SlideShare a Scribd company logo

Machine learning security - Pawel Zawistowski, Warsaw University of Technology/Adform

Evention
Evention

Despite rapid progress of tools and methods, security has been almost entirely overlooked in the mainstream machine learning. Unfortunately, even the most sophisticated and carefully crafted models can become victims of using the so-called adversarial examples. This talk will cover the concepts of adversarial data and machine learning security, go through examples of possible attack vectors and discuss the currently known defence mechanisms.

Data & Analytics
1 of 31
Download to read offline
Machine learning security PAWEŁ ZAWISTOWSKI
AI and machine learning help to create new tools [1] Image: https://pixabay.com/pl/sztuczna-inteligencja-ai-robota-2228610/ Some of them make us rethink what is “real”
lyrebird.ai “Lyrebird allows you to create a digital voice that sounds like you with only one minute of audio.” [1] [1] Quote & image: https://lyrebird.ai/
Learning lip sync from audio [1] Suwajanakorn, Supasorn, Steven M. Seitz, and Ira Kemelmacher-Shlizerman. "Synthesizing obama: learning lip sync from audio." ACM Transactions on Graphics (TOG) 36.4 (2017): 95. [2] Image: https://youtu.be/9Yq67CjDqvw
FakeApp ”A desktop app for creating photorealistic faceswap videos made with deep learning” [1] [1] http://www.fakeapp.org/ [2] Image: Nicolas Cage fake movie compilation: https://youtu.be/BU9YAHigNx8
ML through the security lens [1] Image: https://pixabay.com/pl/streszczenie-geometryczny-%C5%9Bwiata-1278059/
CIA triad – in machine learning context Confidentiality – extracting model parameters and training data Integrity – inducing particular outputs/behaviors of a trained model Availability – making the model instable/unusable
Targeting confidentiality
Sharing datasets is tricky [1] Image: https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases A. Narayanan and V. Shmatikov. “Robust de-anonymization of large sparse datasets (how to break anonymity of the Netflix prize dataset)”. IEEE Symposium on Security and Privacy. 2008.
A possible remedy: differential privacy • A promise made to a data subject: “You will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis, no matter what other studies, data sets, or information sources, are available.” [1] • Adding randomness helps in protecting individual privacy. [1] Dwork, C., & Roth, A. (2013). The Algorithmic Foundations of Differential Privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4), 211–407.
Demonstration – a quick survey Raise your hand if you’ve been involved in some illegal activities.
Demonstration – a quick survey, take 2 Toss a fair coin: ◦ if it’s heads – toss it again and answer yes if it comes out heads, ◦ if it’s tails – answer truthfully. Statistically ~ 25% of positives only due to randomness, the difference is where the knowledge is hidden. Raise your hand if you’ve been involved in some illegal activities.
Targeting integrity
Rapid progress in image recognition [1] Left image MNIST: https://upload.wikimedia.org/wikipedia/commons/2/27/MnistExamples.png [2] Right image CIFAR: https://www.cs.toronto.edu/~kriz/cifar.html [3] Wan, Li, et al. "Regularization of neural networks using dropconnect." International Conference on Machine Learning. 2013. [4] Graham, Benjamin. "Fractional max-pooling." arXiv preprint arXiv:1412.6071 (2014) MNIST: 99.79% [3] CIFAR-10: 96.53% [4]
“5 days after Microsoft announced it had beat the human benchmark of 5.1% errors with a 4.94% error grabbing neural network, Google announced it had one-upped Microsoft by 0.04%” [1] [1] https://www.eetimes.com/document.asp?doc_id=1325712 “Human level” results
In the meantime this happens street sign birdhouse
Adversarial examples [1] I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples”, 2014. “[…] inputs formed by applying small but intentionally worst-case perturbations […] (which) results in the model outputting an incorrect answer with high confidence” [1] Goodfellow et al.
How these work? ▪Given a classifier f(x) we need to find a (minimal) perturbation r for which f(x+r) ≠ f(x). ▪Finding r can be realized as an optimization task. [1] Black box https://cdn.pixabay.com/photo/2014/04/03/10/22/black-box-310220_960_720.png [2] White box https://cdn.pixabay.com/photo/2013/07/12/13/55/box-147574_960_720.png
How these work?
Training a model Training data Loss function Inputs Labels Outputs Parameter corrections
Generating adversarial examples Adversarial loss Inputs Outputs Perturbation corrections Perturbation Trained model
One step further: adversarial patch [1] Brown, T. B., Mané, D., Roy, A., Abadi, M., & Gilmer, J. (n.d.). „Adversarial Patch” toaster
Two steps further: adversarial object [1] Athalye, A., Engstrom, L., Ilyas, A., & Kwok, K. (2017). Synthesizing Robust Adversarial Examples. [2] Images: http://www.labsix.org/physical-objects-that-fool-neural-nets/ Trained model Adversarial attack Adversarial 3D model 3D Printing
Papernot et al: machine learning pipeline security Papernot et al. : “SoK: Towards the Science of Security and Privacy in Machine Learning”
Defense methods – first attempts • Gradient masking. • Defensive distillation. [1] Image: http://cdn.emgn.com/wp-content/uploads/2016/01/society-will-fail-emgn-16.jpg
Extending the training data set Training data Adversarial examples Train model Perform attack Extend dataset
Detecting adversarial inputs Online model Inputs Attack detector Outputs
Adding some noise Online model Inputs Adding noise Outputs
Conclusions [1] http://maxpixel.freegreatpicture.com/
„In the history of science and technology, the engineering artifacts have almost always preceded the theoretical understanding[…] if you are not happy with our understanding of the methods you use everyday, fix it” [2] Yann LeCun [1] http://maxpixel.freegreatpicture.com/ [2] comment to a Ali Rahimi's "Test of Time" award talk at NIPS
Thank you for your attention! ON THE SIDE NOTE – WE’RE HIRING! ☺ [1] http://maxpixel.freegreatpicture.com/

