on the in security of machine learning
play

On the (In-)Security of Machine Learning Nicholas Carlini Google - PowerPoint PPT Presentation

Oct 26, 2022 •330 likes •1.14k views

On the (In-)Security of Machine Learning Nicholas Carlini Google Brain Written: Sept 24, 2014 Written: Sept 24, 2014 Today: Oct 16, 2018 Written: Sept 24, 2014 Today: Oct 16, 2018 ... 4 years ago So how are we doing? 95% it is a

  1. On the (In-)Security of Machine Learning Nicholas Carlini Google Brain

  7. Written: Sept 24, 2014

  8. Written: Sept 24, 2014 Today: Oct 16, 2018

  9. Written: Sept 24, 2014 Today: Oct 16, 2018 ... 4 years ago

  10. So how are we doing?

  11. 95% it is a French Bulldog

  12. 83% it is a Old English Sheepdog

  13. 78% it is a Greater Swiss Mountain Dog

  14. 67% it is a Great Dane

  15. 99.99% it is Guacamole

  16. 96% it is a Golden 
 Retriever

  17. 99.99% it is Guacamole

  18. This phenomenon is known as an adversarial example B. Biggio, I. Corona, D. Maiorca, B. Nelson, N. Srndic, P. Laskov, G. Giacinto, and F. Roli. Evasion attacks against machine learning at test time. 2013. C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus. Intriguing properties of neural networks. ICLR 2014. I. Goodfellow, J. Shlens, and C. Szegedy. Explaining and harnessing adversarial examples. 2014.

  23. Why should we care about adversarial examples? Make ML robust

  25. Why should we care about adversarial examples? Make ML Make ML robust better

  26. How do we generate adversarial examples?

  27. DEFN: The loss of a neural network on an input x for a label y is a measure of how wrong the network is on x .

  28. loss( , dog) is small loss( , guacamole) is large

  29. neural network loss 
 MAXIMIZE on the given input the perturbation is less SUCH THAT than a given threshold

  30. What do we need to know? Everything.

  34. WHY does this work?

  35. Truck Dog

  36. Truck Dog Airplane

  38. ( (

  39. Okay, lesson learned.

  40. Okay, lesson learned. Don't classify dogs with neural networks.

  41. 99.99% it is a School Bus

  42. Okay, lesson learned.

  43. Okay, lesson learned. images Don't classify dogs with neural networks.

  44. And now for something And now for something And now for something completely different completely different completely different

  45. Mozilla's DeepSpeech

  46. Mozilla's DeepSpeech transcribes this as "most of them were staring 
 quietly at the big table"

  47. Mozilla's DeepSpeech transcribes this as "most of them were staring 
 quietly at the big table"

  48. What about this?

  49. "It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity"

  54. Okay, lesson learned.

  55. Okay, lesson learned. or audio Don't classify images with ^ neural networks.

  57. Okay, lesson learned.

  58. Okay, lesson learned. Don't let adversaries perform gradient descent.

  67. Okay, lesson learned.

  68. Okay, lesson learned. Don't let adversaries have ANY access to my model

  70. Okay, lesson learned.

  71. Okay, lesson learned. Give up.

  75. Yes, machine learning gives amazing results

  76. However, there are 
 also significant 
 vulnerabilities Guacamole (99%)

  77. Questions? https://nicholas.carlini.com nicholas@carlini.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning Consultant Playing with data for over a decade Risk and Security PayPal, Armis 2 Hi! Deep Voice foundation Leader of

554 views • 54 slides
SECURITY AND PRIVACY OF MACHINE LEARNING Ian Goodfellow Staff Research Scientist Google Brain

SECURITY AND PRIVACY OF MACHINE LEARNING Ian Goodfellow Staff Research Scientist Google Brain

#RSAC SESSION ID: SECURITY AND PRIVACY OF MACHINE LEARNING Ian Goodfellow Staff Research Scientist Google Brain @goodfellow_ian Machine Learning and Security #RSAC Machine Learning for Security Security against Machine Learning h 1 h 1 y

347 views • 30 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

CS573 Data Privacy and Security Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine Learning Under Adversarial Settings Data privacy/confidentiality attacks membership attacks, model inversion

3.44k views • 63 slides
Machine Learning and Embedded Security Farinaz Koushanfar Professor and Henry Booker Faculty

Machine Learning and Embedded Security Farinaz Koushanfar Professor and Henry Booker Faculty

Machine Learning and Embedded Security Farinaz Koushanfar Professor and Henry Booker Faculty Scholar Founder and Co-Director, Center for Machine-Integrated & Security (MICS) University of California San Diego Big data and automation

998 views • 54 slides
for Machine Learning Nicole Nichols** Pacific Northwest National Lab Co-Authors: Rob Jasper,

for Machine Learning Nicole Nichols** Pacific Northwest National Lab Co-Authors: Rob Jasper,

Machine Learning for Security and Security for Machine Learning Nicole Nichols** Pacific Northwest National Lab Co-Authors: Rob Jasper, Mark Raugas, Nathan Hilliard, Sean Robinson, Sam Kaplan* Andy Brown*, Aaron Tuor, Nick Knowles*, Ryan

756 views • 39 slides
An Exercise in An Exercise in Machine Learning Machine Learning

An Exercise in An Exercise in Machine Learning Machine Learning

An Exercise in An Exercise in Machine Learning Machine Learning http://www.cs.iastate.edu/~cs573x/bbsilab.html Machine Learning Software Preparing Data Building Classifiers Interpreting Results Machine Learning Software

496 views • 26 slides
Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by

Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by

Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by which computers can be trained through observation, rather than being explicitly programmed. Basically, a program is given input and adjusts its

556 views • 17 slides
Machine Learning: Study of algorithms that improve their performance P at some task T

