papers in adversarial machine learning — adversarial machine learning

How Glaze and Nighshade try to protect artists

Posted by Dillon Niederhut on

Generative AI models have become increasingly effective at making usable art. Where does this leave artists? They can use tools like Glaze and Nightshade to discourage others from training models to reproduce their art, but this might not always work, and carries legal risks. Here's how they work.

Read more →


Minority reports (yes like the movie) as a machine learning defense

Posted by Dillon Niederhut on

Adversarial patch attacks are hard to defend against because they are robust to denoising-based defenses. A more effective strategy involves generating several partially occluded versions of the input image, getting a set of predictions, and then taking the *least common* predicted label.

Read more →


Know thy enemy : classifying attackers with adversarial fingerprinting

Posted by Dillon Niederhut on

In threat intelligence, you want to know the characteristics of possible adversaries. In the world of machine learning, this could mean keeping a database of "fingerprints" of known attacks, and using these to inform real time defense strategies if your inference system comes under attack. Would you like to know more?

Read more →


Steganalysis based detection of adversarial attacks

Posted by Dillon Niederhut on

Training adversarially robust machine learning models can be expensive. Instead, you can use a set of steganalysis approaches to detect malicious inputs before they hit your model. This reduces the cost of deployment and training while still promoting AI safety.

Read more →


What if adversarial defenses just need more JPEG?

Posted by Dillon Niederhut on

Adversarial patterns are specially crafted image perturbations that trick models into producing incorrect outputs. Applying JPEG compression to the inputs of a computer vision model can effectively "smear" out adversarial perturbations, making it more difficult to successfully launch an adversarial attack.

Read more →