SlideShare ist ein Scribd-Unternehmen logo

Security of Machine Learning

Institute of Contemporary Sciences
Institute of Contemporary Sciences

I will first introduce adversarial machine learning, emerging research direction dealing with security aspects of machine learning. Then, I will explain poisoning and evasion attacks, followed by the description of transferability phenomena. Finally, I will talk about the proposed defenses against such types of attacks and their effectiveness.

Daten & Analysen
1 von 45
Downloaden Sie, um offline zu lesen
Security of Machine Learning Jelena Milošević TU Wien
My Work Malware detection [C&S-19, FPS-18, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14] Face recognition [arxiv-18] Anomaly detection [IJCNN-18] Failure prediction [CINC-14] Machine Learning for Security 2
My Work Malware detection [C&S-19, FPS-18, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14] Face recognition [arxiv-18] Anomaly detection [IJCNN-18] Failure prediction [CINC-14] Machine Learning for Security Attacks against ML [In submission] Robust defences [FSS-18] Explainable ML 3 Security of Machine Learning
My Work Malware detection [C&S-19, FPS-18, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14] Face recognition [arxiv-18] Anomaly detection [IJCNN-18] Failure prediction [CINC-14] Machine Learning for Security Attacks against ML [In submission] Robust defences [FSS-18] Explainable ML Mobile systems [C&S-19, FPS-18, HST-17, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14], Embedded systems [IJCNN-18, arxiv-18, CINC-14,SECRYPT-14,SECRYPT-13], Communication Networks [WIP] 4 Security of Machine Learning Application Domains
My Work Malware detection [C&S-19, FPS-18, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14] Face recognition [arxiv-18] Anomaly detection [IJCNN-18] Failure prediction [CINC-14] Machine Learning for Security Attacks against ML [In submission] Robust defences [FSS-18] Explainable ML Mobile systems [C&S-19, FPS-18, HST-17, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14], Embedded systems [IJCNN-18, arxiv-18, CINC-14,SECRYPT-14,SECRYPT-13], Communication Networks [WIP] 5 Security of Machine Learning Application Domains
Why Do We Need Secure Machine Learning? ● Machine learning is: ○ more and more deployed in practice ○ frequently used in automated manner ○ used to protect safety critical infrastructure
Why Do We Need Secure Machine Learning? ● Machine learning is: ○ more and more deployed in practice ○ frequently used in automated manner ○ used to protect safety critical infrastructure ● At the same time ML is: ○ same as any other software and it has vulnerabilities that can be exploited ○ shown to have some inherent algorithms weaknesses and blind spots ○ black box approach
Why Do We Need Secure Machine Learning? ● Machine learning is: ○ more and more deployed in practice ○ frequently used in automated manner ○ used to protect safety critical infrastructure ● At the same time ML is: ○ same as any other software and it has vulnerabilities that can be exploited ○ shown to have some inherent algorithms weaknesses and blind spots ○ black box approach This Talk: Before relying on ML deployed in practice we need to understand where and how these systems fail
Feature selection Selection of the best performing algorithm Dataset Training 9 Machine Learning - Main Steps of Deployment
Feature selection Selection of the best performing algorithm Dataset Training 10 Machine Learning - Main Steps of Deployment
Feature selection Selection of the best performing algorithm Dataset Training 11 Deployment Machine Learning - Main Steps of Deployment
What Can Go Wrong with Machine Learning? Confidentiality Integrity Availability Training Deployment Model stealing Model inversion Membership inference attack
What Can Go Wrong with Machine Learning? Confidentiality Integrity Availability Training Poisoning Deployment Model stealing Model inversion Membership inference attack Evasion
What Can Go Wrong with Machine Learning? Confidentiality Integrity Availability Training Poisoning Poisoning Deployment Model stealing Model inversion Membership inference attack Evasion Increasing false positives
What Can Go Wrong with Machine Learning? Confidentiality Integrity Availability Training Poisoning Poisoning Deployment Model stealing Model inversion Membership inference attack Evasion Increasing false positives
Poisoning Attack on Machine Learning 16 Feature selection Selection of the best performing algorithm Dataset Training Deployment
Poisoning Attack on Machine Learning 17 Feature selection Selection of the best performing algorithm Dataset Training Deployment Poisoning attack!
Poisoning Attack on Machine Learning 18 Feature selection Selection of the best performing algorithm Dataset Training Deployment Poisoning attack!
Poisoning Attack Example 19 Source: https://github.com/oreilly-mlsec/book-resources/blob/master/chapter8/figures/8-02-indiscriminate-poisoning-translation.png
Feature selection Selection of the best performing algorithm Dataset Training 20 Deployment Evasion Attack on Machine Learning
Evasion Attack on Machine Learning 21 Feature selection Selection of the best performing algorithm Dataset Training Deployment Evasion attack!
Evasion Attack on Machine Learning 22 Feature selection Selection of the best performing algorithm Dataset Training Deployment Evasion attack! Adversarial Sample
Adversarial Samples on Face Recognition DNNs Example of adversarial glasses Sharif et al, Accessorize to a Crime: Real and stealthy attacks on state of the art face recognition, ACM CCS 2016
Adversarial Samples on Face Recognition DNNs Example of adversarial glasses Sharif et al, Accessorize to a Crime: Real and stealthy attacks on state of the art face recognition, ACM CCS 2016
Adversarial Samples in the Physical World Athalye et al, Synthesizing Robust Adversarial Examples https://arxiv.org/pdf/1707.07397.pdf
Adversarial Samples in the Physical World 26 Human Machine Learning System
Adversarial Samples in the Physical World 27 Human Machine Learning System
Adversarial Samples in the Physical World 28 Human Machine Learning System Generation of adversarial samples can be automated! [Goodfellow et al., Papernot et al.]
