Note that the confidence for the panda label is way lower than the confidence for the gibbon level even!
Image credits: Brown et. al (2017) and this amazing book.
//gradient descent
theta' = theta - alpha. d(loss) //where loss is L(X,y,theta)
x'=x+alpha.d(loss) //generate adversarial examples
Source: AT-GAN paper by Wang et al. (Paper link)
Source: AT-GAN paper by Wang et al. (Paper link)
Based on targets, there are two types of attacks:
Based on access to model internalities, there are again two types of attacks:
from cleverhans.attacks import FastGradientMethod
//gradient descent
theta' = theta - alpha. d(loss) // where loss is L(X,y,theta)
x'=x+alpha.d(loss) // generate adversarial examples
//for FGSM replace alpha by epsilon, which is fixed perturbation per pixel
x'=x+epsilon.d(loss)
Are our systems at stake?
There are contrasting views to this.
Are our systems at stake?
Yes, they are.
Python (Tensorflow) library to test ML systems' vulnerability to adversarial examples
pip install cleverhans
pip install git+https://github.com/tensorflow/cleverhans.git#egg=cleverhans
Part 1: visual demo
Image credits for following 2 slides: Finlayson et al. and Ma et al. (ArXiv), MIT Media Lab and cyber.harvard.edu
Part 2: code snippets
Second code created as a wrapper over https://github.com/sgfin/adversarial-medicine
adds flexibility to an algorithm’s classification process so the model is less susceptible to exploitation
one model is trained to predict the output probs of another model that was trained on an earlier, baseline standard
Main takeaway: augment dataset with adversarial examples to make it more adversarially robust. But it doesn't perform well when attacker takes a different strategy.
To our project: ping me on Github/ LinkedIn
To Cleverhans ! Check out the issues.
Read the contributing guidelines.
Follow same method for other libs
Find one that matches with your favorite DL framework!