Adversarial Machine Learning and Using CleverHans to make your ML models robust
The increasing accuracy of the machine learning systems is quite impressive. It has naturally led to a veritable flood of applications using them including self-driving vehicles, face recognition, cancer diagnosis and even in next-gen shops. A few years ago, getting wrong predictions from a machine learning model used to be the norm. Nowadays, this has become the exception, and we’ve come to expect them to perform flawlessly, especially when they are deployed in real-world applications.
An adversarial example is an input to a machine learning model that is intentionally designed by an attacker to fool the model into producing an incorrect output. Any machine learning model used in a real-world scenario is subject to adversarial attacks. An adversarial attack is a strategy aimed at causing a machine learning model to make a wrong prediction. It consists of adding a small and carefully designed perturbation to a clean image, that is imperceptible for the human eye, but that the model sees as relevant and changes its prediction.
One can easily imagine the havoc that adversarial attacks can cause in real world scenarios. University of Washington researchers showed how easily self-driving cars can be fooled by just strategically putting some noisy stickers.
CleverHans (https://github.com/tensorflow/cleverhans) is a python library to benchmark machine learning systems’ vulnerability to adversarial examples. It provides standardized reference implementations of adversarial example construction techniques and adversarial training.
The talk will cover
- Overview of adversarial machine learning attack techniques and defences.
- Example of how to craft adversarial example, how to conduct adversarial training and make the model robust using CleveHans library
The outline of talk is
- How models can be forced to make mistakes with adversarial examples. (3 Mins)
- Fooling a linear classifier on ImageNet (2 Mins)
- How to generate adversarial attacks (3 Mins)
- Fast gradient sign (3 Mins)
- Defence and adversarial training (5 Mins)
- CleverHans Introduction (2 Mins)
- Walkthrough of an example attack, defence and training using CleverHans + Tensorflow (7 Mins)
- Q&A (5 mins)
Basic knowledge of Machine Learning and Deep Learning
Mukul Joshi is VP of Technology and Engineering at Nitor Infotech Pune. Mukul’s association with Nitor began with the acquisition of his company SpotOn by Nitor. Mukul has a total experience of 17 years in Research, Technology, and Software Product engineering. His career so far has been as colorful as the rainbow with a wonderful blend of Technology, Startup and Business experience. Prior to SpotOn, he worked with GS Lab, IBM Research Lab, and Persistent Systems. He played a key role there as a technology architect & computer science researcher. He holds two patents to his name. He has published extensively in the areas of text mining, machine learning, search and data science. An alumnus of Computer Science & Engineering at IIT Bombay, he is a voracious reader with a great passion for music, maths and Marathi literature & arts.