attacks meet interpretability attribute steered detection
play

Attacks Meet Interpretability: Attribute-steered Detection of - PowerPoint PPT Presentation

Nov 18, 2022 •134 likes •482 views

Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples Guanhong Tao , Shiqing Ma, Yingqi Liu, Xiangyu Zhang Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( 50 times)

  1. Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples Guanhong Tao , Shiqing Ma, Yingqi Liu, Xiangyu Zhang

  2. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack A.J. Buckley � 2

  3. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  4. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  5. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  6. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  7. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley � 2

  8. Understanding Adversarial Samples Legitimate input Isla Fisher Model Pixel-wise Differences ( × 50 times) C&W 2 attack Human A.J. Buckley • Idea: is the classification result of a model mainly based on human perceptible attributes? � 2

  9. Architecture of AmI � 3

  10. Architecture of AmI Input � 3

  11. Architecture of AmI 1 Landmark Input generation � 3

  12. Architecture of AmI ✓ Left eye ✓ Right eye 1 2 ✓ Nose ✓ Mouth ✓ … Landmark Attribute Input generation annotation � 3

  13. Architecture of AmI ✓ Left eye ✓ Right eye 1 2 3 ✓ Nose ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction � 3

  14. Architecture of AmI Attribute-steered model 4 ✓ Left eye ✓ Right eye 1 2 3 ✓ Nose ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction � 3

  15. Architecture of AmI Attribute-steered model 4 ✓ Left eye ✓ Right eye 1 2 3 ✓ Nose ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction Original model � 3

  16. Architecture of AmI Attribute-steered model 4 ✓ Left eye ✓ Right eye 1 2 3 5 Consistency ✓ Nose ⊖ observer ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction Original model � 3

  17. Architecture of AmI Attribute-steered model 4 ✓ Left eye ✓ Right eye 1 2 3 5 Consistency ✓ Nose ⊖ observer ✓ Mouth ✓ … Landmark Attribute Attribute witness Input generation annotation extraction Original model � 3

  18. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? � 4

  19. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? • Propose: Bi-directional reasoning � 4

  20. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? • Propose: Bi-directional reasoning Forward: attribute changes —> neuron activation changes ‣ � 4

  21. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? • Propose: Bi-directional reasoning Forward: attribute changes —> neuron activation changes ‣ Backward: neuron activation changes —> attribute changes ‣ � 4

  22. Challenges • Are there correspondences between attributes and neurons? • If yes, how to extract corresponding neurons? • Propose: Bi-directional reasoning Forward: attribute changes —> neuron activation changes ‣ Backward: neuron activation changes —> attribute changes ‣ Backward: no attribute changes —> no neuron activation changes ‣ � 4

  23. Attribute Witness Extraction � 5

  24. Attribute Witness Extraction Input � 5

  25. Attribute Witness Extraction ⊖ Model Feature variants Attribute substitution A Model C Input � 5

  26. Attribute Witness Extraction ⊖ Model Feature variants Attribute substitution A Model C D B Model Input Attribute preservation Feature invariants ⊖ Model � 5

  27. Attribute Witness Extraction ⊖ Model Feature variants Attribute substitution A Model C E D Attribute witnesses B Model Input Attribute preservation Feature invariants ⊖ Model � 5

  28. Experimental Results � 6

  29. Experimental Results • Attribute witnesses � 6

  30. Experimental Results • Attribute witnesses The number of witnesses extracted is smaller than 20 , although there are 64-4096 ‣ neurons in each layer � 6

  31. Experimental Results • Attribute witnesses The number of witnesses extracted is smaller than 20 , although there are 64-4096 ‣ neurons in each layer • Adversary detection � 6

  32. Experimental Results • Attribute witnesses The number of witnesses extracted is smaller than 20 , although there are 64-4096 ‣ neurons in each layer • Adversary detection Achieve 94% detection accuracy for 7 different kinds of attacks with 9.91% false ‣ positives on benign inputs � 6

  33. Experimental Results • Attribute witnesses The number of witnesses extracted is smaller than 20 , although there are 64-4096 ‣ neurons in each layer • Adversary detection Achieve 94% detection accuracy for 7 different kinds of attacks with 9.91% false ‣ positives on benign inputs A state-of-the-art technique Feature Squeezing (NDSS '18) can only achieve 55% ‣ accuracy with 23.3% false positives for face recognition systems � 6

  34. Thank you! Please visit our poster #99 05:00-07:00 PM @ Room 210 & 230 AB

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language

Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language

Malware Behavioral Detection by Attribute-Automata using Abstraction from Platform and Language JACOB Grgoire 1/2 , DEBAR Herv 1 , FILIOL Eric 2 1 Orange Labs / France Tlcom R&D, Security and Trusted Transactions (MAPS/STT). 2