Recommended

Film 260 flipbook
Film 260 flipbookFilm 260 flipbook
Film 260 flipbookJamie Cochrane
 
Pedagogy before Technology (Weaving Tech 2019)
Pedagogy before Technology (Weaving Tech 2019)Pedagogy before Technology (Weaving Tech 2019)
Pedagogy before Technology (Weaving Tech 2019)Michael A. Cowling
 
Null
NullNull
NullEraylsonGaldino1
 
Fast discrimination of fake video manipulation
Fast discrimination of fake video manipulationFast discrimination of fake video manipulation
Fast discrimination of fake video manipulationIJECEIAES
 
ACSA-PARC Interns Reflect
ACSA-PARC Interns ReflectACSA-PARC Interns Reflect
ACSA-PARC Interns Reflectdvodicka
 
Image Classification and Annotation Using Deep Learning
Image Classification and Annotation Using Deep LearningImage Classification and Annotation Using Deep Learning
Image Classification and Annotation Using Deep LearningIRJET Journal
 
Deep Learning Jump Start
Deep Learning Jump StartDeep Learning Jump Start
Deep Learning Jump StartMichele Toni
 
Explore Data: Data Science + Visualization
Explore Data: Data Science + VisualizationExplore Data: Data Science + Visualization
Explore Data: Data Science + VisualizationRoelof Pieters
 

Recommended

Film 260 flipbook
Film 260 flipbookFilm 260 flipbook
Film 260 flipbookJamie Cochrane
 
Pedagogy before Technology (Weaving Tech 2019)
Pedagogy before Technology (Weaving Tech 2019)Pedagogy before Technology (Weaving Tech 2019)
Pedagogy before Technology (Weaving Tech 2019)Michael A. Cowling
 
