2019年无处不在的对抗样本攻防.pptx

1、A Short Intro:无处不在的对抗样本攻防,扇贝算法团队负责人,无处不在的对抗样本攻防,01,What is an Adversarial Example?矛与盾（常见攻击和防御算法）新的趋势和风险,02,03,StyleGAN(2018),Tacotron(2017),GPT-2(2019),深度学习模型生成结果已经可以欺骗人类，那么模型可以被欺骗吗？,What is an Adversarial Example(对抗样本)?,Inputs that have been intentionally designed to cause a model to make a mistake

2、 Theyre like optical illusions for machines.,Adversarial Stop Sign,Adversarial Glasses,Adversarial Patch,Ian Goodfellow(Google Brain),Alexey Kurakin(Google Brain),Dawn Song(UC Berkeley),GeekPwn,Competition on Adversarial Attacks and Defenses 2018,CAAD CTF Ruleset,Non-Targeted Adversarial Attack(非定向攻

3、击)Slightly modify source image in a way that image will be classified incorrectly by generally unknown classifier.Targeted Adversarial Attack(定向攻击)Slightly modify source image in a way that image will be classified as specified target class by generally unknown classifier.Defense Against Adversarial

4、 Attack,无处不在的对抗样本攻防,01,What is an Adversarial Example?矛与盾（常见攻击和防御算法）新的趋势和风险,02,03,Example Attack Scenarios,FGSM(Fast Gradient Sign Method)BIM(Basic Iterative Method)MIM(Momentum Iterative FGSM)ATN(Adversarial Transformation Networks),Fun Results(transferability),Butterfly,Rabbit,Fun Results(transfer

5、ability),parachute,vehicle,Fun Results(transferability),aircraft carrier,guillotine,Example Defense Scenarios,Gradient maskingDetectionImage processing and randomization Adversarial training,Gradient Masking,24Papernot,Nicolas,et al.Practical black-box attacks against machine learning.Proceedings of

6、 the 2017 ACM on Asia Conference on Computer and Communications Security.ACM,2017.,Construct a model that does not have useful gradients24They break gradient-based white box attacks.But then they dont break black box attacks(e.g.,adversarial examples made for other models),Detection,Image processing