Adversarial Machine Learning

Just read this paper. Short summary: when thinking of defenses to adversarial examples in ML, think of the threat model carefully. Nice paper. Also won the best paper award at ICML 2018 (@icmlconf ) Congrats to the authors!! arxiv.org/abs/1802.00420

Adversarial robustness is not free: decrease in natural accuracy may be inevitable. Silver lining: robustness makes gradients semantically meaningful (+ leads to adv. examples w/ GAN-like trajectories) arxiv.org/abs/1805.12152 (@tsiprasd @ShibaniSan @logan_engstrom @alex_m_turner)

Here's an article by @UofT about our new work on adversarial attacks on Face Detectors that help you preserve your privacy. news.engineering.utoronto.ca/privacy-filter…

Think BatchNorm helps training due to reducing internal covariate shift? Think again. (What BatchNorm *does* seem to do though, both empirically and in theory, is to smoothen out the optimization landscape.) (with @ShibaniSan @tsiprasd @andrew_ilyas) arxiv.org/abs/1805.11604

Excited by this direction of formal investigation for adversarial defences: Adversarial examples from computational constraints, Bubeck et al arxiv.org/abs/1805.10204

"No pixels are manipulated in this talk. No pandas are harmed..." Great ways to differentiate your talk from the rest of talks on adversarial examples... no more pandas please 😀

I'm speaking at the 1st Deep Learning and Security workshop (co-located with @IEEESSP ) at 1:30 today: ieee-security.org/TC/SPW2018/DLS/ I'll discuss research into defenses against adversarial examples, including future directions. Slides and lecture notes here: iangoodfellow.com/slides/2018-05…

This paper shows how to make adversarial examples with GANs. No need for a norm ball constraint. They look unperturbed to a human observer but break a model trained to resist large perturbations. arxiv.org/pdf/1805.07894…

LaVAN: Localized and Visible Adversarial Noise. A method to generate adversarial noise which is confined to small, localized patch of the image without covering any main objects of the image. arxiv.org/abs/1801.02608

Two papers accepted to ICML 2018. Congrats to all my amazing co-authors. Both on adversarial ML. The arxiv version of the papers are up, but we will update it soon based on reviewer comments. Arxiv versions: arxiv.org/abs/1711.08001 and arxiv.org/abs/1706.03922

Link to the paper on PATE- arxiv.org/abs/1610.05755

A detailed post on privacy in machine learning describing why do we need private ML algorithms, and how can we leverage PATE framework to achieve the same (by @NicolasPapernot and @goodfellow_ian) cleverhans.io/privacy/2018/0… #MachineLearning

Securing Distributed Machine Learning in High Dimensions arxiv.org/abs/1804.10140 #MachineLearningSecurity #AdversarialML

IBM Ireland just released "The Adversarial Robustness Toolbox: Securing AI Against Adversarial Threats". This library will allow rapid crafting and analysis of attacks and defense methods for machine learning models. ibm.com/blogs/research… #MachineLearningSecurity #AdversarialML