Explore the vulnerabilities of machine learning models to adversarial examples in this 20-minute conference talk from USENIX Enigma 2017. Delve into the world of subtly modified malicious inputs that can compromise the integrity of model outputs, potentially affecting various systems from vehicle control to spam detection. Learn about misclassification attacks on image, text, and malware classifiers, and discover how adversarial examples can transfer between different models. Gain practical knowledge through a hands-on tutorial on adversarial example crafting, covering algorithms, threat models, and proposed defenses. Join Nicolas Papernot, Google PhD Fellow at The Pennsylvania State University, as he guides you through the intricacies of this critical aspect of machine learning security.
Adversarial Examples in Machine Learning - Crafting and Defending Against Attacks
USENIX Enigma Conference via YouTube
Overview
Syllabus
Intro
Successes of machine learning
Failures of machine learning: Dave's talk
Crafting adversarial examples: fast gradient sign method
Threat model of a black-box attack
Our approach to black-box attacks
Adversarial example transferability
Intra-technique transferability: cross training data
Cross-technique transferability
Attacking remotely hosted black-box models
Results on real-world remote systems
Hands-on tutorial with the MNIST dataset
Taught by
USENIX Enigma Conference