Adversarial Samples in the Physical World 29 Human Machine Learning System Generation of adversarial samples can be automated! [Goodfellow et al., Papernot et al.] Evasion attacks transfer between different machine learning techniques! [Szegedy et al., Papernot et al.]
Automation of Evasion Attacks Attacks Pros Cons Fast Gradient Sign Method (FGSM) [1] Fastest speed Low computation cost Large perturbations Jacobian Saliency Map Attack (JSMA) [2] Small perturbations High computational costs Carlini Wagner (CW) [3] Minimum perturbations Slowest speed, high computational cost [1] Goodfellow et al, Explaining and Harnessing Adversarial Samples https://arxiv.org/abs/1412.6572 [2] Papernot et al, The Limitations of Deep Learning in Adversarial Settings https://arxiv.org/pdf/1511.07528.pdf [3] Carlini et al, Towards Evaluating the Robustness of Neural Networks https://arxiv.org/pdf/1608.04644.pdf
Libraries to Generate Adversarial Samples ● Cleverhans ○ https://github.com/tensorflow/cleverhans ● SecML ○ https://gitlab.com/secml/secml ● IBM Adversarial Robustness Toolbox (ART) ○ https://developer.ibm.com/open/projects/adversarial-robustness-toolbox/ ● Foolbox ○ https://github.com/bethgelab/foolbox
Transferability of Evasion Attacks 32 ● Instances crafted to cause misclassifications on one machine learning system often cause misclassifications on other machine learning systems, too. ● Adversarial samples transfer between same machine learning techniques. ● Adversarial samples transfer across different machine learning techniques.
Effects of Transferability Image source Papernot et al, Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples https://arxiv.org/abs/1605.07277
Why Such Attacks Happen? ● Learning algorithms overemphasize importance of some features ○ Even small modifications of such features can cause large changes to the prediction outcome [1] ● Different classifiers tend to find the same set of relevant features ○ Which facilitates attacks to transfer across the models [2] [1] Simon-Gabriel at al, First-order Adversarial Vulnerability of Neural Networks and Input Dimension https://arxiv.org/abs/1802.01421 [2] Demontis et al, Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion andPoisoning Attacks https://arxiv.org/pdf/1809.02861.pdf
Can We Defend?
Defenses Against Poisoning Attacks ● Exclude instances with significant negative impact ○ Reject on Negative Impact defence ○ Avoid to assign regions far from training data marked as legitimate ● Data sanitization ○ remove poisoning samples from training data using outlier detection and data filtering
Defenses Against Evasion Attacks ● Ensemble ● Adversarial retraining ● Defensive distillation ● Dimensionality reduction ● Regularization ● Using fuzzy boundaries and membership score as a feature
Defenses Against Evasion Attacks ● Ensemble ● Adversarial retraining ● Defensive distillation ● Dimensionality reduction ● Regularization ● Using fuzzy boundaries and membership score as a feature Recent work [1] has shown that all these defences can be evaded under some circumstances [1] Carlini et al, Adversarial Examples Are Not Easily Detected:Bypassing Ten Detection Methods https://nicholas.carlini.com/papers/2017_aisec_breakingdetection.pdf
Defenses Against Evasion Attacks ● Ensemble ● Adversarial retraining ● Defensive distillation ● Dimensionality reduction ● Regularization ● Using fuzzy boundaries and membership score as a feature Recent work [1] has shown that all these defences can be evaded under some circumstances Existing defences lack thorough security evaluation [1] Carlini et al, Adversarial Examples Are Not Easily Detected:Bypassing Ten Detection Methods https://nicholas.carlini.com/papers/2017_aisec_breakingdetection.pdf
Defenses Against Evasion Attacks ● Ensemble ● Adversarial retraining ● Defensive distillation ● Dimensionality reduction ● Regularization ● Using fuzzy boundaries and membership score as a feature Recent work [1] has shown that all these defences can be evaded under some circumstances Existing defences lack thorough security evaluation Adversarial examples are much more difficult to detect than previously recognized [1] Carlini et al, Adversarial Examples Are Not Easily Detected:Bypassing Ten Detection Methods https://nicholas.carlini.com/papers/2017_aisec_breakingdetection.pdf
Other Vulnerabilities of Machine Learning ● Accountability ● Transparency ● Explainability ● Bias and fairness
Takeaways ● Security of ML is of growing concern ○ Machine learning is proven to be vulnerable to a set of attacks ○ Some of the attacks are transferable and can be automated
Takeaways ● Security of ML is of growing concern ○ Machine learning is proven to be vulnerable to a set of attacks ○ Some of the attacks are transferable and can be automated ● Active countermeasures in order to secure ML should be adopted ○ Some defenses are already proposed but they are still not effective enough ○ Lessons and best practices from security domain should be adapted
Takeaways ● Security of ML is of growing concern ○ Machine learning is proven to be vulnerable to a set of attacks ○ Some of the attacks are transferable and can be automated ● Active countermeasures in order to secure ML should be adopted ○ Some defenses are already proposed but they are still not effective enough ○ Lessons and best practices from security domain should be adapted ● Many open problems ○ Some examples are: better defenses, bias, privacy, lack of transparency ○ Future work needed
Takeaways ● Security of ML is of growing concern ○ Machine learning is proven to be vulnerable to a set of attacks ○ Some of the attacks are transferable and can be automated ● Active countermeasures in order to secure ML should be adopted ○ Some defenses are already proposed but they are still not effective enough ○ Lessons and best practices from security domain should be adapted ● Many open problems ○ Some examples are: better defenses, bias, privacy, lack of transparency ○ Future work needed Jelena Milošević jelena.milosevic@nt.tuwien.ac.at https://www.linkedin.com/in/milosevicjelena @DrMrLena Questions?

