ai and security lessons challenges future directions
play

AI and Security: Lessons, Challenges & Future Directions Dawn - PowerPoint PPT Presentation

Apr 08, 2024 •216 likes •1.03k views

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AI and Security Enabler AI Security Enabler AI enables security applications Security enables better AI Integrity: produces intended/correct

  1. AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley

  2. AI and Security Enabler AI Security Enabler • AI enables security applications • Security enables better AI • Integrity: produces intended/correct results (adversarial machine learning) • Confidentiality/Privacy: does not leak users’ sensitive data (secure, privacy- preserving machine learning) • Preventing misuse of AI

  3. AI and Security: AI in the presence of attacker

  4. AI and Security: AI in the presence of attacker • Important to consider the presence of attacker • History has shown attacker always follows footsteps of new technology development (or sometimes even leads it) • The stake is even higher with AI • As AI controls more and more systems, attacker will have higher & higher incentives • As AI becomes more and more capable, the consequence of misuse by attacker will become more and more severe

  5. AI and Security: AI in the presence of attacker • Attack AI • Cause learning system to not produce intended/correct results • Cause learning system to produce targeted outcome designed by attacker • Learn sensitive information about individuals • Need security in learning systems • Misuse AI • Misuse AI to attack other systems • Find vulnerabilities in other systems • Target attacks • Devise attacks • Need security in other systems

  6. AI and Security: AI in the presence of attacker • Attack AI: • Cause learning system to not produce intended/correct results • Cause learning system to produce targeted outcome designed by attacker • Learn sensitive information about individuals • Need security in learning systems • Misuse AI • Misuse AI to attack other systems • Find vulnerabilities in other systems • Target attacks • Devise attacks • Need security in other systems

  7. Deep Learning Systems Are Easily Fooled ostrich Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. Intriguing properties of neural networks. ICLR 2014.

  9. STOP Signs in Berkeley

  10. Adversarial Examples in Physical World Can we generate adversarial examples in the physical world that remain effective under different viewing conditions and viewpoints, including viewing distances and angles? 10

  11. Adversarial Examples in Physical World Subtle Perturbations Evtimov, Ivan, Kevin Eykholt, Earlence Fernandes, Tadayoshi Kohno, Bo Li, Atul Prakash, Amir Rahmati, and Dawn Song. “Robust Physical-World Attacks on Machine Learning Models.” arXiv preprint arXiv:1707.08945 (2017). 11

  12. Adversarial Examples in Physical World Subtle Perturbations 12

  13. Adversarial Examples in Physical World Camouflage Perturbations 13

  14. Camouflage Perturbations 14

  15. Adversarial Examples in Physical World Adversarial perturbations are possible in physical world under different viewing conditions and viewpoints, including viewing distances and angles. Deep loss function: 15

  16. Adversarial Examples Prevalent in Deep Learning Systems • Most existing work on adversarial examples: • Image classification task • Target model is known • Our investigation on adversarial examples: Deep Generative Blackbox Reinforcement Models Attacks Learning Weaker Threat Models (Target model is unknown) VisualQA/ New Attack Image-to-code Methods Other tasks and model classes Provide more diversity of attacks

  17. Generative models ● VAE-like models (VAE, VAE-GAN) use an intermediate latent representation ● An encoder : maps a high-dimensional input into lower- dimensional latent representation z . ● A decoder: maps the latent representation back to a high- dimensional reconstruction.

  18. Adversarial Examples in Generative Models ● An example attack scenario: ● Generative model used as a compression scheme ● Attacker’s goal: for the decompressor to reconstruct a different image from the one that the compressor sees.

  19. Adversarial Examples for VAE-GAN in MNIST Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  20. Adversarial Examples for VAE-GAN in SVHN Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  21. Adversarial Examples for VAE-GAN in SVHN Target Image Original images Reconstruction of original images Adversarial examples Reconstruction of adversarial examples Jernej Kos, Ian Fischer, Dawn Song: Adversarial Examples for Generative Models

  22. Deep Reinforcement Learning Agent (A3C) Playing Pong Original Frames Jernej Kos and Dawn Song: Delving into adversarial attacks on deep policies [ICLR Workshop 2017].