Machine Learning: Study of algorithms that improve their performance P at some task T

Machine Learning 10-601 Tom M. Mitchell Machine Learning Department Carnegie Mellon University January 12, 2015 Today: Readings: What is machine learning? The Discipline of ML Decision tree learning Mitchell, Chapter 3

872 views • 29 slides
Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning

Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning

GCT634/AI613: Musical Applications of Machine Learning (Fall 2020) Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning Pipeline in Classification Tasks A set of hand-designed audio features are selected

398 views • 26 slides
in Machine Learning Nicholas Carlini University of California, Berkeley (now Google Brain) This

in Machine Learning Nicholas Carlini University of California, Berkeley (now Google Brain) This

Security (and Privacy) in Machine Learning Nicholas Carlini University of California, Berkeley (now Google Brain) This talk: neural networks Machine learning is amazing But there's a catch Understandability This talk: Discuss security

892 views • 55 slides
Security and Privacy in Machine Learning Nicolas Papernot Pennsylvania State University &

Security and Privacy in Machine Learning Nicolas Papernot Pennsylvania State University &

Security and Privacy in Machine Learning Nicolas Papernot Pennsylvania State University & Google Brain Lecture for Prof. Trent Jaegers CSE 543 Computer Security Class November 2017 - Penn State Thank you to my collaborators Patrick

635 views • 59 slides
CS 335 Machine Learning What is Machine Learning? Dan Sheldon Spring 2019 What is Machine

CS 335 Machine Learning What is Machine Learning? Dan Sheldon Spring 2019 What is Machine

1/22/19 CS 335 Machine Learning What is Machine Learning? Dan Sheldon Spring 2019 What is Machine Learning? A Simple Task: Recognize Obama How do you program a computer to Recognize faces? Recommend movies? Decide which web

581 views • 5 slides
Machine Learning Machine Learning: algorithms that use experience to improve their

Machine Learning Machine Learning: algorithms that use experience to improve their

Machine Learning Machine Learning: algorithms that use experience to improve their performance We use machine learning in situations where it is very challenging (or impossible) to define the rules by hand: e.g. face detection

1.04k views • 28 slides
Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine

Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine

Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine Learning Introduction to Machine Learning 1 / 12 Outline 1 Nearest Neighbor Prediction 2 Complexity Considerations 3 The Voronoi Diagram 4 Overfitting

564 views • 12 slides
1 Why Study Machine Learning? Why Study Machine Learning? Cognitive Science The Time is Ripe

1 Why Study Machine Learning? Why Study Machine Learning? Cognitive Science The Time is Ripe

What is Learning? Herbert Simon: Learning is any process by which a system improves performance from CS 391L: Machine Learning experience. Introduction What is the task? Classification Problem solving / planning /

603 views • 6 slides
Finite-time Blowup of Semilinear PDEs via the Feynman-Kac Representation E A LFREDO L J OS

Finite-time Blowup of Semilinear PDEs via the Feynman-Kac Representation E A LFREDO L J OS

Finite-time Blowup of Semilinear PDEs via the Feynman-Kac Representation E A LFREDO L J OS OPEZ -M IMBELA C ENTRO DE I NVESTIGACI ON EN M ATEM ATICAS G UANAJUATO , M EXICO jalfredo@cimat.mx Introduction and backgrownd Consider a

525 views • 23 slides
T he E gyptian IPv6 T ask F or c e E xpe r ie nc e Hisham Ahme d Ibr ahim Ministry of

T he E gyptian IPv6 T ask F or c e E xpe r ie nc e Hisham Ahme d Ibr ahim Ministry of

T he E gyptian IPv6 T ask F or c e E xpe r ie nc e Hisham Ahme d Ibr ahim Ministry of Communic ation & Information T e c hnology (MCIT ) T he E gyptian IPv6 T ask F orc e ahisham@mc it.gov.e g T T he E he E gyptian

384 views • 17 slides
Corso di Motori Aeronautici Mauro Valorani Laurea Magistrale in Ingegneria Aeronautica (MAER)

Corso di Motori Aeronautici Mauro Valorani Laurea Magistrale in Ingegneria Aeronautica (MAER)

Corso di Motori Aeronautici Mauro Valorani Laurea Magistrale in Ingegneria Aeronautica (MAER) Sapienza, Universit` a di Roma Anno Accademico 2011-12 FP7 Aero Engine Scenario Sett. 13: Conclusioni 1 FP7 Aero Engine Scenario ERS Strategy

657 views • 17 slides
Advancing Partnership & Innovation SIAEC AGM 20 July 2017 1 MRO La Landscape 1. . Tec

Advancing Partnership & Innovation SIAEC AGM 20 July 2017 1 MRO La Landscape 1. . Tec

Advancing Partnership & Innovation SIAEC AGM 20 July 2017 1 MRO La Landscape 1. . Tec echnological Adv dvancements ts in n Ne New-Generati tion fleets 2. . Co Conti tinued Pha hasing Out ut of of Old d Aircr craft t an

208 views • 7 slides
Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr & Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

564 views • 23 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012 Dubrovnik, Croatia Szabolcs Szkelyi <szekelyi@niif.hu> Agenda Storage infrastructure update Archiving service Cloud GUI

877 views • 18 slides
of Graph Embeddings Aleksandar Bojchevski Technical University of Munich, Germany Graph

of Graph Embeddings Aleksandar Bojchevski Technical University of Munich, Germany Graph

Uncertainty and Robustness of Graph Embeddings Aleksandar Bojchevski Technical University of Munich, Germany Graph Embedding Day 2018 - Lyon Neglected aspects of graph embeddings Capturing uncertainty Robustness to noise Robustness to

885 views • 67 slides

More recommend