Customizing Adversarial Machine Learning to Test Deep Learning Techniques


Over the past decade, machine learning (ML) and deep learning (DL) have achieved several breakthroughs, including Google’s driverless cars, IBM Watson, deep learning for playing Go, to name just a few. The apparition of ML-based software in various systems also raises concerns on their correct operation. Indeed, a non-perceivable modification to an image can fool an ML algorithm to make incorrect predictions, eg recognize a gibbon instead of a panda [1]. Recently, it has been reported that a change in the contrast of the image of a road can lead a DL algorithm to turn right instead of left [2]. These examples, whether they are natural or deliberately engineered, are labeled as adversarial. These cases have initiated a new trend in the ML community. Adversarial Machine Learning (advML) strives to understand, from security and safety points of view, how ML processes can be biased by the underlying training process or any further manipulations by potentially malicious people. The field is very active and the body of knowledge is growing [2],[3],[4],[5],[6]. Techniques usually focus on fooling ML algorithms by creating small changes with major impact on predictions. To do so, advML techniques usually take the role of attackers trying to pass through the defense that is represented by the ML decision system, trying to filter incoming data. AdvML relies on the design of ML algorithms and automatically targets specific aspects and weaknesses of the algorithm in order to craft new data, so as to make the ML decision system unusable as it will make too many mistakes in its predictions. Adversarial attacks can be used at training time or at exploitation …

1st Workshop on Deep Learning <=> Testing