327 views • 21 slides
Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim,

Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim,

Causal Model Extraction from Attack Trees to Attribute Malicious Insider Attacks Amjad Ibrahim, Simon Rehwald, Antoine Scemama, Florian Andres, Alexander Pretschner Technische Universitt Mnchen Department of Informatics Chair of Software

512 views • 24 slides
INTERPRETABILITY AND INTERPRETABILITY AND EXPLAINABILITY EXPLAINABILITY Christian Kaestner

INTERPRETABILITY AND INTERPRETABILITY AND EXPLAINABILITY EXPLAINABILITY Christian Kaestner

INTERPRETABILITY AND INTERPRETABILITY AND EXPLAINABILITY EXPLAINABILITY Christian Kaestner Required reading: Data Skeptic Podcast Episode Black Boxes are not Required with Cynthia Rudin (32min) or Rudin, Cynthia. " Stop

1.79k views • 141 slides
Problems and methods for attribute detection of social network users Anton Korshunov Institute

Problems and methods for attribute detection of social network users Anton Korshunov Institute

Problems and methods for attribute detection of social network users Anton Korshunov Institute for System Programming of Russian Academy of Sciences RCDL-2013 Contents Network Level: User Community Detection 1 User Level: Demographic

628 views • 41 slides
Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse)

Detecting Attacks Anomaly-based Detection Signature-based Signature-based (Misuse) Detection Intrusion Detection Host-based Network-based Boriana Ditcheva and Lisa Fowler Active/Passive University of North Carolina at

401 views • 12 slides
I ntroduction I ntrusion Detection How prevalent are DoS attacks? Backscatter and Global

I ntroduction I ntrusion Detection How prevalent are DoS attacks? Backscatter and Global

I ntroduction I ntrusion Detection How prevalent are DoS attacks? Backscatter and Global Analysis Quantitative analysis Long term predictions and Stefan Zota recurring patterns of attacks Measurement and Global Analysis The UNIVERSITY

474 views • 14 slides
Interpretability and functional transparency Tommi Jaakkola in collaboration with David Alvarez

Interpretability and functional transparency Tommi Jaakkola in collaboration with David Alvarez

Interpretability and functional transparency Tommi Jaakkola in collaboration with David Alvarez Melis, Guang-He Lee, et al. Many facets of interpretability Many facets of interpretability uncover causal mechanisms [Garg et al.

809 views • 31 slides
Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J.

Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J.

Adaptation of Failure Detection Mechanisms to Handle Attacks against SCADA Systems J. RUBIO-HERNAN and J. GARCIA-ALFARO Agenda Introduction State of the Art Physical-layer Failure Detection Mechanisms Conclusion & Future

465 views • 28 slides
Interpretability of Machine Learning for Computer Vision Xinshuo Weng* *Most slides borrowed

Interpretability of Machine Learning for Computer Vision Xinshuo Weng* *Most slides borrowed

Interpretability of Machine Learning for Computer Vision Xinshuo Weng* *Most slides borrowed from CVPR 2018 tutorial and Stanford Type of interpretability methods Type of interpretability methods Type of interpretability methods Type of

392 views • 27 slides
Interpretability in PRA Marta Bilkova , Dick de Jongh , and Joost J. Joosten ,

Interpretability in PRA Marta Bilkova , Dick de Jongh , and Joost J. Joosten ,

Why and how study interpretability Proof theoretic characteristics of PRA Modal matters Interpretability in PRA Marta Bilkova , Dick de Jongh , and Joost J. Joosten , Institute for Logic Language and Computation University of

743 views • 62 slides
The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline

The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline

The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline What is interpretability ? What are its desiderata? What model properties confer interpretability? Caveats, pitfalls, and takeaways

1.17k views • 25 slides
The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline

The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline

The Mythos of Model Interpretability Zachary C. Lipton https://arxiv.org/abs/1606.03490 Outline What is interpretability ? What are its desiderata? What model properties confer interpretability? Caveats, pitfalls, and takeaways

604 views • 24 slides
Why attribute-based signatures? The kind of authentication required in an attribute-based system

Why attribute-based signatures? The kind of authentication required in an attribute-based system

Attribute-Based Signatures Hemanta K. Maji Manoj Prabhakaran Mike Rosulek November 22, 2010 Abstract We introduce Attribute-Based Signatures (ABS) , a versatile primitive that allows a party to sign a message with fine-grained