  23. Adversarial Examples on A3C Agent on Pong Score No. of steps Jernej Kos and Dawn Song: Delving into adversarial attacks on deep policies [ICLR Workshop, 2017]

  24. Attacks Guided by Value Function Score Score No. of steps No. of steps Injecting adversarial perturbations Blindly injecting adversarial perturbations every 10 frames. guided by the value function.

  25. Agent in Action With FGSM perturbations With FGSM perturbations Original Frames ( 𝜗 = 0.005) inject in ( 𝜗 = 0.005) inject based every frame on value function Jernej Kos and Dawn Song: Delving into adversarial attacks on deep policies [ICLR Workshop 2017].

  26. Visual Q&A Given a question and an image, predict the answer.

  27. Studied VQA Models Model 1: MCB ( https://arxiv.org/abs/1606.01847 ) • Uses Multimodal Compact Bilinear pooling to combine the image feature and question embedding.

  28. Studied VQA Models Model 2: NMN ( https://arxiv.org/abs/1704.05526 ) • A representative of neural module networks • First predicts a network layout according to the question, then predicts the answer using the obtained network.

  29. Question: What color is the sky? Original answer: MCB - blue, NMN - blue. Target: gray. Answer after attack: MCB - gray, NMN - gray. benign image adversarial image for MCB adversarial image for NMN Xiaojun Xu, Xinyun Chen, Chang Liu, Anna Rohrbach, Trevor Darell, Dawn Song: Can you fool AI with adversarial examples on a visual Turing test?

  30. Question: Is it raining? Original answer: MCB - no, NMN - no. Target: yes. Answer after attack: MCB - yes, NMN - yes. benign image adv image for MCB adv image for NMN

  31. Question: What is on the ground? Original answer: MCB - sand, NMN - sand. Target: snow. Answer after attack: MCB - snow, NMN - snow. benign image adv image for MCB adv image for NMN

  32. Question: Where is the plane? Original answer: MCB - runway, NMN - runway. Target: sky. Answer after attack: MCB - sky, NMN - sky. benign image adv image for MCB adv image for NMN

  33. Question: What color is the traffic light? Original answer: MCB - green, NMN - green. Target: red. Answer after attack: MCB - red, NMN - red. benign image adv image for MCB adv image for NMN

  34. Question: What does the sign say? Original answer: MCB - stop, NMN - stop. Target: one way. Answer after attack: MCB - one way, NMN - one way. benign image adv image for MCB adv image for NMN

  35. Question: How many cats are there? Original answer: MCB - 1, NMN - 1. Target: 2. Answer after attack: MCB - 2, NMN - 2. benign image adv image for MCB adv image for NMN

  36. Adversarial Examples Prevalent in Deep Learning Systems • Most existing work on adversarial examples: • Image classification task • Target model is known • Our investigation on adversarial examples: Deep Generative Blackbox Reinforcement Models Attacks Learning Weaker Threat Models (Target model is unknown) VisualQA/ New Attack Image-to-code Methods Other tasks and model classes Provide more diversity of attacks

  37. A General Framework for Black-box attacks • Zero-Query Attack (Previous methods) • Random perturbation • Difference of means • Transferability-based attack • Practical Black-Box Attacks against Machine Learning [Papernot et al. 2016] • Ensemble transferability-based attack [ Yanpei Liu, Xinyun Chen, Chang Liu, Dawn Song: Delving into Transferable Adversarial Examples and Black-box Attacks, ICLR 2017] • Query Based Attack (new method) • Finite difference gradient estimation • Query reduced gradient estimation • A general active query game model The zero-query attack can be viewed as a special case for the query based attack, where the number of queries made is zero

  38. Query Based attacks • Finite difference gradient estimation • Given d -dimensional vector x , we can make 2 d queries to estimate the gradient as below • An example of approximate FGS with finite difference Similarly, we can also approximate for logit-based loss by making 2d queries x adv = x + ✏ · sign (FD x ( ` f ( x , y ) , � )) • Query reduced gradient estimation • Random grouping • PCA [Bhagoji, Li, He, Song, 2017]