Null
NullNull
NullEraylsonGaldino1
 
Fast discrimination of fake video manipulation
Fast discrimination of fake video manipulationFast discrimination of fake video manipulation
Fast discrimination of fake video manipulationIJECEIAES
 
ACSA-PARC Interns Reflect
ACSA-PARC Interns ReflectACSA-PARC Interns Reflect
ACSA-PARC Interns Reflectdvodicka
 
Image Classification and Annotation Using Deep Learning
Image Classification and Annotation Using Deep LearningImage Classification and Annotation Using Deep Learning
Image Classification and Annotation Using Deep LearningIRJET Journal
 
Deep Learning Jump Start
Deep Learning Jump StartDeep Learning Jump Start
Deep Learning Jump StartMichele Toni
 
Explore Data: Data Science + Visualization
Explore Data: Data Science + VisualizationExplore Data: Data Science + Visualization
Explore Data: Data Science + VisualizationRoelof Pieters
 
Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)Gregory Desrosiers
 
Presentation about adversarial image attacks
Presentation about adversarial image attacksPresentation about adversarial image attacks
Presentation about adversarial image attacksKoshinKhodiyar
 
Face recognition face verification one shot learning
Face recognition face verification one shot learningFace recognition face verification one shot learning
Face recognition face verification one shot learningcg14tech
 
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...polochau
 
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of CybersecurityThe Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecuritylaurieannwilliams
 
Analysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery MethodologiesAnalysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery Methodologiesijsrd.com
 
Attack Vectors in Biometric Recognition Systems
Attack Vectors in Biometric Recognition SystemsAttack Vectors in Biometric Recognition Systems
Attack Vectors in Biometric Recognition SystemsClare Nelson, CISSP, CIPP-E
 
A survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensicsA survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensicsIJECEIAES
 
Stay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer VisionStay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer VisionNUS-ISS
 
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...Sebastian Deterding
 
Edtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learnEdtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learnShah Widjaja
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)Takeshi Takahashi
 
A Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video DetectionA Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video DetectionIRJET Journal
 
Sec16 paper xu
Sec16 paper xuSec16 paper xu
Sec16 paper xuAndrey Apuhtin
 
UC Merced: Data Management for Scientists
UC Merced: Data Management for ScientistsUC Merced: Data Management for Scientists
UC Merced: Data Management for ScientistsCarly Strasser
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
Edupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 editionEdupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 editionMel Chua
 
A Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection TechniquesA Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection Techniquesijtsrd
 
The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...Evention
 
A/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.comA/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.comEvention
 

More Related Content

Similar to Machine learning security - Pawel Zawistowski, Warsaw University of Technology/Adform

Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)Gregory Desrosiers
 
Presentation about adversarial image attacks
Presentation about adversarial image attacksPresentation about adversarial image attacks
Presentation about adversarial image attacksKoshinKhodiyar
 
Face recognition face verification one shot learning
Face recognition face verification one shot learningFace recognition face verification one shot learning
Face recognition face verification one shot learningcg14tech
 
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...polochau
 
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of CybersecurityThe Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecuritylaurieannwilliams
 
Analysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery MethodologiesAnalysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery Methodologiesijsrd.com
 
A survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensicsA survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensicsIJECEIAES
 
Stay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer VisionStay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer VisionNUS-ISS
 
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...Sebastian Deterding
 
Edtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learnEdtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learnShah Widjaja
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)Allison Miller
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)Takeshi Takahashi
 
A Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video DetectionA Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video DetectionIRJET Journal
 
UC Merced: Data Management for Scientists
UC Merced: Data Management for ScientistsUC Merced: Data Management for Scientists
UC Merced: Data Management for ScientistsCarly Strasser
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
Edupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 editionEdupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 editionMel Chua
 
A Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection TechniquesA Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection Techniquesijtsrd
 

Similar to Machine learning security - Pawel Zawistowski, Warsaw University of Technology/Adform (20)

Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)Procedural Generation at its Elegance (Software Development)
Procedural Generation at its Elegance (Software Development)
 
