SLIDE 1
Recent Advances in Adversarial Machine Learning
Nicholas Carlini
Google Research
Recent Advances in Adversarial (Examples in) Machine Learning
Nicholas Carlini
Google Research
Recent Advances in Adversarial Machine Learning Nicholas Carlini - - PowerPoint PPT Presentation
Recent Advances in Adversarial Machine Learning Nicholas Carlini - - PowerPoint PPT Presentation
Recent Advances in Adversarial Machine Learning Nicholas Carlini Google Research Recent Advances in Adversarial (Examples in) Machine Learning Nicholas Carlini Google Research The Year is 2014 Someone tells you they have a new algorithm to
SLIDE 2
SLIDE 3
SLIDE 4
The Year is 2014
Someone tells you they have a new algorithm to generate human faces
SLIDE 5
The Year is 2014
"the theoretical work is primitive, and the experiments are pretty basic." "more results of how this helps on real tasks
- r real datasets"
SLIDE 6
SLIDE 7
The Year is 2017
Someone tells you they have a new algorithm to generate human faces
SLIDE 8
The Year is 2017
SLIDE 9
SLIDE 10
SLIDE 11
The Year is 2013
Someone tells you they have discovered a flaw in the robustness of neural networks
SLIDE 12
The Year is 2013
SLIDE 13
SLIDE 14
The Year is 2019
Someone tells you they have discovered a flaw in the robustness of neural networks
SLIDE 15
The Year is 2019
SLIDE 16
3 years: 6 years:
SLIDE 17
SLIDE 18
SLIDE 19
Background: Adversarial Examples
SLIDE 20
SLIDE 21
SLIDE 22
SLIDE 23
SLIDE 24
Truck Dog
Random Direction Random Direction
SLIDE 25
Dog Truck Airplane
Random Direction Adversarial Direction Adversarial Direction Random Direction
SLIDE 26
SLIDE 27
( (
SLIDE 28
SLIDE 29
Recent advances in ... Generating Adversarial Examples
SLIDE 30
SLIDE 31
Threat Model:
- Black Box
- Hard Label
- Query Access
SLIDE 32
SLIDE 33
SLIDE 34
SLIDE 35
SLIDE 36
SLIDE 37
SLIDE 38
SLIDE 39
SLIDE 40
SLIDE 41
SLIDE 42
SLIDE 43
SLIDE 44
SLIDE 45
SLIDE 46
SLIDE 47
SLIDE 48
SLIDE 49
SLIDE 50
SLIDE 51
SLIDE 52
SLIDE 53
SLIDE 54
SLIDE 55
SLIDE 56
SLIDE 57
SLIDE 58
SLIDE 59
SLIDE 60
SLIDE 61
SLIDE 62
SLIDE 63
SLIDE 64
SLIDE 65
SLIDE 66
SLIDE 67
SLIDE 68
SLIDE 69
SLIDE 70
Recent advances in ... Defending Against Adversarial Examples
SLIDE 71
Defenses I don't believe will be effective
SLIDE 72
... a bit more background
SLIDE 73
Transferability
SLIDE 74
SLIDE 75
SLIDE 76
SLIDE 77
SLIDE 78
SLIDE 79
SLIDE 80
SLIDE 81
SLIDE 82
SLIDE 83
SLIDE 84
SLIDE 85
SLIDE 86
CAT
SLIDE 87
CAT
SLIDE 88
DOG
SLIDE 89
DOG
SLIDE 90
SLIDE 91
DOG
SLIDE 92
DOG
SLIDE 93
DOG
SLIDE 94
DOG
SLIDE 95
SLIDE 96
DOG
SLIDE 97
DOG
SLIDE 98
DOG
SLIDE 99
You are being evil
SLIDE 100
SLIDE 101
Defenses I do believe will be effective
SLIDE 102
SLIDE 103
SLIDE 104
SLIDE 105
Randomized Mechanism
CAT
SLIDE 106
SLIDE 107
Original
SLIDE 108
L2 distortion: 4
SLIDE 109
Original
SLIDE 110
L2 distortion: 10
SLIDE 111
SLIDE 112
L2 = 75
SLIDE 113
Original
SLIDE 114
L2 distortion: 75
SLIDE 115
L2 distortion: 75
SLIDE 116
SLIDE 117
Recent advances in ... Why Adversarial Examples Exist
SLIDE 118
SLIDE 119
Dog Truck Airplane
Adversarial Direction Random Direction Adversarial Direction Random Direction
SLIDE 120
SLIDE 121
SLIDE 122
SLIDE 123
SLIDE 124
CAT DOG
Standard Training Dataset
SLIDE 125
Standard Testing Setup
DOG
SLIDE 126
Adversarial Testing Setup
CAT
SLIDE 127
CAT DOG
Standard Training Dataset
SLIDE 128
DOG CAT
Adversarial Training Dataset
SLIDE 129
Standard Testing Setup
DOG
SLIDE 130
Adversarial Testing Setup
DOG
SLIDE 131
CAT DOG
Standard Training Dataset
SLIDE 132
DOG CAT
Adversarial Training Dataset
SLIDE 133
DOG CAT
Confusing Training Dataset
SLIDE 134
Standard Testing Setup
DOG
SLIDE 135
DOG CAT
?!??!?!?? Training Dataset
SLIDE 136
Is a well-generalizing feature of CAT
SLIDE 137
SLIDE 138
Conclusion
SLIDE 139