SlideShare ist ein Scribd-Unternehmen logo

Causative Adversarial Learning

‱
‱
D
David Dao

Deep Learning in Action Talk, 24th June

Technologie
1 von 41
Downloaden Sie, um offline zu lesen
Causative Adversarial Learning Huang Xiao, am 24.06.2015 xiaohu(at)in.tum.de Talk presented on Deep Learning in Action @Munich
Motivation Deep networks can be easily fooled 
 [1] Evolution Algor. generated images 99.99% confidence “It turns out some DNNs only focus on discriminative features in images.” [1] Nguyen A, Yosinski J, Clune J. Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. In Computer Vision and Pattern Recognition (CVPR '15), IEEE, 2015.
Motivation Spam alerts
Google brain, 16000 CPUs Learning is expensive! Motivation
Adversarial Learning Reverse engineering of machine learning. It aims to design robust and secure learning algorithms.
Big Picture Are the modern learning systems really secure? Training dataset Model Test (Validation) dataset Training Test Update ● Increase test error ● Reduce learning accuracy ● Fool the intelligent system ● Achieve personal gain
Big Picture Are the modern learning systems really secure? Training dataset Model Test (Validation) dataset Training Test Update Causative Attack Exploratory Attack
Attack’s capability Access to Data Knowledge about features Knowledge about the classifier Limited Knowledge Partially Maybe Yes Perfect Knowledge Yes Yes Yes These are real inputs from users.
Basics ❏ Observations ❏ True signal: ❏ Polynomial curve fitting ❏ is unknown ❏ => learn the green curve Observation Original signal
Least square Training Minimize empirical squared error. Estimated output Observed output
Least square Training Minimize empirical squared error. Overfitting Estimated output Observed output
Overfitting ❏ Bad on unseen test set ❏ Central problem of ML. ❏ Generalization ❏ E.g., regularization, prior, more data, model selection
Bias-Variance ❏ Trade off ❏ Overfitting == low bias, high variance ❏ Underfitting == high bias, low variance ❏ Noise is dominating! W is very sensitive Bias Variance Decomposition
Objective Increase bias or variance?
Types of Adversaries ● Causative Attack (Poisoning) ○ Understanding how the learning algorithms work ○ Engineering on features or labels of training set ○ Change the discriminant function ● Exploratory Attack (Evasion) ○ Engineering features of a test point ○ Circumvent the legitimate detection ○ Change the discriminant result
Types of Adversaries ● Causative Attack (Poisoning) ○ Understanding how the learning algorithms work ○ Engineering on features or labels of training set ○ Change the discriminant function ● Exploratory Attack (Evasion) ○ Engineering features of a test point ○ Circumvent the legitimate detection ○ Change the discriminant result
Label Noises on SVM ● SVM: One of the state-of-art classifier ● Binary case: +1, -1 ● Label flips attack under a certain budget ● Maximizing error on validation set ● Methods: ○ ALFA ○ Distance based: far-first, near-first, random ○ Continuous relaxation gradient ascend ○ Correlated cluster
Basics We measure the error on a validation set using the function trained on training set. A training data set A validation data set Classifier trained on Regularization coefficient Risk measurement on validation set
Flip Labels
Flip Labels
Huang Xiao, B. Biggio, B. Nelson, Han Xiao, C. Eckert, and F. Roli, “Support Vector Machines under Adversarial Label Contamination”, Neurocomputing, vol. Special Issue on Advances in Learning with Label Noise, In Press.
Poisoning Attack on SVM ● Noises on features, not on labels ● Design a malicious training point ● Maximizing the error (e.g., test error, hinge loss, ...) ● Gradient ascend
How to? Retrain the SVM after injecting a malicious point ,, , move the point such that the classification error on validation set is maximized. Validation data set with m samples SVM trained on training set with a malicious point
Poisoning Attack on SVM
Poisoning Attack on SVM
B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines”, in 29th Int'l Conf. on Machine Learning (ICML), 2012.
Walking example B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines”, in 29th Int'l Conf. on Machine Learning (ICML), 2012 You can: ● Mimic the ‘9’ as ‘8’ or, ● Label a ‘9’ as a ‘8’
Poisoning Lasso ● Lasso: feature selection, more generally, L1 regularization ● Feature selection is often the first step for many learning system ● Other targets: Rigid regression, elastic network ● Gradient based method
Lasso Capture the most relevant features in data set automatically by shrinking the feature weights. from: Tibshirani, R. (1996). Regression shrinkage and selection via the lasso. J. Royal. Statist. Soc B., Vol. 58, No. 1, pages 267- 288).
Feature selection x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 5.1 4.6 4.5 4.0 4.0 1.8 0 0 0 0 Non-zero (weight) features are selected for next stage training!
Feature selection x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 5.13.64.23.14.21.80000 Non-zero (weight) features are selected for next stage training! Adding a malicious point Training set
Intuition # features #Samples # features #Samples #samples â‰Ș #features #samples ≫ #features
Intuition # features #Samples # features #Samples #samples â‰Ș #features #samples ≫ #features Danger!
Add some random noises
Research goals ● Investigating robustness of feature selection algorithms ● Design a multiple point attack method ● Warning: feature selection might not be reliable ● A gradient based poisoning framework
Objective function We inject a malicious point to form a new compromised Data . Variable: , we are maximising w.r.t Remark that is learnt on contaminated data . Maximise Generalization Error!
Gradient Ascent Update rule: descent ascent min max bound box
Demonstration Error surface Initial attack point on each (x, y) Xiao, Huang, Battista Biggio, Gavin Brown, Giorgio Fumera, Claudia Eckert, and Fabio Roli. Is Feature Selection Secure against Training Data Poisoning?. In ICML'15,Lille, France, July 2015.
Demonstration Gradient ascend path Xiao, Huang, Battista Biggio, Gavin Brown, Giorgio Fumera, Claudia Eckert, and Fabio Roli. Is Feature Selection Secure against Training Data Poisoning?. In ICML'15,Lille, France, July 2015.
Wrap up ● Don’t expect your algorithms too fancy ● Don’t expect adversaries too silly ● Setup objective and do the worst-case study ● Machine learning needs to be more robust ● There’s no innocent data
Thank you, question?

