when foes are friends adversarial examples as protective
play

When foes are friends adversarial examples as protective - PowerPoint PPT Presentation

Aug 09, 2023 •379 likes •965 views

When foes are friends adversarial examples as protective technologies Carmela Troncoso @carmelatroncoso Security and Privacy Engineering Lab The machine learning revolution 2 Machine Learning ) Definition (Wikipedia) Machine learning [...]

  1. When foes are friends adversarial examples as protective technologies Carmela Troncoso @carmelatroncoso Security and Privacy Engineering Lab

  2. The machine learning revolution 2

  3. Machine Learning ) Definition (Wikipedia) Machine learning [...] gives " computers the ability to learn without being explicitly programmed " [and] [...] explores the study and construction of algorithms that can learn from and make predictions on data – such algorithms overcome following strictly static program instructions by making data-driven predictions or decisions, through building a model from sample inputs. Data Machine learning Services 3

  4. Machine Learning Data Learning / Model Training Expected Output Data Machine learning Services 4

  5. Machine Learning Data New Learning / Model Model Output Data Training Expected Output Data Machine learning Services 5

  6. Adversarial machine learning Adversarial Poisoning examples 6

  7. Adversarial machine learning New Output Model Data Crafted testing samples that get misclassified by an ML algorithm Adversarial examples 7 https://ai.googleblog.com/2018/09/introducing-unrestricted-adversarial.html

  8. Adversarial machine learning Data Model Learning Expected Output Crafted training samples that change the decision boundaries of an ML algorithm Poisoning 8

  9. Adversarial machine learning is here to stay Crafted training Crafted testing samples that samples that get change the decision misclassified by boundaries of an an ML algorithm ML algorithm Adversarial Poisoning examples 9

  10. 10

  11. 11

  12. Three ways of using adversarial examples as defensive technologies For Security For Privacy For Social Justice Adversarial examples to defend from Adversarial examples as adversarial machine learning uses security metrics 12

  13. Three ways of using adversarial examples as defensive technologies For Security For Privacy For Social Justice Adversarial examples to defend from Adversarial examples as adversarial machine learning uses security metrics 13

  14. Defending against adversarial examples?

  15. Defending against adversarial examples?

  16. Defending against adversarial examples? Adversarial training training on simulated adversarial examples

  17. Does this solve security problems? Adversarial training training on simulated adversarial examples

  18. Does this solve security problems? Adversarial training training on simulated adversarial examples Random Noise Images

  19. Does this solve security problems? Malware ??? Twitter ??? Bots ??? Spam

  20. Does this solve security problems? Malware ??? In security problems examples belong to a DISCRETE and CONSTRAINED domain Twitter F EASIBILITY C OST ??? Bots How can we become the enemy? ??? Spam

  21. Does this solve security problems? Malware ??? In security problems examples belong to a DISCRETE and CONSTRAINED domain Twitter F EASIBILITY C OST ??? Bots How can we become the enemy? ??? Spam

  22. Does this solve security problems? Malware ??? In security problems examples belong to a DISCRETE and CONSTRAINED domain Twitter F EASIBILITY C OST ??? Bots How can we become the enemy? ??? Spam

  23. Number of followers : x Our approach: search as a graph Age of account : y ML 23

  24. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new 24

  25. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new Number of followers : few Number of followers : few Number of followers : few Age of account : 3 years Age of account : 1 year Age of account : 2 years 25

  26. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new Number of followers : few Number of followers : few Number of followers : few Age of account : 3 years Age of account : 1 year Age of account : 2 years Number of followers : some Number of followers : many Age of account : 1 year Age of account : 1 year 26

  27. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new In security problems examples belong to a DISCRETE and CONSTRAINED domain Number of followers : few Number of followers : few Number of tweets : few F EASIBILITY C OST Age of account : 3 years Age of account : 1 year Age of account : 2 years How can we become the enemy? Number of followers : some Number of followers : many Age of account : 1 year Age of account : 1 year 27

  28. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new $7 $2 $4 Number of followers : few Number of followers : few Number of tweets : few Age of account : 3 years Age of account : 1 year Age of account : 2 years $8 $2 Number of followers : some Number of followers : many Age of account : 1 year Age of account : 1 year cost = $2 + $2 = $4 cost = $2 + $8 = $10 28