Presentation about adversarial image attacks
Presentation about adversarial image attacksPresentation about adversarial image attacks
Presentation about adversarial image attacks
 
Face recognition face verification one shot learning
Face recognition face verification one shot learningFace recognition face verification one shot learning
Face recognition face verification one shot learning
 
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
 
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of CybersecurityThe Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
 
Analysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery MethodologiesAnalysis and Detection of Image Forgery Methodologies
Analysis and Detection of Image Forgery Methodologies
 
Attack Vectors in Biometric Recognition Systems
Attack Vectors in Biometric Recognition SystemsAttack Vectors in Biometric Recognition Systems
Attack Vectors in Biometric Recognition Systems
 
A survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensicsA survey of deepfakes in terms of deep learning and multimedia forensics
A survey of deepfakes in terms of deep learning and multimedia forensics
 
Stay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer VisionStay Safe and Healthy with Computer Vision
Stay Safe and Healthy with Computer Vision
 
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
Desperately Seeking Theory: Gamification, Theory, and the Promise of a Data/A...
 
Edtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learnEdtech summit 2018 - Unlearning to learn
Edtech summit 2018 - Unlearning to learn
 
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
 
A Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video DetectionA Neural Network Approach to Deep-Fake Video Detection
A Neural Network Approach to Deep-Fake Video Detection
 
Sec16 paper xu
Sec16 paper xuSec16 paper xu
Sec16 paper xu
 
UC Merced: Data Management for Scientists
UC Merced: Data Management for ScientistsUC Merced: Data Management for Scientists
UC Merced: Data Management for Scientists
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
Edupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 editionEdupsych Theory for Hacker School: Summer 2013 edition
Edupsych Theory for Hacker School: Summer 2013 edition
 
A Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection TechniquesA Review on Various Forgery Detection Techniques
A Review on Various Forgery Detection Techniques
 

More from Evention

The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...Evention
 
A/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.comA/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.comEvention
 
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...Evention
 
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...Evention
 
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, Adform
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, AdformBuilding a Modern Data Pipeline: Lessons Learned - Saulius Valatka, Adform
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, AdformEvention
 
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data Artisans
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data ArtisansApache Flink: Better, Faster & Uncut - Piotr Nowojski, data Artisans
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data ArtisansEvention
 
Privacy by Design - Lars Albertsson, Mapflat
Privacy by Design - Lars Albertsson, MapflatPrivacy by Design - Lars Albertsson, Mapflat
Privacy by Design - Lars Albertsson, MapflatEvention
 
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...Evention
 
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...Evention
 
Enhancing Spark - increase streaming capabilities of your applications - Kami...
Enhancing Spark - increase streaming capabilities of your applications - Kami...Enhancing Spark - increase streaming capabilities of your applications - Kami...
Enhancing Spark - increase streaming capabilities of your applications - Kami...Evention
 
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...Evention
 
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...Evention
 
Stream processing with Apache Flink - Maximilian Michels Data Artisans
Stream processing with Apache Flink - Maximilian Michels Data ArtisansStream processing with Apache Flink - Maximilian Michels Data Artisans
Stream processing with Apache Flink - Maximilian Michels Data ArtisansEvention
 
Scaling Cassandra in all directions - Jimmy Mardell Spotify
Scaling Cassandra in all directions - Jimmy Mardell SpotifyScaling Cassandra in all directions - Jimmy Mardell Spotify
Scaling Cassandra in all directions - Jimmy Mardell SpotifyEvention
 
Big Data for unstructured data Dariusz Śliwa
Big Data for unstructured data Dariusz ŚliwaBig Data for unstructured data Dariusz Śliwa
Big Data for unstructured data Dariusz ŚliwaEvention
 
Elastic development. Implementing Big Data search Grzegorz Kołpuć
Elastic development. Implementing Big Data search Grzegorz KołpućElastic development. Implementing Big Data search Grzegorz Kołpuć
Elastic development. Implementing Big Data search Grzegorz KołpućEvention
 
