Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adversarial Machine Learning in Julia

Published byNadine Rivard Modified over 5 years ago

Similar presentations

Presentation on theme: "Adversarial Machine Learning in Julia"— Presentation transcript:

1 Adversarial Machine Learning in Julia
Paul Gibby 12/10/2018

2 Adversarial Machine Learning
Adversarial machine learning is when you take input and perturb it imperceptibly to make a machine learning algorithm respond “incorrectly” Most attacks currently target image classifiers The existence of these adversarial examples means that we can’t fully trust the output of machine learning if an adversary can control the input. This is most dangerous in the case of malware classification

3 Why Julia? Julia is well suited for machine learning and optimization problems, and does them very fast. Easily extendable Many helpful libraries like Knet Easy parallelization Currently doesn’t seem to exist yet in Julia (closest is a couple of implementations of GAN)

4 Adversarial Algorithms
L-BFGS Optimization of a cost function with box constraints Fast Gradient Sign Method (FGSM) A single step of gradient descent. Weakest method, but very fast Iterative Gradient Sign Method (IGSM) Multiple steps of gradient descent JSMA For each step, finds a pair of pixels that if changed will have the greatest effect of moving the image to the target Carlini-Wagner A sophisticated attack that bypasses an early attempt at defense. Similar to L-BFGS, but optimized over a tanh space and a different cost function

5 Distance Metrics We assess whether a change to an image is imperceptible by measuring its distance from the original L2 distance – Standard Euclidean distance between flattened images Simple and fast DSSIM – a measurement of visual distortion between two images More complicated, but better reflects human vision

6 To the Demo!

7 Comparison with CleverHans
Attack CleverHans (Python) Julia FGSM 0.14 .05 JSMA 20,000 75

8 Practical Application – Malware Detection
Took data of traits (API calls, etc) of malware and trained a classifier on it. With a simple algorithm, each malware could have a single feature added to it that causes a misclassification

9 Thank You!

Download ppt "Adversarial Machine Learning in Julia"

Similar presentations

Memristor in Learning Neural Networks

Memristor in Learning Neural Networks
Perceptron Learning Rule

Perceptron Learning Rule
Face Recognition and Biometric Systems Eigenfaces (2)

Face Recognition and Biometric Systems Eigenfaces (2)
Linear Classifiers (perceptrons)

Linear Classifiers (perceptrons)
Salvatore giorgi Ece 8110 machine learning 5/12/2014

Salvatore giorgi Ece 8110 machine learning 5/12/2014
CSCI 347 / CS 4206: Data Mining Module 07: Implementations Topic 03: Linear Models.

CSCI 347 / CS 4206: Data Mining Module 07: Implementations Topic 03: Linear Models.
Face Alignment with Part-Based Modeling

Face Alignment with Part-Based Modeling
Face Recognition & Biometric Systems Support Vector Machines (part 2)

Face Recognition & Biometric Systems Support Vector Machines (part 2)
Thesis title: “Studies in Pattern Classification – Biological Modeling, Uncertainty Reasoning, and Statistical Learning” 3 parts: (1)Handwritten Digit.

Thesis title: “Studies in Pattern Classification – Biological Modeling, Uncertainty Reasoning, and Statistical Learning” 3 parts: (1)Handwritten Digit.
EE462 MLCV Lecture 5-6 Object Detection – Boosting Tae-Kyun Kim.

EE462 MLCV Lecture 5-6 Object Detection – Boosting Tae-Kyun Kim.
CSC321: Neural Networks Lecture 3: Perceptrons

CSC321: Neural Networks Lecture 3: Perceptrons
Lecture 14 – Neural Networks

Lecture 14 – Neural Networks
CS292 Computational Vision and Language Pattern Recognition and Classification.

CS292 Computational Vision and Language Pattern Recognition and Classification.
Learning from Observations Chapter 18 Section 1 – 4.

Learning from Observations Chapter 18 Section 1 – 4.
By Fernando Seoane, April 25 th, 2006 Demo for Non-Parametric Classification Euclidean Metric Classifier with Data Clustering.

By Fernando Seoane, April 25 th, 2006 Demo for Non-Parametric Classification Euclidean Metric Classifier with Data Clustering.
Supervised Distance Metric Learning Presented at CMU’s Computer Vision Misc-Read Reading Group May 9, 2007 by Tomasz Malisiewicz.

Supervised Distance Metric Learning Presented at CMU’s Computer Vision Misc-Read Reading Group May 9, 2007 by Tomasz Malisiewicz.
Cliff Rhyne and Jerry Fu June 5, 2007 Parallel Image Segmenter CSE 262 Spring 2007 Project Final Presentation.

Cliff Rhyne and Jerry Fu June 5, 2007 Parallel Image Segmenter CSE 262 Spring 2007 Project Final Presentation.
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.

Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.
Face Processing System Presented by: Harvest Jang Group meeting Fall 2002.

Face Processing System Presented by: Harvest Jang Group meeting Fall 2002.
Face Detection and Neural Networks Todd Wittman Math 8600: Image Analysis Prof. Jackie Shen December 2001.

Face Detection and Neural Networks Todd Wittman Math 8600: Image Analysis Prof. Jackie Shen December 2001.

Similar presentations

Ads by Google