  29. Number of followers : x Our approach: search as a graph Age of account : y ML Number of followers : few Age of account : new In security problems examples belong to a DISCRETE and CONSTRAINED domain $7 $2 $4 Number of followers : few Number of followers : few Number of tweets : few F EASIBILITY C OST Age of account : 3 years Age of account : 1 year Age of account : 2 years How can we become the enemy? $8 $2 Number of followers : some Number of followers : many Age of account : 1 year Age of account : 1 year cost = $2 + $2 = $4 cost = $2 + $8 = $10 29

  30. The graph approach comes with more advantages Enables the use of graph theory to EFFICIENTLY find adversarial examples ( A*, beam search, hill climbing, etc ) C APTURES most attacks in the literature! (comparison base) 30

  31. The graph approach comes with more advantages Enables the use of graph theory to EFFICIENTLY find adversarial examples ( A*, beam search, hill climbing, etc ) C APTURES most attacks in the literature! (comparison base) Find MINIMAL COST adversarial examples if - The discrete domain is a subset of R m For example, categorical one-hot encoded features: [0 1 0 0] - Cost of each single transformation is L p For example, L ∞ ([0 1 0 0], [1 0 0 0]) = 1 - We can compute pointwise robustness for the target classifier over R m 31

  32. A* search with a heuristic Pointwise robustness over R m 32

  33. A* search with a heuristic 33

  34. A* search with a heuristic 34

  35. Minimal adversarial example found! 35

  36. Minimal adversarial example found! 36

  37. Minimal adversarial example found! Confidence of the example 37

  38. Is this really efficient? l =d  just flip decision 38

  39. Is this really efficient? l >d  high confidence example 39

  40. Is this really efficient? l >d  high confidence example 40

  41. Why is this relevant? MINIMAL COST adversarial examples can become security metrics! Cost can be associated with RISK Cannot stop attacks, but can we ensure they are expensive? Constrained domains security Continuous-domains approaches can be very conservative! 41

  42. Applicability Non-linear models: - approximate heuristics - transferability (basic attacks transfer worse than high confidence) Faster search: - tradeoff guarantees vs. search speed (e.g., hill climbing) Other cost functions 42

  43. Three ways of using adversarial examples as defensive technologies For Security For Privacy For Social Justice Adversarial examples to defend from Adversarial examples as adversarial machine learning uses security metrics 43

  44. Adversarial examples are only adversarial when you are the algorithm!

  45. Machine learning as a privacy adversary ML Privacy-oriented Literature Data Service Avoid that learns about data 45

  46. Machine learning as a privacy adversary ML Privacy-oriented Literature Data Actively (maybe not willingly) provide data. Solutions like Service Differential privacy and Encryption are suitable Avoid that learns about data 46

  47. Machine learning as a privacy adversary ML Privacy-oriented Literature Data Actively (maybe not willingly) provide data. Solutions like Service Differential privacy and Encryption are suitable No active sharing! Cannot count on Avoid that learns about data 47

  48. Adversarial examples as privacy defenses Data Inferences 48

  49. Adversarial examples as privacy defenses Data Inferences Goal: modify the data to avoid inferences Social networks data, browsing patterns, traffic patterns, location … 49

  50. Adversarial examples as privacy defenses Data Inferences Goal: modify the data to avoid inferences Social networks data, browsing patterns, traffic patterns, location … Privacy solutions are also CONSTRAINED in FEASIBILITY and COST ! 50

  51. Protecting from traffic analysis Encrypted traffic trace ML Apps, webs, words,… 51

  52. Protecting from traffic analysis Encrypted traffic trace ML Apps, webs, words,… Add 1 packet in position 1 Add 2 packets Add 1 packet Add 1 packet … in position 1 in position 2 in position N F EASIBLE perturbations: - Add packets Add 3 packets Add 2 packets … - Delay packets in position 2 in position 1 52

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MapReduce and Parallel DBMSs: Friends or Foes? Presented by Guozhang Wang DB Lunch, May 3 rd ,

MapReduce and Parallel DBMSs: Friends or Foes? Presented by Guozhang Wang DB Lunch, May 3 rd ,

MapReduce and Parallel DBMSs: Friends or Foes? Presented by Guozhang Wang DB Lunch, May 3 rd , 2010 Papers to Be Covered in This Talk CACM10 MapReduce and Parallel DBMSs: Friends or Foes? VLDB09 HadoopDB: An Architectural

535 views • 42 slides
Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML

Adversarial Examples Hanxiao Liu April 2, 2018 1 / 22 Adversarial Examples Inputs to ML models that an attacker has intentionally designed to cause the model to make a mistake 1 Why this is interesting: Safety. Interpretability.

