Overview
Explore the vulnerabilities of Deep Generative Models (DGMs) and Generative Adversarial Networks (GANs) in this 39-minute Black Hat conference talk. Delve into a formal threat model for training-time attacks against DGMs, uncovering how attackers can backdoor pre-trained models and embed compromising data points. Learn about the potential material and reputational damage these attacks can cause to organizations using DGMs. Examine naïve detection mechanisms and discover effective combinations of static and dynamic inspections to detect these attacks. Gain insights into research goals, applications of DGMs, successful attack characteristics, model inspection techniques, and basic defense strategies. Presented by Killian Levacher, Ambrish Rawat, and Mathieu Sinn, this talk covers topics such as brute force sampling, student models, redundancy, and whitebox access, providing a comprehensive overview of the challenges and solutions in defending DGMs against adversarial attacks.
Syllabus
Introduction
Research Goals
What are Deep Generative Models
Applications of Deep Generative Models
What Could Go Wrong
What Makes a Successful Attack
Model Inspection
Brute Force Sampling
mnist
Training
Can you do something better
Approach trail
Approach schematic
Student Model
Redundancy
Token Example
Stylegun
Attack Goals
Basic Defenses
Whitebox Access
Taught by
Black Hat