Your search keyword '"Kathrin Grosse"' showing total 5 results

1. Adversarial vulnerability bounds for Gaussian process classification

Author

Michael Thomas Smith, Kathrin Grosse, Michael Backes, and Mauricio A. Álvarez

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, ComputingMethodologies_PATTERNRECOGNITION, Statistics - Machine Learning, Artificial Intelligence, Machine Learning (stat.ML), Cryptography and Security (cs.CR), Software, Computer Science::Cryptography and Security, Machine Learning (cs.LG)

Abstract

Machine learning (ML) classification is increasingly used in safety-critical systems. Protecting ML classifiers from adversarial examples is crucial. We propose that the main threat is that of an attacker perturbing a confidently classified input to produce a confident misclassification. To protect against this we devise an adversarial bound (AB) for a Gaussian process classifier, that holds for the entire input domain, bounding the potential for any future adversarial method to cause such misclassification. This is a formal guarantee of robustness, not just an empirically derived result. We investigate how to configure the classifier to maximise the bound, including the use of a sparse approximation, leading to the method producing a practical, useful and provably robust classifier, which we test using a variety of datasets., Comment: 10 pages + 2 pages references + 7 pages of supplementary. 12 figures. Submitted to AAAI

Published

2022

2. Machine Learning Security in Industry: A Quantitative Survey

Author

Kathrin Grosse, Lukas Bieringer, Tarek R. Besold, Battista Biggio, and Katharina Krombholz

Subjects

organizations, machine learning security, FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, training data, training, quantitative user study, Computer Networks and Communications, security, adversarial machine learning, Machine Learning (cs.LG), data models, Computer Science - Computers and Society, machine learning, Computers and Society (cs.CY), production, Safety, Risk, Reliability and Quality, Cryptography and Security (cs.CR)

Abstract

Despite the large body of academic work on machine learning security, little is known about the occurrence of attacks on machine learning systems in the wild. In this paper, we report on a quantitative study with 139 industrial practitioners. We analyze attack occurrence and concern and evaluate statistical hypotheses on factors influencing threat perception and exposure. Our results shed light on real-world attacks on deployed machine learning. On the organizational level, while we find no predictors for threat exposure in our sample, the amount of implement defenses depends on exposure to threats or expected likelihood to become a target. We also provide a detailed analysis of practitioners' replies on the relevance of individual machine learning attacks, unveiling complex concerns like unreliable decision making, business information leakage, and bias introduction into models. Finally, we find that on the individual level, prior knowledge about machine learning security influences threat perception. Our work paves the way for more research about adversarial machine learning in practice, but yields also insights for regulation and auditing., Comment: Accepted at TIFS, version with more detailed appendix containing more detailed statistical results. 17 pages, 6 tables and 4 figures

Published

2022

3. Do winning tickets exist before DNN training?

Author

Kathrin Grosse and Michael Backes

Published

2021

4. Backdoor Smoothing: Demystifying Backdoor Attacks on Deep Neural Networks

Author

Kathrin Grosse, Taesung Lee, Battista Biggio, Youngja Park, Michael Backes, and Ian Molloy

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, General Computer Science, Statistics - Machine Learning, Machine Learning (stat.ML), Cryptography and Security (cs.CR), Law, Machine Learning (cs.LG)

Abstract

Backdoor attacks mislead machine-learning models to output an attacker-specified class when presented a specific trigger at test time. These attacks require poisoning the training data to compromise the learning algorithm, e.g., by injecting poisoning samples containing the trigger into the training set, along with the desired class label. Despite the increasing number of studies on backdoor attacks and defenses, the underlying factors affecting the success of backdoor attacks, along with their impact on the learning algorithm, are not yet well understood. In this work, we aim to shed light on this issue by unveiling that backdoor attacks induce a smoother decision function around the triggered samples -- a phenomenon which we refer to as \textit{backdoor smoothing}. To quantify backdoor smoothing, we define a measure that evaluates the uncertainty associated to the predictions of a classifier around the input samples. Our experiments show that smoothness increases when the trigger is added to the input samples, and that this phenomenon is more pronounced for more successful attacks. We also provide preliminary evidence that backdoor triggers are not the only smoothing-inducing patterns, but that also other artificial patterns can be detected by our approach, paving the way towards understanding the limitations of current defenses and designing novel ones., 9 pages, 7 figures, under submission

Published

2020

5. MLCapsule: Guarded Offline Deployment of Machine Learning as a Service

Author

Yang Zhang, Mario Fritz, Max Augustin, Kathrin Grosse, Ahmed Salem, Lucjan Hanzlik, and Michael Backes

Subjects

Service (business), Reverse engineering, FOS: Computer and information sciences, Computer Science - Machine Learning, Information privacy, Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer science, business.industry, Control (management), Machine Learning (stat.ML), Service provider, Business model, Machine learning, computer.software_genre, Data modeling, Machine Learning (cs.LG), Artificial Intelligence (cs.AI), Statistics - Machine Learning, Software deployment, Artificial intelligence, business, computer, Cryptography and Security (cs.CR)

Abstract

With the widespread use of machine learning (ML) techniques, ML as a service has become increasingly popular. In this setting, an ML model resides on a server and users can query it with their data via an API. However, if the user's input is sensitive, sending it to the server is undesirable and sometimes even legally not possible. Equally, the service provider does not want to share the model by sending it to the client for protecting its intellectual property and pay-per-query business model. In this paper, we propose MLCapsule, a guarded offline deployment of machine learning as a service. MLCapsule executes the model locally on the user's side and therefore the data never leaves the client. Meanwhile, MLCapsule offers the service provider the same level of control and security of its model as the commonly used server-side execution. In addition, MLCapsule is applicable to offline applications that require local execution. Beyond protecting against direct model access, we couple the secure offline deployment with defenses against advanced attacks on machine learning models such as model stealing, reverse engineering, and membership inference.

Published

2018