Advanced Adversarial Machine Learning
Chapter 1: Foundations of Adversarial ML Security
Review of Machine Learning Security Vulnerabilities
Threat Models in Machine Learning
Attack Surfaces: Training vs. Inference
Mathematical Formulation of Adversarial Examples
Taxonomy of Adversarial Attacks
Overview of Defense Strategies
Chapter 2: Advanced Evasion Attacks
Gradient-Based Attacks: FGSM, BIM, PGD Analysis
Optimization-Based Attacks: Carlini & Wagner Methods
Score-Based Attack Techniques
Decision-Based Attack Techniques
Transferability of Adversarial Examples
Attacking Ensemble Models
Implementing Evasion Attacks: Hands-on Practical
Chapter 3: Data Poisoning and Backdoor Attacks
Poisoning Attack Strategies: Availability vs Integrity
Targeted Data Poisoning Techniques
Backdoor Attack Mechanisms and Trigger Design
Clean-Label Poisoning Attacks
Analyzing Poisoning Impact on Model Training
Crafting Data Poisoning Attacks: Hands-on Practical
Chapter 4: Model Inference and Privacy Attacks
Membership Inference Attacks: Theory and Methods
Attribute Inference Techniques
Model Inversion and Reconstruction Attacks
Model Stealing: Functionality Extraction Methods
Relationship to Differential Privacy
Implementing Membership Inference: Hands-on Practical
Chapter 5: Robust Defense Mechanisms
Adversarial Training: Principles and Variations
Certified Defenses: Randomized Smoothing
Input Transformation Defenses
Gradient Masking and Obfuscation Issues
Defending Against Poisoning and Backdoors
Implementing Adversarial Training: Hands-on Practical
Chapter 6: Evaluating Model Robustness
Metrics for Adversarial Robustness
Benchmarking Tools and Frameworks
Adaptive Attacks: Evaluating Defenses Properly
Security Evaluations under Different Threat Models
Interpreting Robustness Evaluation Results
Setting up Robustness Benchmarks: Hands-on Practical
Chapter 7: Adversarial Examples in Specific Domains
Adversarial Attacks on Computer Vision Models
Generating Adversarial Text for NLP Models
Attacks on Reinforcement Learning Agents
Physical Adversarial Attacks
Domain-Specific Attack Considerations
Generating Adversarial Text: Practice
Review of Machine Learning Security Vulnerabilities
Was this section helpful?
- Adversarial Machine Learning: A Survey of the State-of-the-Art, Battista Biggio and Fabio Roli, 2018 Pattern Recognition, Vol. 84 (Elsevier) DOI: 10.1016/j.patcog.2018.05.013 - This survey provides an overview of attacks against machine learning, including data poisoning, adversarial examples, and privacy inference attacks.
- Intriguing properties of neural networks, Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus, 2013 arXiv preprint arXiv:1312.6199 DOI: 10.48550/arXiv.1312.6199 - This seminal paper introduced the concept of adversarial examples, demonstrating that small, imperceptible perturbations can cause deep neural networks to misclassify.
- Poisoning Attacks Against Support Vector Machines, Battista Biggio, Blaine Nelson, and Pavel Laskov, 2012 Proceedings of the 29th International Conference on Machine Learning (ICML '12) (JMLR, Inc.) - A foundational work detailing data poisoning attacks, specifically targeting support vector machines, illustrating how training data can be manipulated to degrade model performance.
- Membership Inference Attacks Against Machine Learning Models, Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov, 2017 2017 IEEE Symposium on Security and Privacy (SP) (IEEE) DOI: 10.1109/SP.2017.41 - This paper presented the first practical membership inference attack, showing how an adversary can determine if a specific data record was part of a model's training set.