H2 o deep water making deep learning accessible to everyone -jo-fai chow
H2 o deep water making deep learning accessible to everyone -jo-fai chowH2 o deep water making deep learning accessible to everyone -jo-fai chow
H2 o deep water making deep learning accessible to everyone -jo-fai chowEvention
 
That won’t fit into RAM - Michał Brzezicki
That won’t fit into RAM - Michał BrzezickiThat won’t fit into RAM - Michał Brzezicki
That won’t fit into RAM - Michał BrzezickiEvention
 
Stream Analytics with SQL on Apache Flink - Fabian Hueske
Stream Analytics with SQL on Apache Flink - Fabian HueskeStream Analytics with SQL on Apache Flink - Fabian Hueske
Stream Analytics with SQL on Apache Flink - Fabian HueskeEvention
 
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...Evention
 

More from Evention (20)

The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...The Factorization Machines algorithm for building recommendation system - Paw...
The Factorization Machines algorithm for building recommendation system - Paw...
 
A/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.comA/B testing powered by Big data - Saurabh Goyal, Booking.com
A/B testing powered by Big data - Saurabh Goyal, Booking.com
 
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
Near Real-Time Fraud Detection in Telecommunication Industry - Burak Işıklı, ...
 
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
Assisting millions of active users in real-time - Alexey Brodovshuk, Kcell; K...
 
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, Adform
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, AdformBuilding a Modern Data Pipeline: Lessons Learned - Saulius Valatka, Adform
Building a Modern Data Pipeline: Lessons Learned - Saulius Valatka, Adform
 
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data Artisans
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data ArtisansApache Flink: Better, Faster & Uncut - Piotr Nowojski, data Artisans
Apache Flink: Better, Faster & Uncut - Piotr Nowojski, data Artisans
 
Privacy by Design - Lars Albertsson, Mapflat
Privacy by Design - Lars Albertsson, MapflatPrivacy by Design - Lars Albertsson, Mapflat
Privacy by Design - Lars Albertsson, Mapflat
 
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...
Elephants in the cloud or how to become cloud ready - Krzysztof Adamski, GetI...
 
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...
Deriving Actionable Insights from High Volume Media Streams - Jörn Kottmann, ...
 
Enhancing Spark - increase streaming capabilities of your applications - Kami...
Enhancing Spark - increase streaming capabilities of your applications - Kami...Enhancing Spark - increase streaming capabilities of your applications - Kami...
Enhancing Spark - increase streaming capabilities of your applications - Kami...
 
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
7 Days of Playing Minesweeper, or How to Shut Down Whistleblower Defense with...
 
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...
Big Data Journey at a Big Corp - Tomasz Burzyński, Maciej Czyżowicz, Orange P...
 
Stream processing with Apache Flink - Maximilian Michels Data Artisans
Stream processing with Apache Flink - Maximilian Michels Data ArtisansStream processing with Apache Flink - Maximilian Michels Data Artisans
Stream processing with Apache Flink - Maximilian Michels Data Artisans
 
Scaling Cassandra in all directions - Jimmy Mardell Spotify
Scaling Cassandra in all directions - Jimmy Mardell SpotifyScaling Cassandra in all directions - Jimmy Mardell Spotify
Scaling Cassandra in all directions - Jimmy Mardell Spotify
 
Big Data for unstructured data Dariusz Śliwa
Big Data for unstructured data Dariusz ŚliwaBig Data for unstructured data Dariusz Śliwa
Big Data for unstructured data Dariusz Śliwa
 
Elastic development. Implementing Big Data search Grzegorz Kołpuć
Elastic development. Implementing Big Data search Grzegorz KołpućElastic development. Implementing Big Data search Grzegorz Kołpuć
Elastic development. Implementing Big Data search Grzegorz Kołpuć
 
