413 research outputs found
Are You Tampering With My Data?
We propose a novel approach towards adversarial attacks on neural networks
(NN), focusing on tampering the data used for training instead of generating
attacks on trained models. Our network-agnostic method creates a backdoor
during training which can be exploited at test time to force a neural network
to exhibit abnormal behaviour. We demonstrate on two widely used datasets
(CIFAR-10 and SVHN) that a universal modification of just one pixel per image
for all the images of a class in the training set is enough to corrupt the
training procedure of several state-of-the-art deep neural networks causing the
networks to misclassify any images to which the modification is applied. Our
aim is to bring to the attention of the machine learning community, the
possibility that even learning-based methods that are personally trained on
public datasets can be subject to attacks by a skillful adversary.Comment: 18 page
Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
Learning-based pattern classifiers, including deep networks, have shown
impressive performance in several application domains, ranging from computer
vision to cybersecurity. However, it has also been shown that adversarial input
perturbations carefully crafted either at training or at test time can easily
subvert their predictions. The vulnerability of machine learning to such wild
patterns (also referred to as adversarial examples), along with the design of
suitable countermeasures, have been investigated in the research field of
adversarial machine learning. In this work, we provide a thorough overview of
the evolution of this research area over the last ten years and beyond,
starting from pioneering, earlier work on the security of non-deep learning
algorithms up to more recent work aimed to understand the security properties
of deep learning algorithms, in the context of computer vision and
cybersecurity tasks. We report interesting connections between these
apparently-different lines of work, highlighting common misconceptions related
to the security evaluation of machine-learning algorithms. We review the main
threat models and attacks defined to this end, and discuss the main limitations
of current work, along with the corresponding future challenges towards the
design of more secure learning algorithms.Comment: Accepted for publication on Pattern Recognition, 201
- …