Empfohlen

Security and Privacy of Machine Learning
Security and Privacy of Machine LearningSecurity and Privacy of Machine Learning
Security and Privacy of Machine Learning
Priyanka Aash
 
Adversarial Attacks on A.I. Systems — NextCon, Jan 2019
Adversarial Attacks on A.I. Systems — NextCon, Jan 2019Adversarial Attacks on A.I. Systems — NextCon, Jan 2019
Adversarial Attacks on A.I. Systems — NextCon, Jan 2019
anant90
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
Defending deep learning from adversarial attacks
Defending deep learning from adversarial attacksDefending deep learning from adversarial attacks
Defending deep learning from adversarial attacks
Svetlana Levitan, PhD
 
Adversarial Attacks and Defense
Adversarial Attacks and DefenseAdversarial Attacks and Defense
Adversarial Attacks and Defense
Kishor Datta Gupta
 
Adversarial Attacks and Defenses in Deep Learning.pdf
Adversarial Attacks and Defenses in Deep Learning.pdfAdversarial Attacks and Defenses in Deep Learning.pdf
Adversarial Attacks and Defenses in Deep Learning.pdf
MichelleHoogenhout
 
Privacy preserving machine learning
Privacy preserving machine learningPrivacy preserving machine learning
Privacy preserving machine learning
Michał Kuźba
 
Big Data Helsinki v 3 | "Federated Learning and Privacy-preserving AI" - Oguz...
Big Data Helsinki v 3 | "Federated Learning and Privacy-preserving AI" - Oguz...Big Data Helsinki v 3 | "Federated Learning and Privacy-preserving AI" - Oguz...
Big Data Helsinki v 3 | "Federated Learning and Privacy-preserving AI" - Oguz...
Dataconomy Media
 

Empfohlen

Security and Privacy of Machine Learning
Security and Privacy of Machine LearningSecurity and Privacy of Machine Learning
Security and Privacy of Machine Learning
Priyanka Aash
 
Adversarial Attacks on A.I. Systems — NextCon, Jan 2019
Adversarial Attacks on A.I. Systems — NextCon, Jan 2019Adversarial Attacks on A.I. Systems — NextCon, Jan 2019
Adversarial Attacks on A.I. Systems — NextCon, Jan 2019
anant90
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
Defending deep learning from adversarial attacks
Defending deep learning from adversarial attacksDefending deep learning from adversarial attacks
Defending deep learning from adversarial attacks
Svetlana Levitan, PhD
 
Adversarial Attacks and Defense
Adversarial Attacks and DefenseAdversarial Attacks and Defense
Adversarial Attacks and Defense
Kishor Datta Gupta
 
Adversarial Attacks and Defenses in Deep Learning.pdf
Adversarial Attacks and Defenses in Deep Learning.pdfAdversarial Attacks and Defenses in Deep Learning.pdf
Adversarial Attacks and Defenses in Deep Learning.pdf
MichelleHoogenhout
 
Privacy preserving machine learning
Privacy preserving machine learningPrivacy preserving machine learning
Privacy preserving machine learning
Michał Kuźba
 
Big Data Helsinki v 3 | "Federated Learning and Privacy-preserving AI" - Oguz...
Big Data Helsinki v 3 | "Federated Learning and Privacy-preserving AI" - Oguz...Big Data Helsinki v 3 | "Federated Learning and Privacy-preserving AI" - Oguz...
Big Data Helsinki v 3 | "Federated Learning and Privacy-preserving AI" - Oguz...
Dataconomy Media
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty
 
Federated Machine Learning Framework
Federated Machine Learning FrameworkFederated Machine Learning Framework
Federated Machine Learning Framework
Anup kumar
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
Pratap Dangeti
 
Synthetic Data Generation with DoppelGanger
Synthetic Data Generation with DoppelGangerSynthetic Data Generation with DoppelGanger
Synthetic Data Generation with DoppelGanger
QuantUniversity
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
Lior Rokach
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
Dr. Umesh Rao.Hodeghatta
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
 