H2 o deep water making deep learning accessible to everyone -jo-fai chow
H2 o deep water making deep learning accessible to everyone -jo-fai chowH2 o deep water making deep learning accessible to everyone -jo-fai chow
H2 o deep water making deep learning accessible to everyone -jo-fai chow
 
That won’t fit into RAM - Michał Brzezicki
That won’t fit into RAM - Michał BrzezickiThat won’t fit into RAM - Michał Brzezicki
That won’t fit into RAM - Michał Brzezicki
 
Stream Analytics with SQL on Apache Flink - Fabian Hueske
Stream Analytics with SQL on Apache Flink - Fabian HueskeStream Analytics with SQL on Apache Flink - Fabian Hueske
Stream Analytics with SQL on Apache Flink - Fabian Hueske
 
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
Hopsworks Secure Streaming as-a-service with Kafka Flinkspark - Theofilos Kak...
 

Recently uploaded

NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...Boston Institute of Analytics
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024thyngster
 
Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Colleen Farrelly
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFAAndrei Kaleshka
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDRafezzaman
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxthyngster
 
IMA MSN - Medical Students Network (2).pptx
IMA MSN - Medical Students Network (2).pptxIMA MSN - Medical Students Network (2).pptx
IMA MSN - Medical Students Network (2).pptxdolaknnilon
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一F sss
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxEmmanuel Dauda
 
DBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfDBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfJohn Sterrett
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectBoston Institute of Analytics
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改yuu sss
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsVICTOR MAESTRE RAMIREZ
 
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档208367051
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...Florian Roscheck
 
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Sapana Sha
 
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort servicejennyeacort
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...dajasot375
 
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...soniya singh
 

Recently uploaded (20)

NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
 
Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFA
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
 
IMA MSN - Medical Students Network (2).pptx
IMA MSN - Medical Students Network (2).pptxIMA MSN - Medical Students Network (2).pptx
IMA MSN - Medical Students Network (2).pptx
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
 
DBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfDBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdf
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis Project
 
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
专业一比一美国俄亥俄大学毕业证成绩单pdf电子版制作修改
 
Advanced Machine Learning for Business Professionals
Advanced Machine Learning for Business ProfessionalsAdvanced Machine Learning for Business Professionals
Advanced Machine Learning for Business Professionals
 
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
 
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
Saket, (-DELHI )+91-9654467111-(=)CHEAP Call Girls in Escorts Service Saket C...
 
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
 
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
 

Machine learning security - Pawel Zawistowski, Warsaw University of Technology/Adform

