Practical Defenses Against Adversarial Machine Learning

Presented at Black Hat USA 2020 Virtual, Aug. 5, 2020, 2:30 p.m. (40 minutes)

Adversarial machine learning has hit the spotlight as a topic relevant to practically-minded security teams, but noise and hype have diluted the discourse to gradient-based comparisons of blueberry muffins and chihuahuas. This fails to reflect the attack landscape, making it difficult to adequately assess the risks. More concerning still, recommendations for mitigations are similarly lacking in their calibration to real threats. This talk discusses research conducted over the past year on real-world attacks against machine learning systems which include recommendation engines, algorithmic trading platforms, email filtering - in addition to the classic examples of facial recognition and malware classification. We'll begin by discussing the difference between academic and deployment attack environments before diving into real-world attack examples. Most importantly, the bulk of the session will detail practical defensive measures.

Presenters:

• Ariel Herbert-Voss - Senior Research Scientist, OpenAI
  Ariel Herbert-Voss is a Senior Research Scientist at OpenAI where she works on breaking machine learning systems at the algorithmic level and loves all things to do with malicious uses and abuses of AI. She is a PhD student at Harvard University and periodically conducts trainings on practical adversarial machine learning. She has spoken at DEF CON and NeurIPS and is co-founder and co-organizer of the DEF CON AI Village.

Links:

• https://www.blackhat.com/us-20/briefings/schedule/#practical-defenses-against-adversarial-machine-learning-20476

Similar Presentations:

• DEF CON 24 (2016) / Machine Duping 101: Pwning Deep Learning Systems
• BSidesLV 2017 / The New Cat and Mouse Game: Attacking and Defending Machine Learning Based Software
• ShmooCon XI (2015) / Practical Machine Learning for Network Security