papers in adversarial machine learning — adversarial attack

What if adversarial defenses just need more JPEG?

Posted by Dillon Niederhut on

Adversarial patterns are specially crafted image perturbations that trick models into producing incorrect outputs. Applying JPEG compression to the inputs of a computer vision model can effectively "smear" out adversarial perturbations, making it more difficult to successfully launch an adversarial attack.

Read more →


Faceoff : using stickers to fool Face ID

Posted by Dillon Niederhut on

What if breaking into an office was as easy as wearing a special pair of glasses, or putting a sticker on your forehead? It can be, if you make the right adversarial patch. Learn how to use adversarial machine learning to hide from face recognition systems, or convince them that you are someone else.

Read more →


Spy GANs : using adversarial watermarks to send secret messages

Posted by Dillon Niederhut on

Sometimes, you need to send encrypted information, but also keep the fact that you are sending it a secret. Hiding secrets in regular data like this is called steganography, and it's cooler than it sounds, unless you are super into stegosaurus, and then it is exactly as cool as it sounds. With a few tweaks, you can use adversarial watermarking to hide information in normal-looking images and text. See how to do it here.

Read more →


Is it illegal to hack a machine learning model?

Posted by Dillon Niederhut on

Maybe.

Read more →


We're not so different, you and I: adversarial attacks are poisonous training samples

Posted by Dillon Niederhut on

Data poisoning is when someone adds small changes to a training dataset to cause any model trained on those data to misbehave. An effective heuristic approach involves generating adversarial examples instead. The authors show degradations in model accuracy that are worse than random chance performance.

Read more →