  • 2. AI and machine learning help to create new tools [1] Image: https://pixabay.com/pl/sztuczna-inteligencja-ai-robota-2228610/ Some of them make us rethink what is “real”
  • 3. lyrebird.ai “Lyrebird allows you to create a digital voice that sounds like you with only one minute of audio.” [1] [1] Quote & image: https://lyrebird.ai/
  • 4. Learning lip sync from audio [1] Suwajanakorn, Supasorn, Steven M. Seitz, and Ira Kemelmacher-Shlizerman. "Synthesizing obama: learning lip sync from audio." ACM Transactions on Graphics (TOG) 36.4 (2017): 95. [2] Image: https://youtu.be/9Yq67CjDqvw
  • 5. FakeApp ”A desktop app for creating photorealistic faceswap videos made with deep learning” [1] [1] http://www.fakeapp.org/ [2] Image: Nicolas Cage fake movie compilation: https://youtu.be/BU9YAHigNx8
  • 6. ML through the security lens [1] Image: https://pixabay.com/pl/streszczenie-geometryczny-%C5%9Bwiata-1278059/
  • 7. CIA triad – in machine learning context Confidentiality – extracting model parameters and training data Integrity – inducing particular outputs/behaviors of a trained model Availability – making the model instable/unusable
  • 9. Sharing datasets is tricky [1] Image: https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases A. Narayanan and V. Shmatikov. “Robust de-anonymization of large sparse datasets (how to break anonymity of the Netflix prize dataset)”. IEEE Symposium on Security and Privacy. 2008.
  • 10. A possible remedy: differential privacy • A promise made to a data subject: “You will not be affected, adversely or otherwise, by allowing your data to be used in any study or analysis, no matter what other studies, data sets, or information sources, are available.” [1] • Adding randomness helps in protecting individual privacy. [1] Dwork, C., & Roth, A. (2013). The Algorithmic Foundations of Differential Privacy. Foundations and Trends® in Theoretical Computer Science, 9(3–4), 211–407.
  • 11. Demonstration – a quick survey Raise your hand if you’ve been involved in some illegal activities.
  • 12. Demonstration – a quick survey, take 2 Toss a fair coin: ◦ if it’s heads – toss it again and answer yes if it comes out heads, ◦ if it’s tails – answer truthfully. Statistically ~ 25% of positives only due to randomness, the difference is where the knowledge is hidden. Raise your hand if you’ve been involved in some illegal activities.
  • 14. Rapid progress in image recognition [1] Left image MNIST: https://upload.wikimedia.org/wikipedia/commons/2/27/MnistExamples.png [2] Right image CIFAR: https://www.cs.toronto.edu/~kriz/cifar.html [3] Wan, Li, et al. "Regularization of neural networks using dropconnect." International Conference on Machine Learning. 2013. [4] Graham, Benjamin. "Fractional max-pooling." arXiv preprint arXiv:1412.6071 (2014) MNIST: 99.79% [3] CIFAR-10: 96.53% [4]
  • 15. “5 days after Microsoft announced it had beat the human benchmark of 5.1% errors with a 4.94% error grabbing neural network, Google announced it had one-upped Microsoft by 0.04%” [1] [1] https://www.eetimes.com/document.asp?doc_id=1325712 “Human level” results
  • 16. In the meantime this happens street sign birdhouse
  • 17. Adversarial examples [1] I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples”, 2014. “[…] inputs formed by applying small but intentionally worst-case perturbations […] (which) results in the model outputting an incorrect answer with high confidence” [1] Goodfellow et al.
  • 18. How these work? ▪Given a classifier f(x) we need to find a (minimal) perturbation r for which f(x+r) ≠ f(x). ▪Finding r can be realized as an optimization task. [1] Black box https://cdn.pixabay.com/photo/2014/04/03/10/22/black-box-310220_960_720.png [2] White box https://cdn.pixabay.com/photo/2013/07/12/13/55/box-147574_960_720.png
  • 22. One step further: adversarial patch [1] Brown, T. B., Mané, D., Roy, A., Abadi, M., & Gilmer, J. (n.d.). „Adversarial Patch” toaster
  • 23. Two steps further: adversarial object [1] Athalye, A., Engstrom, L., Ilyas, A., & Kwok, K. (2017). Synthesizing Robust Adversarial Examples. [2] Images: http://www.labsix.org/physical-objects-that-fool-neural-nets/ Trained model Adversarial attack Adversarial 3D model 3D Printing
  • 24. Papernot et al: machine learning pipeline security Papernot et al. : “SoK: Towards the Science of Security and Privacy in Machine Learning”
  • 25. Defense methods – first attempts • Gradient masking. • Defensive distillation. [1] Image: http://cdn.emgn.com/wp-content/uploads/2016/01/society-will-fail-emgn-16.jpg
  • 26. Extending the training data set Training data Adversarial examples Train model Perform attack Extend dataset
  • 30. „In the history of science and technology, the engineering artifacts have almost always preceded the theoretical understanding[…] if you are not happy with our understanding of the methods you use everyday, fix it” [2] Yann LeCun [1] http://maxpixel.freegreatpicture.com/ [2] comment to a Ali Rahimi's "Test of Time" award talk at NIPS
  • 31. Thank you for your attention! ON THE SIDE NOTE – WE’RE HIRING! ☺ [1] http://maxpixel.freegreatpicture.com/