Upload File

the state of physical attacks on deep learning systems · lujo bauer mila jovovich (87%) sharif et...

  • Home
  • Documents
  • The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face
10
The State of Physical Attacks on Deep Learning Systems Earlence Fernandes Collaborators: Ivan Evtimov, Kevin Eykholt, Chaowei Xiao, Amir Rahmati, Florian Tramer, Bo Li, Atul Prakash, Tadayoshi Kohno, Dawn Song

Upload: others

Post on 06-Jul-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

TheStateofPhysicalAttacksonDeepLearningSystems

EarlenceFernandes

Collaborators:IvanEvtimov,KevinEykholt,Chaowei Xiao,AmirRahmati,FlorianTramer,BoLi,AtulPrakash,Tadayoshi Kohno,DawnSong

Page 2: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

ImagerecognitionObjectdetection

ScenesegmentationDNAvariantcalling

GameplayingSpeechrecognition

Re-enactingpoliticiansColorizingphotosPoseestimationDescribingphotosGeneratingphotos

TranslationMusiccompositions

CreatingartCreatingDNNs

PredictingearthquakesParticlephysics

QuantumchemistryRecommendationsCreatingfakenewsFightingfakenews

NLPAutomatedSurveillance

Page 3: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

DeepLearning+Cyber-PhysicalSystems

AirborneCollisionAvoidanceSystemXunmanned(ACASXu)

Apollo(Baidu)Self-DrivingCar

Page 4: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

TheGibbon-ImpersonatingPandaaka,AdversarialExamples

“panda”57.7%confidence

“gibbon”99.3%confidence

ImageCredit:OpenAI

=+ ε

ExplainingandHarnessingAdversarialExamples,Goodfellow etal.,arXiv 1412.6572,2015

But,anattackerrequirespixel-leveldigitalaccesstothemodel’sinput

Page 5: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

Howcanattackerscreatephysicalattacks?

Page 6: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

ACompendiumofPhysicalAttacksPrintingoutadigitallycreatedadversarialexampleworks,butislessrobusttoenvironmentalconditions

Printedpatternsoneyeglass-shapedcut-outscancompromisefacerecognition

clean adversarial

Kurakin etal.,AdversarialExamplesinthePhysicalWorld,arXiv 1607.02533,2016

FastGradientSignMethod(FGSM)approach

Lujo Bauer MilaJovovich(87%)

Sharifetal.,AccessorizetoaCrime:RealandStealthyAttacksonState-of-the-ArtFaceRecognition,CCS2016

Optimizationapproach

Page 7: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

ACompendiumofPhysicalAttacksStickersonStopsignscanfoolobjectclassifiersand

detectorsinarangeofphysicalconditions

Optimizationapproach

Eykholt etal.,RobustPhysical-WorldAttacksonDeepLearningVisualClassification,CVPR2018

Eykholt etal.,PhysicalAdversarialExamplesforObjectDetectors,WOOT2018

Mywork

Chenetal.,RobustPhysicalAdversarialAttackonFaster-RCNNObjectDetector,arXiv 1804.05810,2018

AttackerscanbackdoorDNNssothatspecialstickerscausespecificbehavior

Training-timeattack

Guetal.,BadNets:IdentifyingVulnerabilitiesintheMachineLearningModelSupplyChain,arXiv1708.06733,2017

Page 8: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

ACompendiumofPhysicalAttacks3Dprintedturtlescanberiflestoastate-of-the-artclassifier

AdversarialExamplescanhideinmusic

Patchesthatcamouflageanyobjectasatoasterexist

Athalye etal.,SynthesizingRobustAdversarialExamples,ICML2018

Expectation-over-Transformationsapproach(optimization)

Expectation-over-Transformationsapproach(optimization)

Brownetal.,AdversarialPatch,arXiv 1712.09665,May2018

Carlini etal.,AudioAdversarialExamples:TargetedAttacksonSpeech-

to-Text,DLSWorkshop2018

Yuanetal.,CommanderSong:ASystematicApproachforPractical

AdversarialVoiceRecognition,USENIXSecurity2018

Page 9: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

OpenQuestions

• Arethereotherphysicaldomainswherewecanexploreadversarialexamples?• Currentattacksonlylookatasinglemodel.But,amodelisonlyapartofthewholeCPS.Dotheseattackshavesystem-wideeffects?• Isthereanythingspecificaboutphysicaladversarialexamplesthatmakethemeasierormoredifficulttodefendagainst?• Shouldweonlydependon“pureML”techniquesfordefense?• WhataspectsofCPSscanweleveragetodefend(defenseindepth)?

