security and privacy of machine learning
play

SECURITY AND PRIVACY OF MACHINE LEARNING Ian Goodfellow Staff - PowerPoint PPT Presentation

Jan 18, 2023 •47 likes •347 views

#RSAC SESSION ID: SECURITY AND PRIVACY OF MACHINE LEARNING Ian Goodfellow Staff Research Scientist Google Brain @goodfellow_ian Machine Learning and Security #RSAC Machine Learning for Security Security against Machine Learning h 1 h 1 y

  1. #RSAC SESSION ID: SECURITY AND PRIVACY OF MACHINE LEARNING Ian Goodfellow Staff Research Scientist Google Brain @goodfellow_ian

  2. Machine Learning and Security #RSAC Machine Learning for Security Security against Machine Learning h 1 h 1 y y x 1 x 1 h 2 h 2 Password guessing Malware detection x 2 x 2 Fake reviews Intrusion detection h 1 h 1 y y … … x 1 x 1 h 2 h 2 x 2 x 2 (Goodfellow 2018) 2

  3. Security of Machine Learning #RSAC h 1 h 1 y y x 1 x 1 h 2 h 2 x 2 x 2 (Goodfellow 2018) 3

  4. An overview of a field #RSAC This presentation summarizes the work of many people, not just my own / my collaborators Download the slides for this link to extensive references The presentation focuses on the concepts , not the history or the inventors (Goodfellow 2018) 4

  5. Machine Learning Pipeline #RSAC Training data Learned parameters Learning algorithm X θ x ˆ y Test output Test input (Goodfellow 2018) 5

  6. Privacy of Training Data #RSAC ˆ θ X X (Goodfellow 2018) 6

  7. Defining ( ε , δ )-Di ff erential Privacy #RSAC (Abadi 2017) (Goodfellow 2018) 7

  8. Private Aggregation of Teacher Ensembles #RSAC (Papernot et al 2016) (Goodfellow 2018) 8

  9. Training Set Poisoning #RSAC θ ˆ X y x (Goodfellow 2018) 9

  10. ImageNet Poisoning #RSAC (Koh and Liang 2017) (Goodfellow 2018) 10

  11. Adversarial Examples #RSAC X θ ˆ y x (Goodfellow 2018) 11

  12. Model Theft #RSAC X θ x ˆ y ˆ θ (Goodfellow 2018) 12

  13. Model Theft++ #RSAC ˆ X θ X x ˆ y ˆ θ x (Goodfellow 2018) 13

  14. Deep Dive on Adversarial Examples #RSAC Since 2013, deep neural networks have matched human performance at... ...recognizing objects and faces…. (Szegedy et al, 2014) (Taigmen et al, 2013) ...solving CAPTCHAS and reading addresses... (Goodfellow et al, 2013) (Goodfellow et al, 2013) and other tasks... (Goodfellow 2018) 14

  15. Adversarial Examples #RSAC (Goodfellow 2018) 15

  16. Turning objects into airplanes #RSAC (Goodfellow 2018) 16

  17. Attacking a linear model #RSAC (Goodfellow 2018) 17

  18. Wrong almost everywhere #RSAC (Goodfellow 2018) 18

  19. Cross-model, cross-dataset transfer #RSAC (Goodfellow 2018) 19

  20. Transfer across learning algorithms #RSAC (Papernot 2016) (Goodfellow 2018) 20

  21. Transfer attack #RSAC Target model with unknown weights, Substitute model Train your machine learning mimicking target own model algorithm, training model with known, set; maybe non- di ff erentiable function di ff erentiable Adversarial crafting Deploy adversarial against substitute examples against the Adversarial target; transferability examples property results in them succeeding (Goodfellow 2018) 21

  22. Enhancing Transfer with Ensembles #RSAC (Liu et al, 2016) (Goodfellow 2018) 22

  23. Transfer to the Human Brain #RSAC (Elsayed et al, 2018) (Goodfellow 2018) 23

  24. Transfer to the Physical World #RSAC (Kurakin et al, 2016) (Goodfellow 2018) 24

  25. Adversarial Training #RSAC 10 0 Train=Clean, Test=Clean Test misclassification rate Train=Clean, Test=Adv Train=Adv, Test=Clean 10 − 1 Train=Adv, Test=Adv 10 − 2 0 50 100 150 200 250 300 Training time (epochs) (Goodfellow 2018) 25