Empfohlen

Intro to Feature Selection
Intro to Feature SelectionIntro to Feature Selection
Intro to Feature Selectionchenhm
 
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Simplilearn
 
Support vector machine
Support vector machineSupport vector machine
Support vector machineRishabh Gupta
 
Support vector machine
Support vector machineSupport vector machine
Support vector machinezekeLabs Technologies
 
Actor critic algorithm
Actor critic algorithmActor critic algorithm
Actor critic algorithmJie-Han Chen
 
Regularization in deep learning
Regularization in deep learningRegularization in deep learning
Regularization in deep learningKien Le
 
Support vector machine
Support vector machineSupport vector machine
Support vector machineMusa Hawamdah
 
Intro to Deep Reinforcement Learning
Intro to Deep Reinforcement LearningIntro to Deep Reinforcement Learning
Intro to Deep Reinforcement LearningKhaled Saleh
 

Empfohlen

Intro to Feature Selection
Intro to Feature SelectionIntro to Feature Selection
Intro to Feature Selectionchenhm
 
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...
Support Vector Machine - How Support Vector Machine works | SVM in Machine Le...Simplilearn
 
Support vector machine
Support vector machineSupport vector machine
Support vector machineRishabh Gupta
 
Support vector machine
Support vector machineSupport vector machine
Support vector machinezekeLabs Technologies
 
Actor critic algorithm
Actor critic algorithmActor critic algorithm
Actor critic algorithmJie-Han Chen
 
Regularization in deep learning
Regularization in deep learningRegularization in deep learning
Regularization in deep learningKien Le
 
Support vector machine
Support vector machineSupport vector machine
Support vector machineMusa Hawamdah
 
Intro to Deep Reinforcement Learning
Intro to Deep Reinforcement LearningIntro to Deep Reinforcement Learning
Intro to Deep Reinforcement LearningKhaled Saleh
 
Presentation on supervised learning
Presentation on supervised learningPresentation on supervised learning
Presentation on supervised learningTonmoy Bhagawati
 
