What Is Adversarial Machine Learning.pptx

MaisamAbbas14 111 views 17 slides Aug 22, 2024

Slide 1 of 17

About This Presentation

Adversarial Machine Learning and its future in the world of artificial intillegence. The attackers are now a days attacking the machine learning and deep learning models through data manipulation, model altrations and personal baisness thus making the models to decide wrongly. The Google, Amazon, IB...

Size: 1.15 MB

Language: en

Added: Aug 22, 2024

Slides: 17 pages

Slide Content

What Is Adversarial Machine Learning? Attack Methods in 2024 AML method aims to trick machine learning models by providing deceptive input. Source of Information: https://viso.ai/deep-learning/adversarial-machine-learning/ By: Maisam Abbas

AML Examples An adversarial example is an input to a machine learning model that is purposely designed to cause a model to make a mistake in its predictions despite resembling a valid input to a human. I mage classification and spam detection.

Adversarial Whitebox vs. Blackbox Attacks I s a scenario where the attacker has complete access to the target model, including the model’s architecture and its parameters. I s a scenario where an attacker has no access to the model and can only observe the outputs of the targeted model

Threats of AAs in Machine Learning Organizations that uses Machine Learning need safety from attackers Google, Microsoft, IBM, Amazon, and Tesla are investing heavily in safeguarding their ML models The car with a camouflage Pattern is mis detected as a “Cake”

AML Categories Poisoning Attacks The attacker influences the training data or its labels to cause the model to underperform during deployment. Hence, Poisoning is essentially adversarial contamination of training data. As ML systems can be re-trained using data collected during operation, an attacker may poison the data by injecting malicious samples during operation, which subsequently disrupt or influence re-training.

Poisoning Attacks

Evasion Attacks The attacker manipulates the data during deployment to deceive previously trained classifiers. Examples of evasion are spoofing attacks against biometric verification systems.

Model Extraction Model stealing or model extraction involves an attacker probing a black box machine learning system in order to either reconstruct the model or extract the data it was trained on This is especially significant when either the training data or the model itself is sensitive and confidential. Model extraction attacks can be used, for instance, to steal a stock market prediction model , which the adversary could use for their own financial benefit.

Popular Adversarial AI Attack Methods Limited-memory BFGS (L-BFGS) The Limited-memory Broyden -Fletcher-Goldfarb- Shanno (L-BFGS) method is a non-linear gradient-based numerical optimization algorithm to minimize the number of perturbations added to images. Advantages: Effective at generating adversarial examples. Disadvantages: Very computationally intensive, as it is an optimized method with box constraints. The method is time-consuming and impractical.

Fast Gradient Sign method (FGSM) A simple and fast gradient-based method is used to generate adversarial examples to minimize the maximum amount of perturbation added to any pixel of the image to cause misclassification. Advantages: Comparably efficient computing times. Perturbations are added to every feature.

Jacobian-based Saliency Map Attack (JSMA) T he method uses feature selection to minimize the number of features modified while causing misclassification Flat perturbations are added to features iteratively according to saliency value by decreasing order. Advantages: Very few features are perturbed. Disadvantages: More computationally intensive than FGSM.

Deep fool Attack This untargeted adversarial sample generation technique aims at minimizing the Euclidean distance between perturbed samples and original samples Decision boundaries between classes are estimated, and perturbations are added iteratively. Advantages: Effective at producing adversarial examples, with fewer perturbations and higher misclassification rates. More computationally intensive than FGSM and JSMA. Also, adversarial examples are likely not optimal.

Carlini & Wagner Attack (C&W) The technique is based on the L-BFGS attack (optimization problem) but without box constraints and different objective functions. This makes the method more efficient at generating adversarial examples it was shown to be able to defeat state-of-the-art defenses, such as defensive distillation and adversarial training. Advantages: Very effective at producing adversarial examples. Also, it can defeat some adversarial defenses. Disadvantages: More computationally intensive than FGSM, JSMA, and Deep fool.

Generative Adversarial Networks (GAN) Generative Adversarial Networks (GANs) have been used to generate adversarial attacks, where two neural networks compete with each other. Thereby one is acting as a generator, and the other behaves as the discriminator. The two networks play a zero-sum game, where the generator tries to produce samples that the discriminator will misclassify. Meanwhile, the discriminator tries to distinguish real samples from ones created by the generator. Advantages: Generation of samples different from the ones used in training. Disadvantages: Training a Generate Adversarial Network is very computationally intensive and can be highly unstable.

Zeroth-order optimization attack (ZOO) The ZOO technique allows the estimation of the gradient of the classifiers without access to the classifier, making it ideal for black-box attacks. The method estimates gradient and hessian by querying the target model with modified individual features and uses Adam or Newton’s method to optimize perturbations. Advantages: Similar performance to the C&W attack. No training of substitute models or information on the classifier is required. Disadvantages: Requires a large number of queries to the target classifier.

What’s Next for Adversarial Machine Learning? Machine learning presents a new attack surface and increases security risks through the possibility of data manipulation and exploitation. Organizations adopting machine learning technologies must anticipate potential risks with a strong defense strategy against data sets being corrupted, model theft, and adversarial samples. If you want to read more about this and related topics, we recommend you the following articles: Read about Privacy-Preserving Machine Learning (PPML) and methods Obfuscation techniques such as face blurring with vision recognition models A guide about Deep Neural Networks: The 3 popular types (MLP, CNN, and RNN) Supervised vs Unsupervised Learning for Computer Vision

What Is Adversarial Machine Learning.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

What Is Adversarial Machine Learning.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx