SlideShare uma empresa Scribd logo

Machine learning security - Pawel Zawistowski, Warsaw University of Technology/Adform

Evention
Evention

Despite rapid progress of tools and methods, security has been almost entirely overlooked in the mainstream machine learning. Unfortunately, even the most sophisticated and carefully crafted models can become victims of using the so-called adversarial examples. This talk will cover the concepts of adversarial data and machine learning security, go through examples of possible attack vectors and discuss the currently known defence mechanisms.

Dados e análise
1 de 31
Baixar para ler offline
Machine learning security PAWEŁ ZAWISTOWSKI
AI and machine learning help to create new tools [1] Image: https://pixabay.com/pl/sztuczna-inteligencja-ai-robota-2228610/ Some of them make us rethink what is “real”
lyrebird.ai “Lyrebird allows you to create a digital voice that sounds like you with only one minute of audio.” [1] [1] Quote & image: https://lyrebird.ai/
Learning lip sync from audio [1] Suwajanakorn, Supasorn, Steven M. Seitz, and Ira Kemelmacher-Shlizerman. "Synthesizing obama: learning lip sync from audio." ACM Transactions on Graphics (TOG) 36.4 (2017): 95. [2] Image: https://youtu.be/9Yq67CjDqvw
FakeApp ”A desktop app for creating photorealistic faceswap videos made with deep learning” [1] [1] http://www.fakeapp.org/ [2] Image: Nicolas Cage fake movie compilation: https://youtu.be/BU9YAHigNx8
ML through the security lens [1] Image: https://pixabay.com/pl/streszczenie-geometryczny-%C5%9Bwiata-1278059/
CIA triad – in machine learning context Confidentiality – extracting model parameters and training data Integrity – inducing particular outputs/behaviors of a trained model Availability – making the model instable/unusable
Targeting confidentiality
Sharing datasets is tricky [1] Image: https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases A. Narayanan and V. Shmatikov. “Robust de-anonymization of large sparse datasets (how to break anonymity of the Netflix prize dataset)”. IEEE Symposium on Security and Privacy. 2008.
A possible remedy: differential privacy • A promise made to a data subject: “You will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis, no matter what other studies, data sets, or information sources, are available.” [1] • Adding randomness helps in protecting individual privacy. [1] Dwork, C., & Roth, A. (2013). The Algorithmic Foundations of Differential Privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4), 211–407.
Demonstration – a quick survey Raise your hand if you’ve been involved in some illegal activities.
Demonstration – a quick survey, take 2 Toss a fair coin: ◦ if it’s heads – toss it again and answer yes if it comes out heads, ◦ if it’s tails – answer truthfully. Statistically ~ 25% of positives only due to randomness, the difference is where the knowledge is hidden. Raise your hand if you’ve been involved in some illegal activities.
Targeting integrity
Rapid progress in image recognition [1] Left image MNIST: https://upload.wikimedia.org/wikipedia/commons/2/27/MnistExamples.png [2] Right image CIFAR: https://www.cs.toronto.edu/~kriz/cifar.html [3] Wan, Li, et al. "Regularization of neural networks using dropconnect." International Conference on Machine Learning. 2013. [4] Graham, Benjamin. "Fractional max-pooling." arXiv preprint arXiv:1412.6071 (2014) MNIST: 99.79% [3] CIFAR-10: 96.53% [4]
“5 days after Microsoft announced it had beat the human benchmark of 5.1% errors with a 4.94% error grabbing neural network, Google announced it had one-upped Microsoft by 0.04%” [1] [1] https://www.eetimes.com/document.asp?doc_id=1325712 “Human level” results
In the meantime this happens street sign birdhouse
Adversarial examples [1] I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples”, 2014. “[…] inputs formed by applying small but intentionally worst-case perturbations […] (which) results in the model outputting an incorrect answer with high confidence” [1] Goodfellow et al.
How these work? ▪Given a classifier f(x) we need to find a (minimal) perturbation r for which f(x+r) ≠ f(x). ▪Finding r can be realized as an optimization task. [1] Black box https://cdn.pixabay.com/photo/2014/04/03/10/22/black-box-310220_960_720.png [2] White box https://cdn.pixabay.com/photo/2013/07/12/13/55/box-147574_960_720.png
How these work?
Training a model Training data Loss function Inputs Labels Outputs Parameter corrections
Generating adversarial examples Adversarial loss Inputs Outputs Perturbation corrections Perturbation Trained model
One step further: adversarial patch [1] Brown, T. B., Mané, D., Roy, A., Abadi, M., & Gilmer, J. (n.d.). „Adversarial Patch” toaster
Two steps further: adversarial object [1] Athalye, A., Engstrom, L., Ilyas, A., & Kwok, K. (2017). Synthesizing Robust Adversarial Examples. [2] Images: http://www.labsix.org/physical-objects-that-fool-neural-nets/ Trained model Adversarial attack Adversarial 3D model 3D Printing
Papernot et al: machine learning pipeline security Papernot et al. : “SoK: Towards the Science of Security and Privacy in Machine Learning”
Defense methods – first attempts • Gradient masking. • Defensive distillation. [1] Image: http://cdn.emgn.com/wp-content/uploads/2016/01/society-will-fail-emgn-16.jpg
Extending the training data set Training data Adversarial examples Train model Perform attack Extend dataset
Detecting adversarial inputs Online model Inputs Attack detector Outputs
Adding some noise Online model Inputs Adding noise Outputs
Conclusions [1] http://maxpixel.freegreatpicture.com/
„In the history of science and technology, the engineering artifacts have almost always preceded the theoretical understanding[…] if you are not happy with our understanding of the methods you use everyday, fix it” [2] Yann LeCun [1] http://maxpixel.freegreatpicture.com/ [2] comment to a Ali Rahimi's "Test of Time" award talk at NIPS
Thank you for your attention! ON THE SIDE NOTE – WE’RE HIRING! ☺ [1] http://maxpixel.freegreatpicture.com/

Recomendados

Film 260 flipbook
Film 260 flipbookFilm 260 flipbook
Film 260 flipbook
Jamie Cochrane
 
Pedagogy before Technology (Weaving Tech 2019)
Pedagogy before Technology (Weaving Tech 2019)Pedagogy before Technology (Weaving Tech 2019)
Pedagogy before Technology (Weaving Tech 2019)
Michael A. Cowling
 
Null
NullNull
Null
EraylsonGaldino1
 
Fast discrimination of fake video manipulation
Fast discrimination of fake video manipulationFast discrimination of fake video manipulation
Fast discrimination of fake video manipulation
IJECEIAES
 
ACSA-PARC Interns Reflect
ACSA-PARC Interns ReflectACSA-PARC Interns Reflect
ACSA-PARC Interns Reflect
dvodicka
 
Image Classification and Annotation Using Deep Learning
Image Classification and Annotation Using Deep LearningImage Classification and Annotation Using Deep Learning
Image Classification and Annotation Using Deep Learning
IRJET Journal
 
Deep Learning Jump Start
Deep Learning Jump StartDeep Learning Jump Start
Deep Learning Jump Start
Michele Toni
 
Explore Data: Data Science + Visualization
Explore Data: Data Science + VisualizationExplore Data: Data Science + Visualization
Explore Data: Data Science + Visualization
Roelof Pieters
 

Recomendados

Film 260 flipbook
Film 260 flipbookFilm 260 flipbook
Film 260 flipbook
Jamie Cochrane
 
Pedagogy before Technology (Weaving Tech 2019)
Pedagogy before Technology (Weaving Tech 2019)Pedagogy before Technology (Weaving Tech 2019)
Pedagogy before Technology (Weaving Tech 2019)
Michael A. Cowling
 
Null
NullNull
Null
EraylsonGaldino1
 
Fast discrimination of fake video manipulation
Fast discrimination of fake video manipulationFast discrimination of fake video manipulation
Fast discrimination of fake video manipulation
IJECEIAES
 
ACSA-PARC Interns Reflect
ACSA-PARC Interns ReflectACSA-PARC Interns Reflect
ACSA-PARC Interns Reflect
dvodicka
 
Image Classification and Annotation Using Deep Learning
Image Classification and Annotation Using Deep LearningImage Classification and Annotation Using Deep Learning
Image Classification and Annotation Using Deep Learning
IRJET Journal
 
Deep Learning Jump Start
Deep Learning Jump StartDeep Learning Jump Start
Deep Learning Jump Start
Michele Toni
 
Explore Data: Data Science + Visualization
Explore Data: Data Science + VisualizationExplore Data: Data Science + Visualization
Explore Data: Data Science + Visualization
Roelof Pieters
 
Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)
Gregory Desrosiers
 
Presentation about adversarial image attacks
Presentation about adversarial image attacksPresentation about adversarial image attacks
Presentation about adversarial image attacks
KoshinKhodiyar
 
Face recognition face verification one shot learning
Face recognition face verification one shot learningFace recognition face verification one shot learning
Face recognition face verification one shot learning
cg14tech
 
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
polochau
 
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of CybersecurityThe Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
laurieannwilliams
 
Analysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery MethodologiesAnalysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery Methodologies
ijsrd.com
 
Attack Vectors in Biometric Recognition Systems
Attack Vectors in Biometric Recognition SystemsAttack Vectors in Biometric Recognition Systems
Attack Vectors in Biometric Recognition Systems
Clare Nelson, CISSP, CIPP-E
 
A survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensicsA survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensics
IJECEIAES
 
Stay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer VisionStay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer Vision
NUS-ISS
 
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Sebastian Deterding
 
Edtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learnEdtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learn
Shah Widjaja
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
Allison Miller
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
Takeshi Takahashi
 
A Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video DetectionA Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video Detection
IRJET Journal
 
Sec16 paper xu
Sec16 paper xuSec16 paper xu
Sec16 paper xu
Andrey Apuhtin
 
UC Merced: Data Management for Scientists
UC Merced: Data Management for ScientistsUC Merced: Data Management for Scientists
UC Merced: Data Management for Scientists
Carly Strasser
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
butest
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
butest
 
Edupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 editionEdupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 edition
Mel Chua
 
A Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection TechniquesA Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection Techniques
ijtsrd
 
The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...
Evention
 
A/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.comA/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.com
Evention
 

Mais conteúdo relacionado

Semelhante a Machine learning security - Pawel Zawistowski, Warsaw University of Technology/Adform

Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)
Gregory Desrosiers
 
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
polochau
 
Analysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery MethodologiesAnalysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery Methodologies
ijsrd.com
 
A survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensicsA survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensics
IJECEIAES
 
UC Merced: Data Management for Scientists
UC Merced: Data Management for ScientistsUC Merced: Data Management for Scientists
UC Merced: Data Management for Scientists
Carly Strasser
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
butest
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
butest
 
A Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection TechniquesA Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection Techniques
ijtsrd
 

Semelhante a Machine learning security - Pawel Zawistowski, Warsaw University of Technology/Adform (20)

Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)
 
Presentation about adversarial image attacks
Presentation about adversarial image attacksPresentation about adversarial image attacks
Presentation about adversarial image attacks
 
Face recognition face verification one shot learning
Face recognition face verification one shot learningFace recognition face verification one shot learning
Face recognition face verification one shot learning
 
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
 
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of CybersecurityThe Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
 
Analysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery MethodologiesAnalysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery Methodologies
 
Attack Vectors in Biometric Recognition Systems
Attack Vectors in Biometric Recognition SystemsAttack Vectors in Biometric Recognition Systems
Attack Vectors in Biometric Recognition Systems
 
A survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensicsA survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensics
 
Stay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer VisionStay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer Vision
 
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
 
Edtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learnEdtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learn
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
 
A Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video DetectionA Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video Detection
 
Sec16 paper xu
Sec16 paper xuSec16 paper xu
Sec16 paper xu
 
UC Merced: Data Management for Scientists
UC Merced: Data Management for ScientistsUC Merced: Data Management for Scientists
UC Merced: Data Management for Scientists
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
Edupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 editionEdupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 edition
 
A Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection TechniquesA Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection Techniques
 

Mais de Evention

Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Evention
 
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Evention
 
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
Evention
 
Stream processing with Apache Flink - Maximilian Michels Data Artisans
Stream processing with Apache Flink - Maximilian Michels Data ArtisansStream processing with Apache Flink - Maximilian Michels Data Artisans
Stream processing with Apache Flink - Maximilian Michels Data Artisans
Evention
 
Big Data for unstructured data Dariusz Śliwa
Big Data for unstructured data Dariusz ŚliwaBig Data for unstructured data Dariusz Śliwa
Big Data for unstructured data Dariusz Śliwa
Evention
 
Stream Analytics with SQL on Apache Flink - Fabian Hueske
Stream Analytics with SQL on Apache Flink - Fabian HueskeStream Analytics with SQL on Apache Flink - Fabian Hueske
Stream Analytics with SQL on Apache Flink - Fabian Hueske
Evention
 
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Evention
 

Mais de Evention (20)

The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...
 
A/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.comA/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.com
 
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
 
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
 
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, Adform
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, AdformBuilding a Modern Data Pipeline: Lessons Learned - Saulius Valatka, Adform
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, Adform
 
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data Artisans
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data ArtisansApache Flink: Better, Faster & Uncut - Piotr Nowojski, data Artisans
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data Artisans
 
Privacy by Design - Lars Albertsson, Mapflat
Privacy by Design - Lars Albertsson, MapflatPrivacy by Design - Lars Albertsson, Mapflat
Privacy by Design - Lars Albertsson, Mapflat
 
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...
 
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...
 
Enhancing Spark - increase streaming capabilities of your applications - Kami...
Enhancing Spark - increase streaming capabilities of your applications - Kami...Enhancing Spark - increase streaming capabilities of your applications - Kami...
Enhancing Spark - increase streaming capabilities of your applications - Kami...
 
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
 
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...
 
Stream processing with Apache Flink - Maximilian Michels Data Artisans
Stream processing with Apache Flink - Maximilian Michels Data ArtisansStream processing with Apache Flink - Maximilian Michels Data Artisans
Stream processing with Apache Flink - Maximilian Michels Data Artisans
 
Scaling Cassandra in all directions - Jimmy Mardell Spotify
Scaling Cassandra in all directions - Jimmy Mardell SpotifyScaling Cassandra in all directions - Jimmy Mardell Spotify
Scaling Cassandra in all directions - Jimmy Mardell Spotify
 
Big Data for unstructured data Dariusz Śliwa
Big Data for unstructured data Dariusz ŚliwaBig Data for unstructured data Dariusz Śliwa
Big Data for unstructured data Dariusz Śliwa
 
Elastic development. Implementing Big Data search Grzegorz Kołpuć
Elastic development. Implementing Big Data search Grzegorz KołpućElastic development. Implementing Big Data search Grzegorz Kołpuć
Elastic development. Implementing Big Data search Grzegorz Kołpuć
 
H2 o deep water making deep learning accessible to everyone -jo-fai chow
H2 o deep water making deep learning accessible to everyone -jo-fai chowH2 o deep water making deep learning accessible to everyone -jo-fai chow
H2 o deep water making deep learning accessible to everyone -jo-fai chow
 
That won’t fit into RAM - Michał Brzezicki
That won’t fit into RAM - Michał BrzezickiThat won’t fit into RAM - Michał Brzezicki
That won’t fit into RAM - Michał Brzezicki
 
Stream Analytics with SQL on Apache Flink - Fabian Hueske
Stream Analytics with SQL on Apache Flink - Fabian HueskeStream Analytics with SQL on Apache Flink - Fabian Hueske
Stream Analytics with SQL on Apache Flink - Fabian Hueske
 
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
 

Último

Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Delhi Call girls
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
amitlee9823
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
shivangimorya083
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
amitlee9823
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
amitlee9823
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Delhi Call girls
 

Último (20)

BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptx
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 

Machine learning security - Pawel Zawistowski, Warsaw University of Technology/Adform