Feature selection concepts and methods
Feature selection concepts and methodsFeature selection concepts and methods
Feature selection concepts and methodsReza Ramezani
 
Supervised Machine Learning
Supervised Machine LearningSupervised Machine Learning
Supervised Machine LearningAnkit Rai
 
Logistic regression
Logistic regressionLogistic regression
Logistic regressionMartinHogg9
 
Generative Adversarial Network (+Laplacian Pyramid GAN)
Generative Adversarial Network (+Laplacian Pyramid GAN)Generative Adversarial Network (+Laplacian Pyramid GAN)
Generative Adversarial Network (+Laplacian Pyramid GAN)NamHyuk Ahn
 
DQN (Deep Q-Network)
DQN (Deep Q-Network)DQN (Deep Q-Network)
DQN (Deep Q-Network)Dong Guo
 
Reinforcement Learning
Reinforcement LearningReinforcement Learning
Reinforcement LearningSalem-Kabbani
 
An introduction to deep reinforcement learning
An introduction to deep reinforcement learningAn introduction to deep reinforcement learning
An introduction to deep reinforcement learningBig Data Colombia
 
Feature Selection in Machine Learning
Feature Selection in Machine LearningFeature Selection in Machine Learning
Feature Selection in Machine LearningUpekha Vandebona
 
Deep Learning - A Literature survey
Deep Learning - A Literature surveyDeep Learning - A Literature survey
Deep Learning - A Literature surveyAkshay Hegde
 
Reinforcement Learning
Reinforcement LearningReinforcement Learning
Reinforcement Learningbutest
 
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...Logistic Regression | Logistic Regression In Python | Machine Learning Algori...
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...Simplilearn
 
Linear regression
Linear regressionLinear regression
Linear regressionMartinHogg9
 
Support Vector Machines
Support Vector MachinesSupport Vector Machines
Support Vector Machinesnextlib
 
Generative adversarial networks
Generative adversarial networksGenerative adversarial networks
Generative adversarial networksë‚šìŁŒ êč€
 
Linear Regression and Logistic Regression in ML
Linear Regression and Logistic Regression in MLLinear Regression and Logistic Regression in ML
Linear Regression and Logistic Regression in MLKumud Arora
 
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...Linear Regression Analysis | Linear Regression in Python | Machine Learning A...
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...Simplilearn
 
k Nearest Neighbor
k Nearest Neighbork Nearest Neighbor
k Nearest Neighborbutest
 
Reinforcement learning
Reinforcement learningReinforcement learning
Reinforcement learningDing Li
 
Supervised learning
Supervised learning Supervised learning
Supervised learningLearnbay Datascience
 
EssentialsOfMachineLearning.pdf
EssentialsOfMachineLearning.pdfEssentialsOfMachineLearning.pdf
EssentialsOfMachineLearning.pdfAnkita Tiwari
 
Deep Learning: concepts and use cases (October 2018)
Deep Learning: concepts and use cases (October 2018)Deep Learning: concepts and use cases (October 2018)
Deep Learning: concepts and use cases (October 2018)Julien SIMON
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Presentation on supervised learning
Presentation on supervised learningPresentation on supervised learning
Presentation on supervised learningTonmoy Bhagawati
 
Feature selection concepts and methods
Feature selection concepts and methodsFeature selection concepts and methods
Feature selection concepts and methodsReza Ramezani
 
Supervised Machine Learning
Supervised Machine LearningSupervised Machine Learning
Supervised Machine LearningAnkit Rai
 
Logistic regression
Logistic regressionLogistic regression
Logistic regressionMartinHogg9
 
Generative Adversarial Network (+Laplacian Pyramid GAN)
Generative Adversarial Network (+Laplacian Pyramid GAN)Generative Adversarial Network (+Laplacian Pyramid GAN)
Generative Adversarial Network (+Laplacian Pyramid GAN)NamHyuk Ahn
 
DQN (Deep Q-Network)
DQN (Deep Q-Network)DQN (Deep Q-Network)
DQN (Deep Q-Network)Dong Guo
 
