Machine Learning (ML)

Adversarial Machine Learning

By Nicolas Papernot (PhD), and Berkay Celik (PhD Candidate)

One of the limitations of machine learning in practice is that they are subject to adversarial samples. Adversarial samples are carefully modified inputs crafted to dictate a selected output. In the context of classification, adversarial samples are crafted so as to force a target model to classify them in a class different from their legitimate class. In this work, we focus on Deep Neural Networks (DNNs) for adversarial sample generation and attacker’s capabilities to evade systems built on DNNs.

This project produced two papers: The Limitations of Deep Learning in Adversarial Settings published in EuroS&P 2016, and Practical Black-Box Attacks against Machine Learning published in AsiaCCS 2017.