Responsible AI
Responsible AIResponsible AI
Responsible AI
Neo4j
 
Detection of fraud in financial blockchain-based transactions through big dat...
Detection of fraud in financial blockchain-based transactions through big dat...Detection of fraud in financial blockchain-based transactions through big dat...
Detection of fraud in financial blockchain-based transactions through big dat...
CARLOS III UNIVERSITY OF MADRID
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
Machine Learning Final presentation
Machine Learning Final presentation Machine Learning Final presentation
Machine Learning Final presentation
AyanaRukasar
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
MITRE - ATT&CKcon
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
Edge AI and Vision Alliance
 
Responsible AI in Industry: Practical Challenges and Lessons Learned
Responsible AI in Industry: Practical Challenges and Lessons LearnedResponsible AI in Industry: Practical Challenges and Lessons Learned
Responsible AI in Industry: Practical Challenges and Lessons Learned
Krishnaram Kenthapadi
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
scoopnewsgroup
 
Fairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsFairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML Systems
Krishnaram Kenthapadi
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
Security in Machine Learning
Security in Machine LearningSecurity in Machine Learning
Security in Machine Learning
Flavio Clesio
 
Adversarial ml
Adversarial mlAdversarial ml
Adversarial ml
JunfeiWang1
 

Weitere ähnliche Inhalte

Was ist angesagt?

AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty
 
Synthetic Data Generation with DoppelGanger
Synthetic Data Generation with DoppelGangerSynthetic Data Generation with DoppelGanger
Synthetic Data Generation with DoppelGanger
QuantUniversity
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
Lior Rokach
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
Dr. Umesh Rao.Hodeghatta
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
MITRE - ATT&CKcon
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
Edge AI and Vision Alliance
 
Responsible AI in Industry: Practical Challenges and Lessons Learned
Responsible AI in Industry: Practical Challenges and Lessons LearnedResponsible AI in Industry: Practical Challenges and Lessons Learned
Responsible AI in Industry: Practical Challenges and Lessons Learned
Krishnaram Kenthapadi
 
Fairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsFairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML Systems
Krishnaram Kenthapadi
 

Was ist angesagt? (20)

AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
Federated Machine Learning Framework
Federated Machine Learning FrameworkFederated Machine Learning Framework
Federated Machine Learning Framework
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
 
Synthetic Data Generation with DoppelGanger
Synthetic Data Generation with DoppelGangerSynthetic Data Generation with DoppelGanger
Synthetic Data Generation with DoppelGanger
 
When Cyber Security Meets Machine Learning
When Cyber Security Meets Machine LearningWhen Cyber Security Meets Machine Learning
When Cyber Security Meets Machine Learning
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Responsible AI
Responsible AIResponsible AI
Responsible AI
 
Detection of fraud in financial blockchain-based transactions through big dat...
Detection of fraud in financial blockchain-based transactions through big dat...Detection of fraud in financial blockchain-based transactions through big dat...
Detection of fraud in financial blockchain-based transactions through big dat...
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
 
Machine Learning Final presentation
Machine Learning Final presentation Machine Learning Final presentation
Machine Learning Final presentation
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
 
Responsible AI in Industry: Practical Challenges and Lessons Learned
Responsible AI in Industry: Practical Challenges and Lessons LearnedResponsible AI in Industry: Practical Challenges and Lessons Learned
Responsible AI in Industry: Practical Challenges and Lessons Learned
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
 
Fairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsFairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML Systems
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 

Ähnlich wie Security of Machine Learning

Adversarial Attacks and Defenses in Malware Classification: A Survey
Adversarial Attacks and Defenses in Malware Classification: A SurveyAdversarial Attacks and Defenses in Malware Classification: A Survey
Adversarial Attacks and Defenses in Malware Classification: A Survey
CSCJournals
 
Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]
Chris Theisen
 
Vulnerabilities of Fingerprint Authentication Systems and Their Securities
Vulnerabilities of Fingerprint Authentication Systems and Their SecuritiesVulnerabilities of Fingerprint Authentication Systems and Their Securities
Vulnerabilities of Fingerprint Authentication Systems and Their Securities
Tanjarul Islam Mishu
 
Vulnerabilities of Fingerprint Authentication Systems and Their Securities
Vulnerabilities of Fingerprint Authentication Systems and Their SecuritiesVulnerabilities of Fingerprint Authentication Systems and Their Securities
Vulnerabilities of Fingerprint Authentication Systems and Their Securities
IJCSIS Research Publications
 

Ähnlich wie Security of Machine Learning (20)

Security in Machine Learning
Security in Machine LearningSecurity in Machine Learning
Security in Machine Learning
 
Adversarial ml
Adversarial mlAdversarial ml
Adversarial ml
 
[DSC Europe 23] Aleksandar Tomcic - Adversarial Attacks
[DSC Europe 23] Aleksandar Tomcic - Adversarial Attacks[DSC Europe 23] Aleksandar Tomcic - Adversarial Attacks
[DSC Europe 23] Aleksandar Tomcic - Adversarial Attacks
 
Adversarial Attacks and Defenses in Malware Classification: A Survey
Adversarial Attacks and Defenses in Malware Classification: A SurveyAdversarial Attacks and Defenses in Malware Classification: A Survey
Adversarial Attacks and Defenses in Malware Classification: A Survey
 
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019
 
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...
SECURING THE DIGITAL FORTRESS: ADVERSARIAL MACHINE LEARNING CHALLENGES AND CO...
 
Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]Approximating Attack Surfaces with Stack Traces [ICSE 15]
Approximating Attack Surfaces with Stack Traces [ICSE 15]
 
Adversarial Training is all you Need.pptx
Adversarial Training is all you Need.pptxAdversarial Training is all you Need.pptx
Adversarial Training is all you Need.pptx
 
Self-Learning Systems for Cyber Defense
Self-Learning Systems for Cyber DefenseSelf-Learning Systems for Cyber Defense
Self-Learning Systems for Cyber Defense
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
 
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...
 
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...
 
IET SSCS 2018
IET SSCS 2018IET SSCS 2018
IET SSCS 2018
 
Vulnerabilities of Fingerprint Authentication Systems and Their Securities
Vulnerabilities of Fingerprint Authentication Systems and Their SecuritiesVulnerabilities of Fingerprint Authentication Systems and Their Securities
Vulnerabilities of Fingerprint Authentication Systems and Their Securities
 
Vulnerabilities of Fingerprint Authentication Systems and Their Securities
Vulnerabilities of Fingerprint Authentication Systems and Their SecuritiesVulnerabilities of Fingerprint Authentication Systems and Their Securities
Vulnerabilities of Fingerprint Authentication Systems and Their Securities
 
Learning Security Strategies through Game Play and Optimal Stopping
Learning Security Strategies through Game Play and Optimal StoppingLearning Security Strategies through Game Play and Optimal Stopping
Learning Security Strategies through Game Play and Optimal Stopping
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
 
Paper-1 PPT.pptx
Paper-1 PPT.pptxPaper-1 PPT.pptx
Paper-1 PPT.pptx
 
Self-learning systems for cyber security
Self-learning systems for cyber securitySelf-learning systems for cyber security
Self-learning systems for cyber security
 

Mehr von Institute of Contemporary Sciences

Deep learning fast and slow, a responsible and explainable AI framework - Ahm...
Deep learning fast and slow, a responsible and explainable AI framework - Ahm...Deep learning fast and slow, a responsible and explainable AI framework - Ahm...
Deep learning fast and slow, a responsible and explainable AI framework - Ahm...
Institute of Contemporary Sciences
 
Application of Business Intelligence in bank risk management - Dimitar Dilov
Application of Business Intelligence in bank risk management - Dimitar DilovApplication of Business Intelligence in bank risk management - Dimitar Dilov
Application of Business Intelligence in bank risk management - Dimitar Dilov
Institute of Contemporary Sciences
 
Recommender systems for personalized financial advice from concept to product...
Recommender systems for personalized financial advice from concept to product...Recommender systems for personalized financial advice from concept to product...
Recommender systems for personalized financial advice from concept to product...
Institute of Contemporary Sciences
 
Sensor networks for personalized health monitoring - Vladimir Brusic
Sensor networks for personalized health monitoring - Vladimir BrusicSensor networks for personalized health monitoring - Vladimir Brusic
Sensor networks for personalized health monitoring - Vladimir Brusic
Institute of Contemporary Sciences
 

Mehr von Institute of Contemporary Sciences (20)

First 5 years of PSI:ML - Filip Panjevic
First 5 years of PSI:ML - Filip PanjevicFirst 5 years of PSI:ML - Filip Panjevic
First 5 years of PSI:ML - Filip Panjevic
 
Building valuable (online and offline) Data Science communities - Experience ...
Building valuable (online and offline) Data Science communities - Experience ...Building valuable (online and offline) Data Science communities - Experience ...
Building valuable (online and offline) Data Science communities - Experience ...
 
Data Science Master 4.0 on Belgrade University - Drazen Draskovic
Data Science Master 4.0 on Belgrade University - Drazen DraskovicData Science Master 4.0 on Belgrade University - Drazen Draskovic
Data Science Master 4.0 on Belgrade University - Drazen Draskovic
 
Deep learning fast and slow, a responsible and explainable AI framework - Ahm...
Deep learning fast and slow, a responsible and explainable AI framework - Ahm...Deep learning fast and slow, a responsible and explainable AI framework - Ahm...
Deep learning fast and slow, a responsible and explainable AI framework - Ahm...
 
Solving churn challenge in Big Data environment - Jelena Pekez
Solving churn challenge in Big Data environment - Jelena PekezSolving churn challenge in Big Data environment - Jelena Pekez
Solving churn challenge in Big Data environment - Jelena Pekez
 
Application of Business Intelligence in bank risk management - Dimitar Dilov
Application of Business Intelligence in bank risk management - Dimitar DilovApplication of Business Intelligence in bank risk management - Dimitar Dilov
Application of Business Intelligence in bank risk management - Dimitar Dilov
 
Trends and practical applications of AI/ML in Fin Tech industry - Milos Kosan...
Trends and practical applications of AI/ML in Fin Tech industry - Milos Kosan...Trends and practical applications of AI/ML in Fin Tech industry - Milos Kosan...
Trends and practical applications of AI/ML in Fin Tech industry - Milos Kosan...
 