Reinforcement Learning
Reinforcement LearningReinforcement Learning
Reinforcement LearningSalem-Kabbani
 
An introduction to deep reinforcement learning
An introduction to deep reinforcement learningAn introduction to deep reinforcement learning
An introduction to deep reinforcement learningBig Data Colombia
 
Feature Selection in Machine Learning
Feature Selection in Machine LearningFeature Selection in Machine Learning
Feature Selection in Machine LearningUpekha Vandebona
 
Deep Learning - A Literature survey
Deep Learning - A Literature surveyDeep Learning - A Literature survey
Deep Learning - A Literature surveyAkshay Hegde
 
Reinforcement Learning
Reinforcement LearningReinforcement Learning
Reinforcement Learningbutest
 
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...Logistic Regression | Logistic Regression In Python | Machine Learning Algori...
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...Simplilearn
 
Linear regression
Linear regressionLinear regression
Linear regressionMartinHogg9
 
Support Vector Machines
Support Vector MachinesSupport Vector Machines
Support Vector Machinesnextlib
 
Generative adversarial networks
Generative adversarial networksGenerative adversarial networks
Generative adversarial networksë‚šìŁŒ êč€
 
Linear Regression and Logistic Regression in ML
Linear Regression and Logistic Regression in MLLinear Regression and Logistic Regression in ML
Linear Regression and Logistic Regression in MLKumud Arora
 
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...Linear Regression Analysis | Linear Regression in Python | Machine Learning A...
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...Simplilearn
 
k Nearest Neighbor
k Nearest Neighbork Nearest Neighbor
k Nearest Neighborbutest
 
Reinforcement learning
Reinforcement learningReinforcement learning
Reinforcement learningDing Li
 

Was ist angesagt? (20)

Presentation on supervised learning
Presentation on supervised learningPresentation on supervised learning
Presentation on supervised learning
 
Feature selection concepts and methods
Feature selection concepts and methodsFeature selection concepts and methods
Feature selection concepts and methods
 
Supervised Machine Learning
Supervised Machine LearningSupervised Machine Learning
Supervised Machine Learning
 
Logistic regression
Logistic regressionLogistic regression
Logistic regression
 
Generative Adversarial Network (+Laplacian Pyramid GAN)
Generative Adversarial Network (+Laplacian Pyramid GAN)Generative Adversarial Network (+Laplacian Pyramid GAN)
Generative Adversarial Network (+Laplacian Pyramid GAN)
 
DQN (Deep Q-Network)
DQN (Deep Q-Network)DQN (Deep Q-Network)
DQN (Deep Q-Network)
 
Reinforcement Learning
Reinforcement LearningReinforcement Learning
Reinforcement Learning
 
An introduction to deep reinforcement learning
An introduction to deep reinforcement learningAn introduction to deep reinforcement learning
An introduction to deep reinforcement learning
 
Feature Selection in Machine Learning
Feature Selection in Machine LearningFeature Selection in Machine Learning
Feature Selection in Machine Learning
 
Deep Learning - A Literature survey
Deep Learning - A Literature surveyDeep Learning - A Literature survey
Deep Learning - A Literature survey
 
Reinforcement Learning
Reinforcement LearningReinforcement Learning
Reinforcement Learning
 
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...Logistic Regression | Logistic Regression In Python | Machine Learning Algori...
Logistic Regression | Logistic Regression In Python | Machine Learning Algori...
 
Linear regression
Linear regressionLinear regression
Linear regression
 
Support Vector Machines
Support Vector MachinesSupport Vector Machines
Support Vector Machines
 
Generative adversarial networks
Generative adversarial networksGenerative adversarial networks
Generative adversarial networks
 
Linear Regression and Logistic Regression in ML
Linear Regression and Logistic Regression in MLLinear Regression and Logistic Regression in ML
Linear Regression and Logistic Regression in ML
 
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...Linear Regression Analysis | Linear Regression in Python | Machine Learning A...
Linear Regression Analysis | Linear Regression in Python | Machine Learning A...
 
k Nearest Neighbor
k Nearest Neighbork Nearest Neighbor
k Nearest Neighbor
 
Reinforcement learning
Reinforcement learningReinforcement learning
Reinforcement learning
 