  26. Adversarial Training vs Certified Defenses #RSAC Adversarial Training: Train on adversarial examples This minimizes a lower bound on the true worst-case error Achieves a high amount of (empirically tested) robustness on small to medium datasets Certified defenses Minimize an upper bound on true worst-case error Robustness is guaranteed, but amount of robustness is small Verification of models that weren’t trained to be easy to verify is hard (Goodfellow 2018) 26

  27. Limitations of defenses #RSAC Even certified defenses so far assume unrealistic threat model Typical model: attacker can change input within some norm ball Real attacks will be stranger, hard to characterize ahead of time (Brown et al., 2017) (Goodfellow 2018) 27

  28. Clever Hans #RSAC (“Clever Hans, Clever Algorithms,” Bob Sturm) (Goodfellow 2018) 28

  29. Get involved! #RSAC https://github.com/tensorflow/cleverhans (Goodfellow 2018) 29

  30. Apply What You Have Learned #RSAC Publishing an ML model or a prediction API? Is the training data sensitive? -> train with differential privacy Consider how an attacker could cause damage by fooling your model Current defenses are not practical Rely on situations with no incentive to cause harm / limited amount of potential harm (Goodfellow 2018) 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

CS573 Data Privacy and Security Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine Learning Under Adversarial Settings Data privacy/confidentiality attacks membership attacks, model inversion

3.44k views • 63 slides
Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and

Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and

Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and Privacy Lead, Humu Who am I? Storage systems Ph.D. from UCSC Post-doc in a databases group Joined Symantec Research Labs.

286 views • 25 slides
Security and Privacy in Machine Learning Nicolas Papernot Pennsylvania State University &

Security and Privacy in Machine Learning Nicolas Papernot Pennsylvania State University &

Security and Privacy in Machine Learning Nicolas Papernot Pennsylvania State University & Google Brain Lecture for Prof. Trent Jaegers CSE 543 Computer Security Class November 2017 - Penn State Thank you to my collaborators Patrick

635 views • 59 slides
Attacking Machine Learning: On the Security and Privacy of Neural Networks Nicholas Carlini

Attacking Machine Learning: On the Security and Privacy of Neural Networks Nicholas Carlini

SESSION ID: MLAI-W03 Attacking Machine Learning: On the Security and Privacy of Neural Networks Nicholas Carlini Research Scientist, Google Brain #RSAC Act I: On the Security and Privacy of Neural Networks #RSAC Let's play a game

1.07k views • 103 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for

Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for

Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for Machine Learning Graphics Adopted from The New York Times Privacy Project 2 Famous incidents - Anonymization - A Face Is Exposed for AOL

1.03k views • 7 slides
CIS700: Security and Privacy of Machine Learning Prof. Ferdinando Fioretto ffiorett@syr.edu

CIS700: Security and Privacy of Machine Learning Prof. Ferdinando Fioretto ffiorett@syr.edu

CIS700: Security and Privacy of Machine Learning Prof. Ferdinando Fioretto ffiorett@syr.edu Tell us your: Name (how you like to be called) Position (MS / PhD) and year Research Interests What do you expect from this

563 views • 34 slides
The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning

The Unspoken Problems With Machine Learning in Security Noa Weiss Hi! AI & Machine Learning Consultant Playing with data for over a decade Risk and Security PayPal, Armis 2 Hi! Deep Voice foundation Leader of

554 views • 54 slides
Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine

Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine

Machine Learning and Differential Privacy Maria-Florina Balcan 04/22/2015 Learning and Privacy To do machine learning, we need data. What if the data contains sensitive information? medical data, web search query data, salary data,

725 views • 15 slides
How to build privacy and security into deep learning models Yishay Carmiel @YishayCarmiel The

How to build privacy and security into deep learning models Yishay Carmiel @YishayCarmiel The

How to build privacy and security into deep learning models Yishay Carmiel @YishayCarmiel The evolution of AI AI has evolved a lot over the last few years Speech Recognition Computer Vision Machine Translation Natural Language Processing

939 views • 54 slides
in Machine Learning Nicholas Carlini University of California, Berkeley (now Google Brain) This

in Machine Learning Nicholas Carlini University of California, Berkeley (now Google Brain) This

Security (and Privacy) in Machine Learning Nicholas Carlini University of California, Berkeley (now Google Brain) This talk: neural networks Machine learning is amazing But there's a catch Understandability This talk: Discuss security

892 views • 55 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a

Privacy in Machine Learning Fatemehsadat Mireshghallah WiMLDS NeurIPS19 Meet-up Why is privacy a concern in ML? Patient History Genetic Data Search History Famous incidents - Anonymization - A Face Is Exposed for AOL Searcher No.