Recommender systems for personalized financial advice from concept to product...
Recommender systems for personalized financial advice from concept to product...Recommender systems for personalized financial advice from concept to product...
Recommender systems for personalized financial advice from concept to product...
 
Advanced tools in real time analytics and AI in customer support - Milan Sima...
Advanced tools in real time analytics and AI in customer support - Milan Sima...Advanced tools in real time analytics and AI in customer support - Milan Sima...
Advanced tools in real time analytics and AI in customer support - Milan Sima...
 
Complex AI forecasting methods for investments portfolio optimization - Pawel...
Complex AI forecasting methods for investments portfolio optimization - Pawel...Complex AI forecasting methods for investments portfolio optimization - Pawel...
Complex AI forecasting methods for investments portfolio optimization - Pawel...
 
From Zero to ML Hero for Underdogs - Amir Tabakovic
From Zero to ML Hero for Underdogs - Amir TabakovicFrom Zero to ML Hero for Underdogs - Amir Tabakovic
From Zero to ML Hero for Underdogs - Amir Tabakovic
 
Data and data scientists are not equal to money david hoyle
Data and data scientists are not equal to money david hoyleData and data scientists are not equal to money david hoyle
Data and data scientists are not equal to money david hoyle
 
The price is right - Tomislav Krizan
The price is right - Tomislav KrizanThe price is right - Tomislav Krizan
The price is right - Tomislav Krizan
 
When it's raining gold, bring a bucket - Andjela Culibrk
When it's raining gold, bring a bucket - Andjela CulibrkWhen it's raining gold, bring a bucket - Andjela Culibrk
When it's raining gold, bring a bucket - Andjela Culibrk
 
Reality and traps of real time data engineering - Milos Solujic
Reality and traps of real time data engineering - Milos SolujicReality and traps of real time data engineering - Milos Solujic
Reality and traps of real time data engineering - Milos Solujic
 
Sensor networks for personalized health monitoring - Vladimir Brusic
Sensor networks for personalized health monitoring - Vladimir BrusicSensor networks for personalized health monitoring - Vladimir Brusic
Sensor networks for personalized health monitoring - Vladimir Brusic
 
Improving Data Quality with Product Similarity Search
Improving Data Quality with Product Similarity SearchImproving Data Quality with Product Similarity Search
Improving Data Quality with Product Similarity Search
 
Prediction of good patterns for future sales using image recognition
Prediction of good patterns for future sales using image recognitionPrediction of good patterns for future sales using image recognition
Prediction of good patterns for future sales using image recognition
 
Using data to fight corruption: full budget transparency in local government
Using data to fight corruption: full budget transparency in local governmentUsing data to fight corruption: full budget transparency in local government
Using data to fight corruption: full budget transparency in local government
 
Geospatial Analysis and Open Data - Forest and Climate
Geospatial Analysis and Open Data - Forest and ClimateGeospatial Analysis and Open Data - Forest and Climate
Geospatial Analysis and Open Data - Forest and Climate
 

Kürzlich hochgeladen

Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
amitlee9823
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
Delhi Call girls
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
MarinCaroMartnezBerg
 
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
only4webmaster01
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
amitlee9823
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
amitlee9823
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Delhi Call girls
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
Timothy Spann
 
Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter Lessons
JoseMangaJr1
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
Boston Institute of Analytics
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Kürzlich hochgeladen (20)

Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 9155563397 👗 Top Class Call Girl Service B...
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter Lessons
 
Capstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics ProgramCapstone Project on IBM Data Analytics Program
Capstone Project on IBM Data Analytics Program
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 