Supervised learning
Supervised learning Supervised learning
Supervised learning
 

Ähnlich wie Causative Adversarial Learning

EssentialsOfMachineLearning.pdf
EssentialsOfMachineLearning.pdfEssentialsOfMachineLearning.pdf
EssentialsOfMachineLearning.pdfAnkita Tiwari
 
Deep Learning: concepts and use cases (October 2018)
Deep Learning: concepts and use cases (October 2018)Deep Learning: concepts and use cases (October 2018)
Deep Learning: concepts and use cases (October 2018)Julien SIMON
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101Felipe Prado
 
Machine Duping 101: Pwning Deep Learning Systems
Machine Duping 101: Pwning Deep Learning SystemsMachine Duping 101: Pwning Deep Learning Systems
Machine Duping 101: Pwning Deep Learning SystemsClarence Chio
 
How Can Machine Learning Help Your Research Forward?
How Can Machine Learning Help Your Research Forward?How Can Machine Learning Help Your Research Forward?
How Can Machine Learning Help Your Research Forward?Wouter Deconinck
 
Deep learning - a primer
Deep learning - a primerDeep learning - a primer
Deep learning - a primerUwe Friedrichsen
 
Deep learning - a primer
Deep learning - a primerDeep learning - a primer
Deep learning - a primerShirin Elsinghorst
 
.NET Fest 2017. Đ˜ĐłĐŸŃ€ŃŒ ĐšĐŸŃ‡Đ”Ń‚ĐŸĐČ. КлассОфОĐșацоя Ń€Đ”Đ·ŃƒĐ»ŃŒŃ‚Đ°Ń‚ĐŸĐČ Ń‚Đ”ŃŃ‚ĐžŃ€ĐŸĐČĐ°ĐœĐžŃ ĐżŃ€ĐŸĐžĐ·ĐČĐŸ...
.NET Fest 2017. Đ˜ĐłĐŸŃ€ŃŒ ĐšĐŸŃ‡Đ”Ń‚ĐŸĐČ. КлассОфОĐșацоя Ń€Đ”Đ·ŃƒĐ»ŃŒŃ‚Đ°Ń‚ĐŸĐČ Ń‚Đ”ŃŃ‚ĐžŃ€ĐŸĐČĐ°ĐœĐžŃ ĐżŃ€ĐŸĐžĐ·ĐČĐŸ....NET Fest 2017. Đ˜ĐłĐŸŃ€ŃŒ ĐšĐŸŃ‡Đ”Ń‚ĐŸĐČ. КлассОфОĐșацоя Ń€Đ”Đ·ŃƒĐ»ŃŒŃ‚Đ°Ń‚ĐŸĐČ Ń‚Đ”ŃŃ‚ĐžŃ€ĐŸĐČĐ°ĐœĐžŃ ĐżŃ€ĐŸĐžĐ·ĐČĐŸ...
.NET Fest 2017. Đ˜ĐłĐŸŃ€ŃŒ ĐšĐŸŃ‡Đ”Ń‚ĐŸĐČ. КлассОфОĐșацоя Ń€Đ”Đ·ŃƒĐ»ŃŒŃ‚Đ°Ń‚ĐŸĐČ Ń‚Đ”ŃŃ‚ĐžŃ€ĐŸĐČĐ°ĐœĐžŃ ĐżŃ€ĐŸĐžĐ·ĐČĐŸ...NETFest
 
Intro to machine learning
Intro to machine learningIntro to machine learning
Intro to machine learningAkshay Kanchan
 
Machine Learning - Lecture1.pptx.pdf
Machine Learning - Lecture1.pptx.pdfMachine Learning - Lecture1.pptx.pdf
Machine Learning - Lecture1.pptx.pdfNsitTech
 
deepnet-lourentzou.ppt
deepnet-lourentzou.pptdeepnet-lourentzou.ppt
deepnet-lourentzou.pptyang947066
 
Brief Tour of Machine Learning
Brief Tour of Machine LearningBrief Tour of Machine Learning
Brief Tour of Machine Learningbutest
 
