Surprisingly, while there exists a rich body of literature on evasion and poisoning attacks against conventional, discriminative Machine Learning (ML) models, adversarial threats against GANs – or, more broadly, against Deep Generative Models (DGMs) – have not been analyzed before. To close this gap, we will introduce in this talk a formal threat model for training-time attacks against DGM. We will demonstrate that, with little effort, attackers can backdoor pre-trained DGMs and embed compromising data points which, when triggered, could cause material and/or reputational damage to the organization sourcing the DGM. Our analysis shows that the attacker can bypass naïve detection mechanisms, but that a combination of static and dynamic inspections of the DGM is effective in detecting our attacks.
By: Killian Levacher, Ambrish Rawat & Mathieu Sinn
Full Abstract & Presentation Materials:
https://www.blackhat.com/us-21/briefings/schedule/#the-devil-is-in-the-gan-defending-deep-generative-models-against-adversarial-attacks-23391
0 Comments