  39. Query Based Attacks Finite Differences method outperforms other black-box attacks and achieves similar attack success rate with the white-box attack Gradient estimation method with query reduction performs approximately similar as without query reduction

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AlphaGo:

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AlphaGo:

AI and Security: Lessons, Challenges & Future Directions Dawn Song UC Berkeley AlphaGo: Winning over World Champion Source: David Silver Achieving Human-Level Performance on ImageNet Classification Source: Kaiming He Deep Learning

919 views • 79 slides
DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by technology trends, unforeseen events, special needs, previous commitments, policy, mistakes, innovation, etc. What follows is some personal

538 views • 20 slides
International social security standards and challenges to social security Lessons for a

International social security standards and challenges to social security Lessons for a

15 th PPF MEMBERS CONFERENCE Arusha 19-21 October 2005 International social security standards and challenges to social security Lessons for a Tanzanian reform debate Krzysztof Hagemejer Policy coordinator Social Security Department,

499 views • 47 slides
U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles

U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles

U.S. Alternative Fuels Policies Lessons Learned and Future Directions Roland J. Hwang Vehicles Policy Director Natural Resources Defense Council Senate Briefing on Alternative Fuels Sponsored by the American Chemical Society February 6, 2009

421 views • 14 slides
Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for

Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for

Ultimate Capabilities of High Power Proton Cyclotrons: Challenges Future Directions for Accelerator R&D at Fermilab Workshop May 11-13, 2009 - Lake Geneva, Wisconsin Joachim Grillenberger Paul-Scherrer-Institut, CH-Villigen Workshop on the

547 views • 21 slides
Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in

Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in

Spatial Demography: Opportunities and Challenges Barbara Entwisle, PhD Future Directions in Spatial Demography December 12, 2011 US Census 2010 Standard Hierarchy of Census Geographic Entities Boundaries and Mobility Immigration

323 views • 18 slides
Future directions in convective Future directions in convective parameterization

Future directions in convective Future directions in convective parameterization

Future directions in convective Future directions in convective parameterization parameterization What has a NWP to do ? Provide best possible short-range Forecast (not too difficult with a good Analysis System) Provide best possible

595 views • 21 slides
Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions

Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions

Andreas Holzinger VO 709.049 Medical Informatics 14.10.2015 11:15 12:45 Lecture 01 Introduction Computer Science meets Life Sciences: Challenges and Future Directions a.holzinger@tugraz.at Tutor: markus.plass@student.tugraz.at http://hci

972 views • 80 slides
Future Directions in High Future Directions in High P Performance Computing Performance

Future Directions in High Future Directions in High P Performance Computing Performance

Future Directions in High Future Directions in High P Performance Computing Performance Computing P f f C C ti ti Jack Dongarra k INNOVATIVE COMP ING LABORATORY U i University of Tennessee i f T Oak Ridge National Laboratory

653 views • 46 slides
CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural

CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural

Current challenges in intellectual property rights and biotechnology Bansk Bystrica, May 2 and 3, 2007 CHARTING FUTURE DIRECTIONS Jn Tura Department of Molecular Biology Faculty of Natural Sciences Comenius Univ. in Bratislava

182 views • 14 slides
Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio

Automotive Cyber Security : Lessons Learned and Research Challenges SPIDA Keynote Talk Flavio Garcia University of Birmingham Joint work with Roel Verdult, David Oswald, Timo Kasper, Josep Balasch, Baris Ege, Pierre Pavlides The automotive

697 views • 65 slides
WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein,

WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein,

WBG Energy Sector Directions and Challenges of Energy Subsidy Reform Charles Feinstein, Director Energy & Extractives Global Practice E NERGY S ECTOR D IRECTIONS P APER , 2013 Towards a Sustainable Energy Future for All O BJECTIVE

226 views • 22 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018

The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018

The Future of Utilities Procurement: Lessons Learned and Challenges Ahead 8 February 2018 Basics Generally, the manner in which utilities must procure contracts and evaluate tenders is determined by the Utilities Contracts Regulations 2016

537 views • 14 slides
Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future research directions Ian Goodfellow, Sta ff Research Scientist, Google Brain 1st IEEE Deep Learning and Security Workshop, May 24, 2018 This document

