This is a talk about adversarial attacks ...

This is a talk about adversarial attacks and defenses. The main question is

"How should we evaluate the effectiveness of defenses against adversarial attacks?"

After watching this talk, you will know what adversarial attacks and defenses are and you will have an overview of possible defense techniques. We look carefully at a paper from Nicholas Carlini and David Wagner ("Towards Evaluating the Robustness of Neural Networks", 2017).

If you have any questions or comment, don't hesitate to contact me. You find my email on the first slide.

References:

• Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks. IEEE Symposium on Security and Privacy, 2016. Nicholas Papernot et al.
• Explaining and Harnessing Adversarial Perturbations. ICLR, 2015. Ian J. Goodfellow et al.
• Towards Evaluating the Robustness of Neural Networks. IEEE Symposium on Security and Privacy, 2017. Nicholas Carlini and David Wagner
• Towards Deep Learning Models Resistant to Adversarial Attacks. ICLR, 2018. Aleksander Madry et al.
• Adversarial Patch. NIPS, 2017. Tom B. Brown et al.
• Robust Physical-World Attacks on Deep Learning Models. CVPR, 2018. Kevin Eykholt et al.

Links:

• Nicholas Carlini's talk at the 38th IEEE Symposium on Security and Privacy: https://www.youtube.com/watch?v=yIXNL88JBWQ
• Nicholas Carlini's website: https://nicholas.carlini.com
• A brief introduction to adversarial examples: https://people.csail.mit.edu/madry/lab/blog/adversarial/2018/07/06/adversarial_intro/