Evasion and Causative Attacks with Adversarial Deep Learning


报告题目:Evasion and Causative Attacks with Adversarial Deep Learning

报告人:石怡 教授




摘要:This talk is on a novel approach to launch and defend against the causative and evasion attacks on machine learning classifiers. As the preliminary step, the adversary starts with an exploratory attack based on deep learning (DL) and builds a functionally equivalent classifier by polling the online target classifier with input data and observing the returned labels. Using this inferred classifier, the adversary can select samples according to their DL scores and feed them to the original classifier. In an evasion attack, the adversary feeds the target classifier with test data after selecting samples with DL scores that are close to the decision boundary to increase the chance that these samples are misclassified. In a causative attack, the adversary feeds the target classifier with training data after changing the labels of samples with DL scores that are far away from the decision boundary to reduce the reliability of the training process. Results obtained for text and image classification show that the proposed evasion and causative attacks can significantly increase the error during test and training phases, respectively. A defense strategy is presented to change a small number of labels of the original classifier to prevent its reliable inference by the adversary and its effective use in evasion and causative attacks. These findings identify new vulnerabilities of machine learning and demonstrate that a proactive defense mechanism can reduce the impact of the underlying attacks.


石怡,1998年毕业于中国科技大学零零班获取学士学位,2001年毕业于中科院软件所(现中科院大学)获取硕士学位,2003年毕业于美国弗吉利亚理工大学获取第二个硕士学位,2007年毕业于美国弗吉利亚理工大学获取博士学位。现为IEEE高级会员,美国智能自动化公司高级研究员,美国弗吉利亚理工大学兼职助理教授。石怡博士是国际上知名的无线网络优化专家,已经在IEEE Transactions on Mobile Computing等著名期刊上和IEEE INFOCOM等著名会议上发表论文130多篇,并主编出版专著1部,参与编写专著5部。2006年,石博士以华盛顿区第一名的身份获得由中国政府颁发的“国家优秀自费留学生”的奖励;2008年和2011年,石博士的论文先后两次在IEEE INFOCOM会议中获得最佳论文奖及最佳论文入围奖。石博士担任IEEE Communications Surveys and Tutorials编辑,担任过3个workshop的技术委员会主席和近50个国际会议的技术委员会委员,包括IEEE INFOCOM, ACM MobiHoc, IEEE MILCOM, IEEE ICC, IEEE WCNC, IEEE GLOBECOM等。