Security of Machine Learning

  • 2. My Work Malware detection [C&S-19, FPS-18, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14] Face recognition [arxiv-18] Anomaly detection [IJCNN-18] Failure prediction [CINC-14] Machine Learning for Security 2
  • 3. My Work Malware detection [C&S-19, FPS-18, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14] Face recognition [arxiv-18] Anomaly detection [IJCNN-18] Failure prediction [CINC-14] Machine Learning for Security Attacks against ML [In submission] Robust defences [FSS-18] Explainable ML 3 Security of Machine Learning
  • 4. My Work Malware detection [C&S-19, FPS-18, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14] Face recognition [arxiv-18] Anomaly detection [IJCNN-18] Failure prediction [CINC-14] Machine Learning for Security Attacks against ML [In submission] Robust defences [FSS-18] Explainable ML Mobile systems [C&S-19, FPS-18, HST-17, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14], Embedded systems [IJCNN-18, arxiv-18, CINC-14,SECRYPT-14,SECRYPT-13], Communication Networks [WIP] 4 Security of Machine Learning Application Domains
  • 5. My Work Malware detection [C&S-19, FPS-18, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14] Face recognition [arxiv-18] Anomaly detection [IJCNN-18] Failure prediction [CINC-14] Machine Learning for Security Attacks against ML [In submission] Robust defences [FSS-18] Explainable ML Mobile systems [C&S-19, FPS-18, HST-17, DASC-16, SECRYPT-16, CCNC-16, IWSMA-14], Embedded systems [IJCNN-18, arxiv-18, CINC-14,SECRYPT-14,SECRYPT-13], Communication Networks [WIP] 5 Security of Machine Learning Application Domains
  • 6. Why Do We Need Secure Machine Learning? ● Machine learning is: ○ more and more deployed in practice ○ frequently used in automated manner ○ used to protect safety critical infrastructure
  • 7. Why Do We Need Secure Machine Learning? ● Machine learning is: ○ more and more deployed in practice ○ frequently used in automated manner ○ used to protect safety critical infrastructure ● At the same time ML is: ○ same as any other software and it has vulnerabilities that can be exploited ○ shown to have some inherent algorithms weaknesses and blind spots ○ black box approach
  • 8. Why Do We Need Secure Machine Learning? ● Machine learning is: ○ more and more deployed in practice ○ frequently used in automated manner ○ used to protect safety critical infrastructure ● At the same time ML is: ○ same as any other software and it has vulnerabilities that can be exploited ○ shown to have some inherent algorithms weaknesses and blind spots ○ black box approach This Talk: Before relying on ML deployed in practice we need to understand where and how these systems fail
  • 9. Feature selection Selection of the best performing algorithm Dataset Training 9 Machine Learning - Main Steps of Deployment
  • 10. Feature selection Selection of the best performing algorithm Dataset Training 10 Machine Learning - Main Steps of Deployment
  • 11. Feature selection Selection of the best performing algorithm Dataset Training 11 Deployment Machine Learning - Main Steps of Deployment
  • 12. What Can Go Wrong with Machine Learning? Confidentiality Integrity Availability Training Deployment Model stealing Model inversion Membership inference attack
  • 13. What Can Go Wrong with Machine Learning? Confidentiality Integrity Availability Training Poisoning Deployment Model stealing Model inversion Membership inference attack Evasion
  • 14. What Can Go Wrong with Machine Learning? Confidentiality Integrity Availability Training Poisoning Poisoning Deployment Model stealing Model inversion Membership inference attack Evasion Increasing false positives
  • 15. What Can Go Wrong with Machine Learning? Confidentiality Integrity Availability Training Poisoning Poisoning Deployment Model stealing Model inversion Membership inference attack Evasion Increasing false positives
  • 16. Poisoning Attack on Machine Learning 16 Feature selection Selection of the best performing algorithm Dataset Training Deployment
  • 17. Poisoning Attack on Machine Learning 17 Feature selection Selection of the best performing algorithm Dataset Training Deployment Poisoning attack!
  • 18. Poisoning Attack on Machine Learning 18 Feature selection Selection of the best performing algorithm Dataset Training Deployment Poisoning attack!
  • 19. Poisoning Attack Example 19 Source: https://github.com/oreilly-mlsec/book-resources/blob/master/chapter8/figures/8-02-indiscriminate-poisoning-translation.png
  • 20. Feature selection Selection of the best performing algorithm Dataset Training 20 Deployment Evasion Attack on Machine Learning
  • 21. Evasion Attack on Machine Learning 21 Feature selection Selection of the best performing algorithm Dataset Training Deployment Evasion attack!
  • 22. Evasion Attack on Machine Learning 22 Feature selection Selection of the best performing algorithm Dataset Training Deployment Evasion attack! Adversarial Sample
  • 23. Adversarial Samples on Face Recognition DNNs Example of adversarial glasses Sharif et al, Accessorize to a Crime: Real and stealthy attacks on state of the art face recognition, ACM CCS 2016
  • 24. Adversarial Samples on Face Recognition DNNs Example of adversarial glasses Sharif et al, Accessorize to a Crime: Real and stealthy attacks on state of the art face recognition, ACM CCS 2016
  • 25. Adversarial Samples in the Physical World Athalye et al, Synthesizing Robust Adversarial Examples https://arxiv.org/pdf/1707.07397.pdf
  • 26. Adversarial Samples in the Physical World 26 Human Machine Learning System
  • 27. Adversarial Samples in the Physical World 27 Human Machine Learning System
  • 28. Adversarial Samples in the Physical World 28 Human Machine Learning System Generation of adversarial samples can be automated! [Goodfellow et al., Papernot et al.]
  • 29. Adversarial Samples in the Physical World 29 Human Machine Learning System Generation of adversarial samples can be automated! [Goodfellow et al., Papernot et al.] Evasion attacks transfer between different machine learning techniques! [Szegedy et al., Papernot et al.]