881 views • 22 slides
Friends & Foes: Preventing Selfishness in Mobile Ad Hoc Networks Hugo Miranda and Lu s

Friends & Foes: Preventing Selfishness in Mobile Ad Hoc Networks Hugo Miranda and Lu s

Friends & Foes: Preventing Selfishness in Mobile Ad Hoc Networks Hugo Miranda and Lu s Rodrigues hmiranda@di.fc.ul.pt Universidade de Lisboa DIAL-NP - LaSIGE MDC03 p.1 Outline Motivation Load balancing Selfishness

612 views • 21 slides
Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen

Sybil Attacks Against Mobile Users: Friends and Foes to the Rescue Daniele Quercia Stephen Hailes By XincenYu What is it about Propose a new decentralized defense for portable devices called MobID Every device manages two small

256 views • 24 slides
TH3-611 Presentation Outline & Reflection Questions Faith & Science Friends, not Foes!

TH3-611 Presentation Outline & Reflection Questions Faith & Science Friends, not Foes!

TH3-611 Presentation Outline & Reflection Questions Faith & Science Friends, not Foes! How Can Religious Look in a Science Classroom? Mariette P. Baxendale, Ph.D. Science Department Chair Biology & Forensic Science Teacher

320 views • 3 slides
Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google

Adversarial Examples and Adversarial Training Ian Goodfellow, Sta ff Research Scientist, Google Brain CS 231n, Stanford University, 2017-05-30 Overview What are adversarial examples? Why do they happen? How can they be used to

866 views • 43 slides
A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of

A Closer Look at Adversarial Examples for Separated Data Kamalika Chaudhuri University of California, San Diego Adversarial Examples Gibbon Panda Small perturbation to legitimate inputs causing misclassification Adversarial Examples Can

1.41k views • 42 slides
FROM FOES TO FRIENDS: FOREIGN TROOPS IN POST- CONFLICT SITUATIONS No Self-contained Status

FROM FOES TO FRIENDS: FOREIGN TROOPS IN POST- CONFLICT SITUATIONS No Self-contained Status

Dr Aurel Sari FROM FOES TO FRIENDS: FOREIGN TROOPS IN POST- CONFLICT SITUATIONS No Self-contained Status Regime Status under jus post bellum is useful to start from the legal status under general international law problem: there is no

418 views • 22 slides
Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin

Synthesizing Robust Adversarial Examples Anish Athalye*, Logan Engstrom*, Andrew Ilyas*, Kevin Kwok Adversarial examples Adversarial examples Imperceptible perturbations to an input can change a neural network's prediction adversarial

1.06k views • 23 slides
From Foes to Friends Briefly About Me Trainer, Data Coach, Developer, Project Manager

From Foes to Friends Briefly About Me Trainer, Data Coach, Developer, Project Manager

SQL and NAV: From Foes to Friends Briefly About Me Trainer, Data Coach, Developer, Project Manager Favorites: SQL and PowerShell (and getting into Python) I am data centric not necessarily NAV centric. Accounting and financial

807 views • 47 slides
The World Within Micro-organisms in the Digestive Tract: Friends, Foes, and Visitors Janice M.

The World Within Micro-organisms in the Digestive Tract: Friends, Foes, and Visitors Janice M.

The World Within Micro-organisms in the Digestive Tract: Friends, Foes, and Visitors Janice M. Joneja, Ph.D 2002 The Internal Landscape 2 The Digestive Tract Each site within the digestive tract is designed for optimal function :

1.12k views • 68 slides
Dedicated to Paul Epstein Friends or Foes? Pim Martens Maastricht University-Leuphana University

Dedicated to Paul Epstein Friends or Foes? Pim Martens Maastricht University-Leuphana University

14-11-11 Biodiversity and Health Dedicated to Paul Epstein Friends or Foes? Pim Martens Maastricht University-Leuphana University -Stellenbosch University Thanks to Dolf de Groot Biodiversity and ecosystem func2ons crucial

375 views • 4 slides
Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy*

Thermometer Encoding: One Hot Way to Resist Adversarial Examples Stanford, 2017-11-16 Aurko Roy* Colin Ra ff el Jacob Ian Buckman* Goodfellow *joint first author Adversarial Examples Adversarial Definitely Probably panda perturbation

607 views • 15 slides
BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto,

BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto,

BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto, Matteo Sereno Dipartimento di informatica Universit di Torino Peer to peer and file sharing applications Peer to peer paradigm has a huge

821 views • 14 slides
Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are

Slides: http://tiny.cc/adversarial Adversarial Examples in NLP Sameer Singh sameer@uci.edu @sameer_ sameersingh.org What are Adversarial Examples? panda gibbon 57.7% confidence 99.3% confidence [Goodfellow et al, ICLR 2015 ]

1.56k views • 43 slides
Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali

Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali

Friends, not Foes Synthesizing Existing Transport Strategies for Data Center Networks Ali Munir Michigan State University Michigan State University Ghufran Baig, Syed M. Irteza, Ihsan A. Qazi, Alex X. Liu, Fahad R. Dogar Data Center (DC)

1.34k views • 66 slides
PyCSP Revisited Brian Vinter John Markus Bjrndalen Rune Mllegaard Friborg Dias 1 eScience

PyCSP Revisited Brian Vinter John Markus Bjrndalen Rune Mllegaard Friborg Dias 1 eScience

PyCSP Revisited Brian Vinter John Markus Bjrndalen Rune Mllegaard Friborg Dias 1 eScience Centre Target domain History of PyCSP Started at CPA 2006 Presented at CPA 2007 Based on Python (OS) threads A GUI and multiple minor

377 views • 34 slides
CONFLICT MANAGEMENT Advanced Management, Inc. 1936 Oak Ridge Turnpike, Oak Ridge, TN 37830

CONFLICT MANAGEMENT Advanced Management, Inc. 1936 Oak Ridge Turnpike, Oak Ridge, TN 37830

CONFLICT MANAGEMENT Advanced Management, Inc. 1936 Oak Ridge Turnpike, Oak Ridge, TN 37830 865-483-9500 |www.ami-tn.com The history of man is replete with mechanisms and attempts to control aggression. People have tried to pray it away,

458 views • 43 slides
Volume and Surface-Enhanced Negative Ion Sources Martin P. Stockli Oak Ridge National

Volume and Surface-Enhanced Negative Ion Sources Martin P. Stockli Oak Ridge National

Volume and Surface-Enhanced Negative Ion Sources Martin P. Stockli Oak Ridge National Laboratory Oak Ridge, TN 37830, USA A Lecture of the CERN Accelerator School on "Ion Sources" in collaboration with Senec, Slovakia June 2,

543 views • 51 slides
Manipulation Techniques & Visualization Sanity Check Have you looked at the notes and

Manipulation Techniques & Visualization Sanity Check Have you looked at the notes and

Manipulation Techniques & Visualization Sanity Check Have you looked at the notes and started the quiz? Are you getting email notifications from Piazza? Did you enroll yourself on the Student Center? Are you in a group of

910 views • 39 slides
Graph Data Management Wim Martens University of Bayreuth EPIT Spring School on Ti eoretical

Graph Data Management Wim Martens University of Bayreuth EPIT Spring School on Ti eoretical

Foundational aspects of Graph Data Management Wim Martens University of Bayreuth EPIT Spring School on Ti eoretical Computer Science Luminy, 2019 Outline - Graph Data Model - Q ueries - Graph Q uery Evaluation - Graph Q uery Containment -

1.01k views • 100 slides
The Intersection of Opioid Abuse, Overdose, and Suicide: Understanding the Connections June 5,

The Intersection of Opioid Abuse, Overdose, and Suicide: Understanding the Connections June 5,

The Intersection of Opioid Abuse, Overdose, and Suicide: Understanding the Connections June 5, 2018 Alex Crosby, MD, MPH, Senior Medical Advisor, Division of Violence Prevention, CDC Kristen Quinlan, PhD, Epidemiologist, SPRC Gisela Rots, MS,

787 views • 46 slides
Liberation of Concentration Camps L ocation: Oswiecim, Poland E stablished: May 26th1940

Liberation of Concentration Camps L ocation: Oswiecim, Poland E stablished: May 26th1940

Liberation of Concentration Camps L ocation: Oswiecim, Poland E stablished: May 26th1940 L iberation: January 27th, 1945, by the Soviet Army. E stimated number of victims: 2,1 to 2,5 million (This estimated number of death is

619 views • 26 slides
Power generation & health Understanding the problem Agreeing on solutions Planning

Power generation & health Understanding the problem Agreeing on solutions Planning

8/8/18 Power generation & health Understanding the problem Agreeing on solutions Planning cooperative action Tonights discussion Toxic pollution and health impacts Air pollution monitoring and access to data in your community

208 views • 20 slides

More recommend