Learning when to give up: theory, practice and perspectives
Learning when to give up: theory, practice and perspectivesLearning when to give up: theory, practice and perspectives
Learning when to give up: theory, practice and perspectivesGiuseppe (Pino) Di Fabbrizio
 
DeepLearningLecture.pptx
DeepLearningLecture.pptxDeepLearningLecture.pptx
DeepLearningLecture.pptxssuserf07225
 
Machine learning Introduction
Machine learning IntroductionMachine learning Introduction
Machine learning IntroductionDong Guo
 
Lecture 09(introduction to machine learning)
Lecture 09(introduction to machine learning)Lecture 09(introduction to machine learning)
Lecture 09(introduction to machine learning)Jeet Das
 
Intro to Machine Learning by Microsoft Ventures
Intro to Machine Learning by Microsoft VenturesIntro to Machine Learning by Microsoft Ventures
Intro to Machine Learning by Microsoft Venturesmicrosoftventures
 
Getting started with Machine Learning
Getting started with Machine LearningGetting started with Machine Learning
Getting started with Machine LearningGaurav Bhalotia
 

Ähnlich wie Causative Adversarial Learning (20)

EssentialsOfMachineLearning.pdf
EssentialsOfMachineLearning.pdfEssentialsOfMachineLearning.pdf
EssentialsOfMachineLearning.pdf
 
Deep Learning: concepts and use cases (October 2018)
Deep Learning: concepts and use cases (October 2018)Deep Learning: concepts and use cases (October 2018)
Deep Learning: concepts and use cases (October 2018)
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
 
Machine Duping 101: Pwning Deep Learning Systems
Machine Duping 101: Pwning Deep Learning SystemsMachine Duping 101: Pwning Deep Learning Systems
Machine Duping 101: Pwning Deep Learning Systems
 
How Can Machine Learning Help Your Research Forward?
How Can Machine Learning Help Your Research Forward?How Can Machine Learning Help Your Research Forward?
How Can Machine Learning Help Your Research Forward?
 
Deep learning - a primer
Deep learning - a primerDeep learning - a primer
Deep learning - a primer
 
Deep learning - a primer
Deep learning - a primerDeep learning - a primer
Deep learning - a primer
 
.NET Fest 2017. Đ˜ĐłĐŸŃ€ŃŒ ĐšĐŸŃ‡Đ”Ń‚ĐŸĐČ. КлассОфОĐșацоя Ń€Đ”Đ·ŃƒĐ»ŃŒŃ‚Đ°Ń‚ĐŸĐČ Ń‚Đ”ŃŃ‚ĐžŃ€ĐŸĐČĐ°ĐœĐžŃ ĐżŃ€ĐŸĐžĐ·ĐČĐŸ...
.NET Fest 2017. Đ˜ĐłĐŸŃ€ŃŒ ĐšĐŸŃ‡Đ”Ń‚ĐŸĐČ. КлассОфОĐșацоя Ń€Đ”Đ·ŃƒĐ»ŃŒŃ‚Đ°Ń‚ĐŸĐČ Ń‚Đ”ŃŃ‚ĐžŃ€ĐŸĐČĐ°ĐœĐžŃ ĐżŃ€ĐŸĐžĐ·ĐČĐŸ....NET Fest 2017. Đ˜ĐłĐŸŃ€ŃŒ ĐšĐŸŃ‡Đ”Ń‚ĐŸĐČ. КлассОфОĐșацоя Ń€Đ”Đ·ŃƒĐ»ŃŒŃ‚Đ°Ń‚ĐŸĐČ Ń‚Đ”ŃŃ‚ĐžŃ€ĐŸĐČĐ°ĐœĐžŃ ĐżŃ€ĐŸĐžĐ·ĐČĐŸ...
.NET Fest 2017. Đ˜ĐłĐŸŃ€ŃŒ ĐšĐŸŃ‡Đ”Ń‚ĐŸĐČ. КлассОфОĐșацоя Ń€Đ”Đ·ŃƒĐ»ŃŒŃ‚Đ°Ń‚ĐŸĐČ Ń‚Đ”ŃŃ‚ĐžŃ€ĐŸĐČĐ°ĐœĐžŃ ĐżŃ€ĐŸĐžĐ·ĐČĐŸ...
 
ML basics.pptx
ML basics.pptxML basics.pptx
ML basics.pptx
 
Intro to machine learning
Intro to machine learningIntro to machine learning
Intro to machine learning
 
Machine Learning - Lecture1.pptx.pdf
Machine Learning - Lecture1.pptx.pdfMachine Learning - Lecture1.pptx.pdf
Machine Learning - Lecture1.pptx.pdf
 
deepnet-lourentzou.ppt
deepnet-lourentzou.pptdeepnet-lourentzou.ppt
deepnet-lourentzou.ppt
 
Brief Tour of Machine Learning
Brief Tour of Machine LearningBrief Tour of Machine Learning
Brief Tour of Machine Learning
 
Learning when to give up: theory, practice and perspectives
Learning when to give up: theory, practice and perspectivesLearning when to give up: theory, practice and perspectives
Learning when to give up: theory, practice and perspectives
 
AI and Deep Learning
AI and Deep Learning AI and Deep Learning
AI and Deep Learning
 
DeepLearningLecture.pptx
DeepLearningLecture.pptxDeepLearningLecture.pptx
DeepLearningLecture.pptx
 
Machine learning Introduction
Machine learning IntroductionMachine learning Introduction
Machine learning Introduction
 
Lecture 09(introduction to machine learning)
Lecture 09(introduction to machine learning)Lecture 09(introduction to machine learning)
Lecture 09(introduction to machine learning)
 
Intro to Machine Learning by Microsoft Ventures
Intro to Machine Learning by Microsoft VenturesIntro to Machine Learning by Microsoft Ventures
Intro to Machine Learning by Microsoft Ventures
 
Getting started with Machine Learning
Getting started with Machine LearningGetting started with Machine Learning
Getting started with Machine Learning
 

KĂŒrzlich hochgeladen

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

KĂŒrzlich hochgeladen (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Causative Adversarial Learning

