oak Ridge National Laboratory

653 views • 46 slides
CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural

CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural

Current challenges in intellectual property rights and biotechnology Bansk Bystrica, May 2 and 3, 2007 CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural Sciences Comenius Univ. in Bratislava

182 views • 14 slides
Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio Garcia University of Birmingham Joint work with Roel Verdult, David Oswald, Timo Kasper, Josep Balasch, Baris Ege, Pierre Pavlides The automotive

697 views • 65 slides
WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein,

WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein,

WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein, Director Energy &amp; Extractives Global Practice E NERGY S ECTOR D IRECTIONS P APER , 2013 Towards a Sustainable Energy Future for All O BJECTIVE

226 views • 22 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018

The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018

The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018 Basics Generally, the manner in which utilities must procure contracts and evaluate tenders is determined by the Utilities Contracts Regulations 2016

537 views • 14 slides
Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future research directions Ian Goodfellow, Sta ff Research Scientist, Google Brain 1st IEEE Deep Learning and Security Workshop, May 24, 2018 This document

726 views • 36 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information Security Theory and Practices 1 4 September 2009, Brussels, Belgium Summary A brief reminder about RFID. Description of the threats, state of

880 views • 41 slides
Water and Sustainable Development Satoshi Kojima Director, Economy and Environment Group, , y

Water and Sustainable Development Satoshi Kojima Director, Economy and Environment Group, , y

Asian Youth Exchange Program in Okinawa 2010 Water and Sustainable Development Satoshi Kojima Director, Economy and Environment Group, , y p, Institute for Global Environmental Strategies (IGES) National Okinawa Youth Friendship Center, 12

492 views • 13 slides
Andrew Stepp | Session 4: Leviticus Review of last week Why study Leviticus? Why is it

Andrew Stepp | Session 4: Leviticus Review of last week Why study Leviticus? Why is it

Andrew Stepp | Session 4: Leviticus Review of last week Why study Leviticus? Why is it so hard to understand? A Brief but Painful Quiz An Outline of the Book A Couple of Redeeming Thoughts Weekly Reading Plan Ch.

718 views • 36 slides
Conservation Education, Communication and Outreach Success Stories: Bridging the Gap Between

Conservation Education, Communication and Outreach Success Stories: Bridging the Gap Between

Conservation Education, Communication and Outreach Success Stories: Bridging the Gap Between Conservation and Communities and Solving Conservation Problems by Changing Behavior NAAEE Annual Meeting Pre-Conference Workshop Bridging

930 views • 62 slides
Fisheries, I CM, MPAs and Scaling-up to MPA networks in the Coral Triangle Alan T. White Senior

Fisheries, I CM, MPAs and Scaling-up to MPA networks in the Coral Triangle Alan T. White Senior

Fisheries, I CM, MPAs and Scaling-up to MPA networks in the Coral Triangle Alan T. White Senior Scientist, The Global Marine Initiative The Nature Conservancy What is the Coral Triangle Initiative? Six objectives/strategies overall 1.

599 views • 24 slides
A ROADMAP TO BETTER HEALTH COMMISSIONER HARRY CHEN Senate Appropriations - February 14, 2017 VDH

A ROADMAP TO BETTER HEALTH COMMISSIONER HARRY CHEN Senate Appropriations - February 14, 2017 VDH

A ROADMAP TO BETTER HEALTH COMMISSIONER HARRY CHEN Senate Appropriations - February 14, 2017 VDH Budget Highlights FY 18 Introduction Performance Management at Health Strategic Prevention Activities across Health Chronic

872 views • 83 slides
F UNCTION OF A RTICLE XX Article XX allows a WTO Member to adopt or enforce a measure that is

F UNCTION OF A RTICLE XX Article XX allows a WTO Member to adopt or enforce a measure that is

T RAINING P ROGRAMME F OR T HE G OVERNMENT O F I NDONESIA S ESSION 4: The GATT 1994: General and Security Exceptions Jogjakarta, Indonesia 26-29 March 2019 A GENDA I. General Exceptions 1. Function of Article XX 2. Structure of Article XX

587 views • 33 slides
Theme- 1 Impact of pesticides on environment, plant and trade under national and International

Theme- 1 Impact of pesticides on environment, plant and trade under national and International

Theme- 1 Impact of pesticides on environment, plant and trade under national and International regulations Abstracts accepted Sr. Lead/Corresponding Presentation Name of abstracts No. authors type Relative Toxicity of Various Insecticides

805 views • 11 slides
The counter-hegemonic challenge of Polish neo-traditionalism. This research is part of a project

The counter-hegemonic challenge of Polish neo-traditionalism. This research is part of a project

FATIGUE Comparative Analysis Workshop: Discourse The role of culture and tradition in the shift towards illiberal democracy: The counter-hegemonic challenge of Polish neo-traditionalism. This research is part of a project that has received

317 views • 13 slides

More recommend