  • 30. Automation of Evasion Attacks Attacks Pros Cons Fast Gradient Sign Method (FGSM) [1] Fastest speed Low computation cost Large perturbations Jacobian Saliency Map Attack (JSMA) [2] Small perturbations High computational costs Carlini Wagner (CW) [3] Minimum perturbations Slowest speed, high computational cost [1] Goodfellow et al, Explaining and Harnessing Adversarial Samples https://arxiv.org/abs/1412.6572 [2] Papernot et al, The Limitations of Deep Learning in Adversarial Settings https://arxiv.org/pdf/1511.07528.pdf [3] Carlini et al, Towards Evaluating the Robustness of Neural Networks https://arxiv.org/pdf/1608.04644.pdf
  • 31. Libraries to Generate Adversarial Samples ● Cleverhans ○ https://github.com/tensorflow/cleverhans ● SecML ○ https://gitlab.com/secml/secml ● IBM Adversarial Robustness Toolbox (ART) ○ https://developer.ibm.com/open/projects/adversarial-robustness-toolbox/ ● Foolbox ○ https://github.com/bethgelab/foolbox
  • 32. Transferability of Evasion Attacks 32 ● Instances crafted to cause misclassifications on one machine learning system often cause misclassifications on other machine learning systems, too. ● Adversarial samples transfer between same machine learning techniques. ● Adversarial samples transfer across different machine learning techniques.
  • 33. Effects of Transferability Image source Papernot et al, Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples https://arxiv.org/abs/1605.07277
  • 34. Why Such Attacks Happen? ● Learning algorithms overemphasize importance of some features ○ Even small modifications of such features can cause large changes to the prediction outcome [1] ● Different classifiers tend to find the same set of relevant features ○ Which facilitates attacks to transfer across the models [2] [1] Simon-Gabriel at al, First-order Adversarial Vulnerability of Neural Networks and Input Dimension https://arxiv.org/abs/1802.01421 [2] Demontis et al, Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion andPoisoning Attacks https://arxiv.org/pdf/1809.02861.pdf
  • 36. Defenses Against Poisoning Attacks ● Exclude instances with significant negative impact ○ Reject on Negative Impact defence ○ Avoid to assign regions far from training data marked as legitimate ● Data sanitization ○ remove poisoning samples from training data using outlier detection and data filtering
  • 37. Defenses Against Evasion Attacks ● Ensemble ● Adversarial retraining ● Defensive distillation ● Dimensionality reduction ● Regularization ● Using fuzzy boundaries and membership score as a feature
  • 38. Defenses Against Evasion Attacks ● Ensemble ● Adversarial retraining ● Defensive distillation ● Dimensionality reduction ● Regularization ● Using fuzzy boundaries and membership score as a feature Recent work [1] has shown that all these defences can be evaded under some circumstances [1] Carlini et al, Adversarial Examples Are Not Easily Detected:Bypassing Ten Detection Methods https://nicholas.carlini.com/papers/2017_aisec_breakingdetection.pdf
  • 39. Defenses Against Evasion Attacks ● Ensemble ● Adversarial retraining ● Defensive distillation ● Dimensionality reduction ● Regularization ● Using fuzzy boundaries and membership score as a feature Recent work [1] has shown that all these defences can be evaded under some circumstances Existing defences lack thorough security evaluation [1] Carlini et al, Adversarial Examples Are Not Easily Detected:Bypassing Ten Detection Methods https://nicholas.carlini.com/papers/2017_aisec_breakingdetection.pdf
  • 40. Defenses Against Evasion Attacks ● Ensemble ● Adversarial retraining ● Defensive distillation ● Dimensionality reduction ● Regularization ● Using fuzzy boundaries and membership score as a feature Recent work [1] has shown that all these defences can be evaded under some circumstances Existing defences lack thorough security evaluation Adversarial examples are much more difficult to detect than previously recognized [1] Carlini et al, Adversarial Examples Are Not Easily Detected:Bypassing Ten Detection Methods https://nicholas.carlini.com/papers/2017_aisec_breakingdetection.pdf
  • 41. Other Vulnerabilities of Machine Learning ● Accountability ● Transparency ● Explainability ● Bias and fairness
  • 42. Takeaways ● Security of ML is of growing concern ○ Machine learning is proven to be vulnerable to a set of attacks ○ Some of the attacks are transferable and can be automated
  • 43. Takeaways ● Security of ML is of growing concern ○ Machine learning is proven to be vulnerable to a set of attacks ○ Some of the attacks are transferable and can be automated ● Active countermeasures in order to secure ML should be adopted ○ Some defenses are already proposed but they are still not effective enough ○ Lessons and best practices from security domain should be adapted
  • 44. Takeaways ● Security of ML is of growing concern ○ Machine learning is proven to be vulnerable to a set of attacks ○ Some of the attacks are transferable and can be automated ● Active countermeasures in order to secure ML should be adopted ○ Some defenses are already proposed but they are still not effective enough ○ Lessons and best practices from security domain should be adapted ● Many open problems ○ Some examples are: better defenses, bias, privacy, lack of transparency ○ Future work needed
  • 45. Takeaways ● Security of ML is of growing concern ○ Machine learning is proven to be vulnerable to a set of attacks ○ Some of the attacks are transferable and can be automated ● Active countermeasures in order to secure ML should be adopted ○ Some defenses are already proposed but they are still not effective enough ○ Lessons and best practices from security domain should be adapted ● Many open problems ○ Some examples are: better defenses, bias, privacy, lack of transparency ○ Future work needed Jelena Milošević jelena.milosevic@nt.tuwien.ac.at https://www.linkedin.com/in/milosevicjelena @DrMrLena Questions?