Скачать с ютуб Where ML security is broken and how to fix it (M. Pintor) в хорошем качестве

Where ML security is broken and how to fix it (M. Pintor)

Rigorous testing of machine learning models against test-time attacks is often impractical for modern deep learning systems. For these reasons, empirical methods, optimizing adversarial perturbations via gradient descent, are often used. To assess and mitigate the impacts of adversarial attacks, machine learning practitioners generate worst-case adversarial perturbations to test against their models. Yet, many proposed evaluations have proven to offer deceptive estimates of robustness, often failing under more thorough analysis. Although guidelines and best practices have been suggested to improve current adversarial robustness evaluations, the lack of automatic testing and debugging tools makes it difficult to apply these recommendations in practice and systematically. To this end, the analysis of failures in the optimization of adversarial attacks is the only valid strategy to avoid repeating mistakes of the past. Additionally, the continuous proposal of novel attacks results in overly optimistic and biased evaluations. To address this, we propose a comparison framework to evaluate and benchmark gradient-based attacks for optimizing adversarial examples, ensuring fair assessment and fostering advancements in ML security evaluations. Maura Pintor is an Assistant Professor at the PRA Lab, in the Department of Electrical and Electronic Engineering of the University of Cagliari, Italy, Italy. She received her PhD in Electronic and Computer Engineering from the University of Cagliari in 2022. She is reviewer for ACM CCS, ECCV, ICPR, ICLR, ACSAC, ICCV, and for several Q1 journals. She is co-chair of the ACM Workshop on Artificial Intelligence and Security (AISec), co-located with ACM CCS, and Area Chair for NeurIPS.