Julia Machine Learning: Adversarial Algorithms & Practical Applications
Discover the world of adversarial machine learning in Julia, including the intricacies of adversarial algorithms, distance metrics, and practical applications such as malware detection. Learn why Julia is a preferred language for machine learning tasks and how it excels in optimization challenges. Uncover the potential vulnerabilities in machine learning models and explore techniques to overcome adversarial attacks.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Adversarial Machine Learning in Julia Paul Gibby 12/10/2018
Adversarial Machine Learning Adversarial machine learning is when you take input and perturb it imperceptibly to make a machine learning algorithm respond incorrectly Most attacks currently target image classifiers The existence of these adversarial examples means that we can t fully trust the output of machine learning if an adversary can control the input. This is most dangerous in the case of malware classification
Why Julia? Julia is well suited for machine learning and optimization problems, and does them very fast. Easily extendable Many helpful libraries like Knet Easy parallelization Currently doesn t seem to exist yet in Julia (closest is a couple of implementations of GAN)
Adversarial Algorithms L-BFGS Optimization of a cost function with box constraints Fast Gradient Sign Method (FGSM) A single step of gradient descent. Weakest method, but very fast Iterative Gradient Sign Method (IGSM) Multiple steps of gradient descent JSMA For each step, finds a pair of pixels that if changed will have the greatest effect of moving the image to the target Carlini-Wagner A sophisticated attack that bypasses an early attempt at defense. Similar to L-BFGS, but optimized over a tanhspace and a different cost function
Distance Metrics We assess whether a change to an image is imperceptible by measuring its distance from the original L2 distance Standard Euclidean distance between flattened images Simple and fast DSSIM a measurement of visual distortion between two images More complicated, but better reflects human vision
Comparison with CleverHans Attack CleverHans (Python) Julia FGSM 0.14 .05 JSMA 20,000 75
Practical Application Malware Detection Took data of traits (API calls, etc) of malware and trained a classifier on it. With a simple algorithm, each malware could have a single feature added to it that causes a misclassification