Page 10: The State of Physical Attacks on Deep Learning Systems · Lujo Bauer Mila Jovovich (87%) Sharif et al., Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

Thankyou!

• Arethereotherphysicaldomainswherewecanexploreadversarialexamples?• Currentattacksonlylookatasinglemodel.But,amodelisonlyapartofthewholeCPS.Dotheseattackshavesystem-wideeffects?• Isthereanythingspecificaboutphysicaladversarialexamplesthatmakethemeasierormoredifficulttodefendagainst?• Shouldweonlydependon“pureML”techniquesfordefense?• WhataspectsofCPSscanweleveragetodefend(defenseindepth)?

EarlenceFernandes,[email protected],earlence.com


Accessorize your ride with harley davidson parts

E-Commerce Security - Application attacks - Server Attacks

How To Accessorize Your Neckline

2021 SEDONA ACCESSORIZE

Accessorize to a Crime: Real and Stealthy Attacks on State ...sbhagava/papers/face-rec-ccs16.pdfMahmood Sharif Carnegie Mellon University Pittsburgh, PA, USA [email protected] Sruti

Accessorize Lookbook FR SS13

RESIDENT EVIL : RETRIBUTION · Milla Jovovich Michelle Rodriguez RESIDENT EVIL : RETRIBUTION Kevin Durand Sienna Guillory Shawn Roberts Aryana Engineer Colin Salmon Johann Urb avec

Accessorize to a Crime: Real and Stealthy Attacks on State ...lbauer/papers/2016/ccs2016-face-recogn… · Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face

2021 SPORTAGE ACCESSORIZE - Kia Online Parts and Accessories

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

DECISION-BASED ADVERSARIAL ATTACKS RELIABLE ATTACKS

Software attacks Software Attacks DLL injection & API patching

Simple Techniques to Eliminate Severe Attacks: Panic Attacks

CUSTOMIZE. ACCESSORIZE. REVITALIZE. CONNECT . 2017 ...files.constantcontact.com/b00053a2401/5f5294d6-9d5c-430c-bc0e-cbf104... · CUSTOMIZE. ACCESSORIZE. REVITALIZE. CONNECT . GENUINE

About Barton Perreira - Home | Audeze Uncompromised …€¦ ·  · 2014-05-05About Barton Perreira ... Ribisi, Milla Jovovich, Jack White, Radiohead and the Beastie Boys. Pooling

Accessorize Your Day

Brazil Travel Tips Accessorize Your Car With A Roof Rack

Accessorize and Extend Your Peer to Peer Fundraising Website

Accessorize Expansion Plan Report

2014 Chevrolet Corvette lPos: how You ACCessorize A legend

Terrorist Attacks, Failed Attacks and Plots in the West ...cat-int.org/.../Terrorist-attacks-Report-2013-2016.pdf · Terrorist Attacks, Failed Attacks and Plots in the West linked

Accessorize Adidas Ann Christine Aqua Zoo Cvetko Bambi ...cdnsmall.lyoness.net/websitesharedfiles/dealer/download/hr/95000213... · Accessorize Adidas Ann Christine Aqua Zoo Cvetko

Accessorize Lookbook SS13

Dog store accessorize me

Milla Jovovich Actress (Nx Power Lite)

Accessorize AW12

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks

Accessorize to a Crime: Real Real and Stealthy Attacks on ...cis.csuohio.edu/~sschung/cis611/AttackFaceRecognitionPasad.pdf · Accessorize to a Crime: Real Real and Stealthy Attacks

Complete The Look Accessorize with MY SIZE

ACCESSORIZE YOUR WAY

ACCESSORIZE TO MAXIMIZE

Attacks Attacks AND Attacks!

Network Security Part II: Attacks Network Security Part II: Attacks Web Attacks

JEWELLERY - Unitimunitim.com.tr/images/lookbook-acc.pdf · hamsa hand pendant 182544, june 72,90 tl diamante arrow pendant 182533, june 72,90 tl. 36 37 z for accessorize z for accessorize

Network Security Part II: Attacks Backbone Attacks