  • 2. AI and machine learning help to create new tools [1] Image: https://pixabay.com/pl/sztuczna-inteligencja-ai-robota-2228610/ Some of them make us rethink what is “real”
  • 3. lyrebird.ai “Lyrebird allows you to create a digital voice that sounds like you with only one minute of audio.” [1] [1] Quote & image: https://lyrebird.ai/
  • 4. Learning lip sync from audio [1] Suwajanakorn, Supasorn, Steven M. Seitz, and Ira Kemelmacher-Shlizerman. "Synthesizing obama: learning lip sync from audio." ACM Transactions on Graphics (TOG) 36.4 (2017): 95. [2] Image: https://youtu.be/9Yq67CjDqvw
  • 5. FakeApp ”A desktop app for creating photorealistic faceswap videos made with deep learning” [1] [1] http://www.fakeapp.org/ [2] Image: Nicolas Cage fake movie compilation: https://youtu.be/BU9YAHigNx8
  • 6. ML through the security lens [1] Image: https://pixabay.com/pl/streszczenie-geometryczny-%C5%9Bwiata-1278059/
  • 7. CIA triad – in machine learning context Confidentiality – extracting model parameters and training data Integrity – inducing particular outputs/behaviors of a trained model Availability – making the model instable/unusable
  • 9. Sharing datasets is tricky [1] Image: https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases A. Narayanan and V. Shmatikov. “Robust de-anonymization of large sparse datasets (how to break anonymity of the Netflix prize dataset)”. IEEE Symposium on Security and Privacy. 2008.
  • 10. A possible remedy: differential privacy • A promise made to a data subject: “You will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis, no matter what other studies, data sets, or information sources, are available.” [1] • Adding randomness helps in protecting individual privacy. [1] Dwork, C., & Roth, A. (2013). The Algorithmic Foundations of Differential Privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4), 211–407.
  • 11. Demonstration – a quick survey Raise your hand if you’ve been involved in some illegal activities.
  • 12. Demonstration – a quick survey, take 2 Toss a fair coin: ◦ if it’s heads – toss it again and answer yes if it comes out heads, ◦ if it’s tails – answer truthfully. Statistically ~ 25% of positives only due to randomness, the difference is where the knowledge is hidden. Raise your hand if you’ve been involved in some illegal activities.
  • 14. Rapid progress in image recognition [1] Left image MNIST: https://upload.wikimedia.org/wikipedia/commons/2/27/MnistExamples.png [2] Right image CIFAR: https://www.cs.toronto.edu/~kriz/cifar.html [3] Wan, Li, et al. "Regularization of neural networks using dropconnect." International Conference on Machine Learning. 2013. [4] Graham, Benjamin. "Fractional max-pooling." arXiv preprint arXiv:1412.6071 (2014) MNIST: 99.79% [3] CIFAR-10: 96.53% [4]
  • 15. “5 days after Microsoft announced it had beat the human benchmark of 5.1% errors with a 4.94% error grabbing neural network, Google announced it had one-upped Microsoft by 0.04%” [1] [1] https://www.eetimes.com/document.asp?doc_id=1325712 “Human level” results
  • 16. In the meantime this happens street sign birdhouse
  • 17. Adversarial examples [1] I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples”, 2014. “[…] inputs formed by applying small but intentionally worst-case perturbations […] (which) results in the model outputting an incorrect answer with high confidence” [1] Goodfellow et al.
  • 18. How these work? ▪Given a classifier f(x) we need to find a (minimal) perturbation r for which f(x+r) ≠ f(x). ▪Finding r can be realized as an optimization task. [1] Black box https://cdn.pixabay.com/photo/2014/04/03/10/22/black-box-310220_960_720.png [2] White box https://cdn.pixabay.com/photo/2013/07/12/13/55/box-147574_960_720.png
  • 22. One step further: adversarial patch [1] Brown, T. B., Mané, D., Roy, A., Abadi, M., & Gilmer, J. (n.d.). „Adversarial Patch” toaster
  • 23. Two steps further: adversarial object [1] Athalye, A., Engstrom, L., Ilyas, A., & Kwok, K. (2017). Synthesizing Robust Adversarial Examples. [2] Images: http://www.labsix.org/physical-objects-that-fool-neural-nets/ Trained model Adversarial attack Adversarial 3D model 3D Printing
  • 24. Papernot et al: machine learning pipeline security Papernot et al. : “SoK: Towards the Science of Security and Privacy in Machine Learning”
  • 25. Defense methods – first attempts • Gradient masking. • Defensive distillation. [1] Image: http://cdn.emgn.com/wp-content/uploads/2016/01/society-will-fail-emgn-16.jpg
  • 26. Extending the training data set Training data Adversarial examples Train model Perform attack Extend dataset
  • 30. „In the history of science and technology, the engineering artifacts have almost always preceded the theoretical understanding[…] if you are not happy with our understanding of the methods you use everyday, fix it” [2] Yann LeCun [1] http://maxpixel.freegreatpicture.com/ [2] comment to a Ali Rahimi's "Test of Time" award talk at NIPS
  • 31. Thank you for your attention! ON THE SIDE NOTE – WE’RE HIRING! ☺ [1] http://maxpixel.freegreatpicture.com/