  • 1. Causative Adversarial Learning Huang Xiao, am 24.06.2015 xiaohu(at)in.tum.de Talk presented on Deep Learning in Action @Munich
  • 2. Motivation Deep networks can be easily fooled 
 [1] Evolution Algor. generated images 99.99% confidence “It turns out some DNNs only focus on discriminative features in images.” [1] Nguyen A, Yosinski J, Clune J. Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. In Computer Vision and Pattern Recognition (CVPR '15), IEEE, 2015.
  • 4. Google brain, 16000 CPUs Learning is expensive! Motivation
  • 5. Adversarial Learning Reverse engineering of machine learning. It aims to design robust and secure learning algorithms.
  • 6. Big Picture Are the modern learning systems really secure? Training dataset Model Test (Validation) dataset Training Test Update ● Increase test error ● Reduce learning accuracy ● Fool the intelligent system ● Achieve personal gain
  • 7. Big Picture Are the modern learning systems really secure? Training dataset Model Test (Validation) dataset Training Test Update Causative Attack Exploratory Attack
  • 8. Attack’s capability Access to Data Knowledge about features Knowledge about the classifier Limited Knowledge Partially Maybe Yes Perfect Knowledge Yes Yes Yes These are real inputs from users.
  • 9. Basics ❏ Observations ❏ True signal: ❏ Polynomial curve fitting ❏ is unknown ❏ => learn the green curve Observation Original signal
  • 10. Least square Training Minimize empirical squared error. Estimated output Observed output
  • 11. Least square Training Minimize empirical squared error. Overfitting Estimated output Observed output
  • 12. Overfitting ❏ Bad on unseen test set ❏ Central problem of ML. ❏ Generalization ❏ E.g., regularization, prior, more data, model selection
  • 13. Bias-Variance ❏ Trade off ❏ Overfitting == low bias, high variance ❏ Underfitting == high bias, low variance ❏ Noise is dominating! W is very sensitive Bias Variance Decomposition
  • 15. Types of Adversaries ● Causative Attack (Poisoning) ○ Understanding how the learning algorithms work ○ Engineering on features or labels of training set ○ Change the discriminant function ● Exploratory Attack (Evasion) ○ Engineering features of a test point ○ Circumvent the legitimate detection ○ Change the discriminant result
  • 16. Types of Adversaries ● Causative Attack (Poisoning) ○ Understanding how the learning algorithms work ○ Engineering on features or labels of training set ○ Change the discriminant function ● Exploratory Attack (Evasion) ○ Engineering features of a test point ○ Circumvent the legitimate detection ○ Change the discriminant result
  • 17. Label Noises on SVM ● SVM: One of the state-of-art classifier ● Binary case: +1, -1 ● Label flips attack under a certain budget ● Maximizing error on validation set ● Methods: ○ ALFA ○ Distance based: far-first, near-first, random ○ Continuous relaxation gradient ascend ○ Correlated cluster
  • 18. Basics We measure the error on a validation set using the function trained on training set. A training data set A validation data set Classifier trained on Regularization coefficient Risk measurement on validation set
  • 21. Huang Xiao, B. Biggio, B. Nelson, Han Xiao, C. Eckert, and F. Roli, “Support Vector Machines under Adversarial Label Contamination”, Neurocomputing, vol. Special Issue on Advances in Learning with Label Noise, In Press.
  • 22. Poisoning Attack on SVM ● Noises on features, not on labels ● Design a malicious training point ● Maximizing the error (e.g., test error, hinge loss, ...) ● Gradient ascend
  • 23. How to? Retrain the SVM after injecting a malicious point ,, , move the point such that the classification error on validation set is maximized. Validation data set with m samples SVM trained on training set with a malicious point
  • 26. B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines”, in 29th Int'l Conf. on Machine Learning (ICML), 2012.
  • 27. Walking example B. Biggio, B. Nelson, and P. Laskov, “Poisoning attacks against support vector machines”, in 29th Int'l Conf. on Machine Learning (ICML), 2012 You can: ● Mimic the ‘9’ as ‘8’ or, ● Label a ‘9’ as a ‘8’
  • 28. Poisoning Lasso ● Lasso: feature selection, more generally, L1 regularization ● Feature selection is often the first step for many learning system ● Other targets: Rigid regression, elastic network ● Gradient based method
  • 29. Lasso Capture the most relevant features in data set automatically by shrinking the feature weights. from: Tibshirani, R. (1996). Regression shrinkage and selection via the lasso. J. Royal. Statist. Soc B., Vol. 58, No. 1, pages 267- 288).
  • 30. Feature selection x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 5.1 4.6 4.5 4.0 4.0 1.8 0 0 0 0 Non-zero (weight) features are selected for next stage training!
  • 31. Feature selection x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 5.13.64.23.14.21.80000 Non-zero (weight) features are selected for next stage training! Adding a malicious point Training set
  • 32. Intuition # features #Samples # features #Samples #samples â‰Ș #features #samples ≫ #features
  • 33. Intuition # features #Samples # features #Samples #samples â‰Ș #features #samples ≫ #features Danger!
  • 34. Add some random noises
  • 35. Research goals ● Investigating robustness of feature selection algorithms ● Design a multiple point attack method ● Warning: feature selection might not be reliable ● A gradient based poisoning framework
  • 36. Objective function We inject a malicious point to form a new compromised Data . Variable: , we are maximising w.r.t Remark that is learnt on contaminated data . Maximise Generalization Error!
  • 38. Demonstration Error surface Initial attack point on each (x, y) Xiao, Huang, Battista Biggio, Gavin Brown, Giorgio Fumera, Claudia Eckert, and Fabio Roli. Is Feature Selection Secure against Training Data Poisoning?. In ICML'15,Lille, France, July 2015.
  • 39. Demonstration Gradient ascend path Xiao, Huang, Battista Biggio, Gavin Brown, Giorgio Fumera, Claudia Eckert, and Fabio Roli. Is Feature Selection Secure against Training Data Poisoning?. In ICML'15,Lille, France, July 2015.
  • 40. Wrap up ● Don’t expect your algorithms too fancy ● Don’t expect adversaries too silly ● Setup objective and do the worst-case study ● Machine learning needs to be more robust ● There’s no innocent data