in Machine Learning Nicholas Carlini University of California, - - PowerPoint PPT Presentation

▶

Sep 30, 2022 331 likes •894 views

Security (and Privacy) in Machine Learning Nicholas Carlini University of California, Berkeley (now Google Brain) This talk: neural networks Machine learning is amazing But there's a catch Understandability This talk: Discuss security

SLIDE 1

Security (and Privacy)  in Machine Learning

Nicholas Carlini

University of California, Berkeley (now Google Brain)

SLIDE 2

This talk: neural networks

SLIDE 3

SLIDE 4

SLIDE 5

SLIDE 6

SLIDE 7

Machine learning is amazing But there's a catch

SLIDE 8

Understandability

SLIDE 9

This talk:

Discuss security & privacy problems being studied in the research community

SLIDE 10

What this talk is not

SLIDE 11

What this talk is not

SLIDE 12

What this talk is

SLIDE 13

SLIDE 14

What are the security problems in machine learning today?

SLIDE 15

SLIDE 16

French Bulldog (95%)

SLIDE 17

Old English Sheepdog (83%)

SLIDE 18

Greater Swiss Mountain Dog (78%)

SLIDE 19

Siberian Husky (81%)

SLIDE 20

Great Dane (67%)

SLIDE 21

Beagle (96%)

SLIDE 22

Guacamole (99.99%)

SLIDE 23

Golden  Retriever (96%)

SLIDE 24

Guacamole (99.99%)

SLIDE 25

These phenomena are known as adversarial examples

B. Biggio, I. Corona, D. Maiorca, B. Nelson, N. Srndic, P. Laskov, G. Giacinto, and F. Roli. Evasion attacks against machine learning at test time. 2013.
C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus. Intriguing properties of neural networks. ICLR 2014.
I. Goodfellow, J. Shlens, and C. Szegedy. Explaining and harnessing adversarial examples. 2014.

SLIDE 26

SLIDE 27

SLIDE 28

What does this have to do with voice?

SLIDE 29

We use these same classification approaches for speech recognition.

SLIDE 30

SLIDE 31

Attacks on Android, circa 2015

SLIDE 32

SLIDE 33

SLIDE 34

SLIDE 35

State-of-the-art in 2015

SLIDE 36

It's been three years. Can we do better?

SLIDE 37

Feynman Algorithm

1. Write down the problem.
2. Think very hard.
3. Write down the answer.

SLIDE 38

SLIDE 39

SLIDE 40

Mozilla's DeepSpeech

SLIDE 41

Mozilla's DeepSpeech transcribes this as "most of them were staring  quietly at the big table"

SLIDE 42

Mozilla's DeepSpeech transcribes this as "most of them were staring  quietly at the big table"

SLIDE 43

[adversarial]

SLIDE 44

"It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity"

SLIDE 45

Why is this so much stealthier?

SLIDE 46

SLIDE 47

It works on music, too

DeepSpeech transcribes "speech can be embedded in music"

SLIDE 48

And can "hide" speech

DeepSpeech does not hear any speech in this audio sample

SLIDE 49

SLIDE 50

That's a lot of problems Do you have any solutions?

SLIDE 51

Sorry, no. This is an active area of research. Ask me again in two years.

SLIDE 52

SLIDE 53

Yes, machine learning gives amazing results

SLIDE 54

Guacamole (99%)

However, there are  also significant   vulnerabilities

SLIDE 55

in Machine Learning Nicholas Carlini University of California, - - PowerPoint PPT Presentation

Security (and Privacy)  in Machine Learning

This talk: neural networks

Machine learning is amazing But there's a catch

Understandability

This talk:

Discuss security & privacy problems being studied in the research community

What this talk is not

What this talk is not

What this talk is

French Bulldog (95%)

Old English Sheepdog (83%)

Greater Swiss Mountain Dog (78%)

Siberian Husky (81%)

Great Dane (67%)

Beagle (96%)

Guacamole (99.99%)

Golden  Retriever (96%)

Guacamole (99.99%)

These phenomena are known as adversarial examples

What does this have to do with voice?

We use these same classification approaches for speech recognition.

Attacks on Android, circa 2015

State-of-the-art in 2015

It's been three years. Can we do better?

Feynman Algorithm

[adversarial]

Why is this so much stealthier?

It works on music, too

And can "hide" speech

That's a lot of problems Do you have any solutions?

Sorry, no. This is an active area of research. Ask me again in two years.

Yes, machine learning gives amazing results

However, there are  also significant   vulnerabilities

More Details: https://nicholas.carlini.com

Questions?

Security (and Privacy) in Machine Learning

This talk: neural networks

Machine learning is amazing But there's a catch

Understandability

This talk:

Discuss security & privacy problems being studied in the research community

What this talk is not

What this talk is not

What this talk is

French Bulldog (95%)

Old English Sheepdog (83%)

Greater Swiss Mountain Dog (78%)

Siberian Husky (81%)

Great Dane (67%)

Beagle (96%)

Guacamole (99.99%)

Golden Retriever (96%)

Guacamole (99.99%)

These phenomena are known as adversarial examples

What does this have to do with voice?

We use these same classification approaches for speech recognition.

Attacks on Android, circa 2015

State-of-the-art in 2015

It's been three years. Can we do better?

Feynman Algorithm

[adversarial]

Why is this so much stealthier?

It works on music, too

And can "hide" speech

That's a lot of problems Do you have any solutions?

Sorry, no. This is an active area of research. Ask me again in two years.

Yes, machine learning gives amazing results

However, there are also significant vulnerabilities

More Details: https://nicholas.carlini.com

Questions?

Security (and Privacy)  in Machine Learning

Golden  Retriever (96%)

However, there are  also significant   vulnerabilities