864 views • 35 slides
Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea Politehnica University of Timi soara CMACS seminar, CMU, 18 March 2010 In this talk Formalizing attacks on protocols denial of service by

732 views • 45 slides
Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System

Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System

Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System Management Mode ACSAC, December 7, 2017 Ronny Chevalier 1,2 Maugan Villatel 1 David Plaquin 1 Guillaume Hiet 2 1 HP Labs, United Kingdom (

875 views • 45 slides
Interpretability in NLP: Moving Beyond Vision Shuoyang Ding Microsoft Translator Talk Series

Interpretability in NLP: Moving Beyond Vision Shuoyang Ding Microsoft Translator Talk Series

Interpretability in NLP: Moving Beyond Vision Shuoyang Ding Microsoft Translator Talk Series Oct 10th, 2019 Work done in collaboration with Philipp Koehn and Hainan Xu Outline A Quick Tour of Interpretability Model Transparency

974 views • 93 slides
MutaPon Analysis in Frozen and FFPE Tumor Samples Gad Getz, PhD KrisPn Ardlie, PhD Broad

MutaPon Analysis in Frozen and FFPE Tumor Samples Gad Getz, PhD KrisPn Ardlie, PhD Broad

MutaPon Analysis in Frozen and FFPE Tumor Samples Gad Getz, PhD KrisPn Ardlie, PhD Broad InsPtute of Harvard and MIT Why use FFPE? Very large numbers of samples in Pssue banks and Biorepositories worldwide Samples o@en very

509 views • 33 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu Office hours by appointment only from now onwards No lecture on 8th October Midterm: 22nd October (in 3 weeks) 2 / 50 Last lecture: -

620 views • 50 slides
Framework to extract Coq terms to -terms Semi-automatic verification (only briefly

Framework to extract Coq terms to -terms Semi-automatic verification (only briefly

V ERIFIED E XTRACTION FROM C OQ TO A L AMBDA -C ALCULUS C OQ W ORKSHOP TALK Yannick Forster and Fabian Kunze S AARLAND U NIVERSITY Programming Systems Lab saarland university computer science The Language Encodings Representation

332 views • 30 slides
When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo

When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo

When We First Met: Visual-Inertial Person Localization for Co-Robot Rendezvous Xi Sun, Xinshuo Weng, Kris Kitani Robotics Institute, Carnegie Mellon University IROS 2020 Motivation Use case 1: Autonomous vehicle identifies and locates its user

450 views • 25 slides
Burrows-Wheeler Transform and FM Index Ben Langmead You are free to use these slides. If you do,

Burrows-Wheeler Transform and FM Index Ben Langmead You are free to use these slides. If you do,

Burrows-Wheeler Transform and FM Index Ben Langmead You are free to use these slides. If you do, please sign the guestbook (www.langmead-lab.org/teaching-materials), or email me (ben.langmead@gmail.com) and tell me brie fl y how youre using

978 views • 41 slides
Jigsaw: Indoor Floor Plan Reconstruction via Mobile Crowdsensing Ruipeng Gao 1 , Mingmin Zhao 1 ,

Jigsaw: Indoor Floor Plan Reconstruction via Mobile Crowdsensing Ruipeng Gao 1 , Mingmin Zhao 1 ,

Jigsaw: Indoor Floor Plan Reconstruction via Mobile Crowdsensing Ruipeng Gao 1 , Mingmin Zhao 1 , Tao Ye 1 , Fan Ye 2 , Yizhou Wang 1 , Kaigui Bian 1 , Tao Wang 1 , Xiaoming Li 1 EECS School, Peking University, China 1 ECE Dept., Stony Brook

581 views • 29 slides
GeniusRoute: A New Analog Routing Paradigm Using Generative Neural Network Guidance Keren Zhu ,

GeniusRoute: A New Analog Routing Paradigm Using Generative Neural Network Guidance Keren Zhu ,

GeniusRoute: A New Analog Routing Paradigm Using Generative Neural Network Guidance Keren Zhu , Mingjie Liu, Yibo Lin, Biying Xu, Shaolan Li, Xiyuan Tang, Nan Sun and David Z. Pan ECE Department The University of Texas at Austin This work is

525 views • 26 slides
Learning From/For Knowledge Bases Graham Neubig Site https://phontron.com/class/nn4nlp2019/

Learning From/For Knowledge Bases Graham Neubig Site https://phontron.com/class/nn4nlp2019/

CS11-747 Neural Networks for NLP Learning From/For Knowledge Bases Graham Neubig Site https://phontron.com/class/nn4nlp2019/ Knowledge Bases Structured databases of knowledge usually containing Entities (nodes in a graph) Relations

492 views • 35 slides

More recommend