Seminar Series Archive
Yunhan Jia
Baidu X-Lab
April 12, 2019
11:00am - 12:00pm
Title:
Threat to Real-world Deep Learning Systems: Practical Attacks and Security Measures
Abstract:
Deep Neural networks (DNNs) have been shown to be vulnerable against carefully crafted adversarial inputs. While the arms race between attack and defense techniques of DNNs have been going on for a while, the battlefield is usually limited in digital domains. What consequences can these vulnerabilities have in real-world security critical systems has not been validated given physical constraints such as the black-box access to models, and differences between digitally generated perturbations and perturbations that can be applied physically. In this talk, I will first present two real-world adversarial attacks against security- and safety-critical systems: physical adversarial examples that fool the perception of autonomous vehicle and practical attacks against black-box commercial models provided by several major Machine Learning as a Service (MLaaS) providers. I will then introduce our efforts in mitigating the security problems of DNNs: A model robustness testing suit called Perceptron that benchmarks and verifies DNN models’ security and robustness properties against adversary, as well as physical condition changes. Finally we will discuss approaches to improve the DNN models’ robustness.
Speaker Bio:
Yunhan Jia is a Senior Security Scientist at Baidu USA, and is currently leading the AI security research at Baidu X-Lab. Yunhan received his Ph.D. from University of Michigan, and his research interest is network and system security. His research has discovered and mitigated security problems in systems such as autonomous vehicles, cloud AI platforms, IoT platforms, and smartphone OSes. His work has high impact both in academic and industry with eight top-tier conference papers, multiple CVEs, and are broadly covered by major news media. Currently, his focus has been the adversarial machine learning in real-world security- and safety-critical systems.