726 views • 36 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information Security Theory and Practices 1 4 September 2009, Brussels, Belgium Summary A brief reminder about RFID. Description of the threats, state of

880 views • 41 slides
MONTEFIORE EINSTEIN: Vertical Consolidation in the Health Care Industry Steven M. Safyer, MD

MONTEFIORE EINSTEIN: Vertical Consolidation in the Health Care Industry Steven M. Safyer, MD

MONTEFIORE EINSTEIN: Vertical Consolidation in the Health Care Industry Steven M. Safyer, MD NATIONAL ACADEMY OF MEDICINE Leadership Consortium for A Value & Science-Driven Health System September 13, 2018 INTEGRATED ACADEMIC HEALTH

489 views • 13 slides
CIS700: Security and Privacy of Machine Learning Prof. Ferdinando Fioretto ffiorett@syr.edu

CIS700: Security and Privacy of Machine Learning Prof. Ferdinando Fioretto ffiorett@syr.edu

CIS700: Security and Privacy of Machine Learning Prof. Ferdinando Fioretto ffiorett@syr.edu Tell us your: Name (how you like to be called) Position (MS / PhD) and year Research Interests What do you expect from this

563 views • 34 slides
Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml Tutorial website: @zicokolter @aleks_madry adversarial-ml-tutorial.org Machine Learning: The Success Story Image classification Reinforcement Learning

528 views • 49 slides
Ho Far Can Robust Learning Go? Mohammad Mahmoody based on joint works from NeurIPS-18, AAAI-19,

Ho Far Can Robust Learning Go? Mohammad Mahmoody based on joint works from NeurIPS-18, AAAI-19,

Ho Far Can Robust Learning Go? Mohammad Mahmoody based on joint works from NeurIPS-18, AAAI-19, ALT-19 with Dimitrios Diochnos Saeed Mahloujifar 1 2 Success of Machine Learning Machine learning (ML) has changed our lives Health

669 views • 32 slides
Poisoning Networks Motjvatjon You are sittjng in an Internet Cafe at the airport heading back

Poisoning Networks Motjvatjon You are sittjng in an Internet Cafe at the airport heading back

create your own exercise Pranav Jagdish & Cristoph Hielscher Poisoning Networks Motjvatjon You are sittjng in an Internet Cafe at the airport heading back from that awesome vacatjon You are wishing your loved ones Happy New Year

581 views • 15 slides
MODULE 3: HOUSING IDIS Online for CDBG Entitlement Communities 1 Eligible Housing Activities

MODULE 3: HOUSING IDIS Online for CDBG Entitlement Communities 1 Eligible Housing Activities

MODULE 3: HOUSING IDIS Online for CDBG Entitlement Communities 1 Eligible Housing Activities 12 Construction of Housing 13 Direct Homeownership Assistance 14A Rehab: Single-Unit Residential 14B Rehab: Multi-Unit Residential

350 views • 8 slides
REGIONAL CALLS PARTICIPATE IN DISCUSSION BY UNMUTING YOUR PHONE OR USING THE WEBINAR PANEL

REGIONAL CALLS PARTICIPATE IN DISCUSSION BY UNMUTING YOUR PHONE OR USING THE WEBINAR PANEL

PLEASE CALL IN USING A JULY 2019 TELEPHONE DO NOT USE COMPUTER AUDIO REGIONAL CALLS PARTICIPATE IN DISCUSSION BY UNMUTING YOUR PHONE OR USING THE WEBINAR PANEL Agenda Legislative Update NASCSP Updates DOE Updates NASCSP

256 views • 22 slides
Strategic Approaches to HOME, Housing Trust Fund, & the Housing Credit January 9, 2018

Strategic Approaches to HOME, Housing Trust Fund, & the Housing Credit January 9, 2018

Strategic Approaches to HOME, Housing Trust Fund, & the Housing Credit January 9, 2018 Welcome & Introductions Sponsored by: HUDs Office of Affordable Housing Programs NCSHA Trainer: Steve Lathom, TDA Consulting

194 views • 18 slides

More recommend