1.51k views • 17 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan

Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan

Privacy Advances in Machine Learning Systems Katharine Jarmul OReilly AI London kjamistan When did consumers become concerned about privacy and computing? From Understanding Privacy Concerns (1992) A 1990 Louis Harris survey commissioned

443 views • 30 slides
Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity

Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity

Machine Learning for Compressive Privacy S.Y. Y. K Kung Prince ceton Un Univer ersi sity Machine Learning for Compressive Privacy Professor S.Y. Kung Email: kung@princeton.edu References: `Kernel Method and Machine

1.79k views • 142 slides
Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Consider the difference between security and privacy Discuss work

814 views • 43 slides
Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine

Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine

Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine Learning Introduction to Machine Learning 1 / 18 Outline 1 Classification, Regression, Unsupervised Learning 2 About Dimensionality 3 Drawings and

701 views • 18 slides
Slides and Sections in PowerPoint Question: Is there a faster way to navigate through slides

Slides and Sections in PowerPoint Question: Is there a faster way to navigate through slides

Slides and Sections in PowerPoint Question: Is there a faster way to navigate through slides and move around entire sections of slides? Question: Is there a better way to keep presentations organized, aside from the section divider slides?

84 views • 6 slides
Artificial Intelligence Pushpak Bhattacharyya CSE Dept., IIT Bombay Lecture 18-19-20 Natural

Artificial Intelligence Pushpak Bhattacharyya CSE Dept., IIT Bombay Lecture 18-19-20 Natural

CS344: Introduction to Artificial Intelligence Pushpak Bhattacharyya CSE Dept., IIT Bombay Lecture 18-19-20 Natural Language Processing (ambiguities and parsing) Importance of NLP Text based computation needs NLP Linguistics+Computation

1.18k views • 105 slides
with Emotion and Personality: Mind (Brain Internal States) August 12th, 2019 Soo-Y oung Lee

with Emotion and Personality: Mind (Brain Internal States) August 12th, 2019 Soo-Y oung Lee

Conversational Agents with Emotion and Personality: Mind (Brain Internal States) August 12th, 2019 Soo-Y oung Lee Director , Institute for Artificial Intelligence School of EE / Brain Science Research Center Korea Advanced Institute of

1.2k views • 72 slides
Privilege and Responsibility Personal and Social Freedom in a

Privilege and Responsibility Personal and Social Freedom in a

Privilege and Responsibility Personal and Social Freedom in a World of Autonomous Machines 2 2 > 100 3 Ques;ons Beget Answers Beget Ques;ons Ques;ons Ignorance Kevin

444 views • 16 slides
Potential evaporation vs. available heat flux R N - H G Atm S 547 Lecture 11, Slide 1

Potential evaporation vs. available heat flux R N - H G Atm S 547 Lecture 11, Slide 1

Potential evaporation vs. available heat flux R N - H G Atm S 547 Lecture 11, Slide 1 Evaporation vs. surface stomatal resistance Atm S 547 Lecture 11, Slide 2 Soil moisture parameters Atm S 547 Lecture 11, Slide 3 Surface RH vs. soil

216 views • 4 slides
JUST THE MATHS SLIDES NUMBER 16.5 LAPLACE TRANSFORMS 5 (The Heaviside step function) by

JUST THE MATHS SLIDES NUMBER 16.5 LAPLACE TRANSFORMS 5 (The Heaviside step function) by

JUST THE MATHS SLIDES NUMBER 16.5 LAPLACE TRANSFORMS 5 (The Heaviside step function) by A.J.Hobson 16.5.1 The definition of the Heaviside step function 16.5.2 The Laplace Transform of H ( t T ) 16.5.3 Pulse functions 16.5.4 The

123 views • 10 slides
aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h

aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h

Review of Leture 12 Cho osing a regula rizer Regula rization aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h N ( h ) E most used: w eight dea y onst. in = ( h )

357 views • 23 slides

More recommend