Abstract: Deep learning is the heart of current rise of artificial intelligence. Deep neural networks have shown phenomenal success, often beyond human capability, in solving complex problems. Therefore, they are being deployed in many real world systems. However, it has been recently observed that they are vulnerable to adversarial attacks; subtle perturbations to inputs that lead a deep learning model to make mistakes and predict incorrect outputs. This perturbation is intentionally designed to fool a deep neural network. In many cases, these modifications are often too small that a human observer cannot differentiate between the attacked and original input data, yet they are able to fool the deep learning model into mislabelling the input data even with high confidence.
Adversarial attacks pose a serious threat to the real world deployment of deep neural networks, especially in safety critical systems like self-driving cars, surveillance, and security systems. They are able to compromise systems built on machine learning, even if the adversary has no access to the underlying model (e.g. its training procedure and/or its architecture and parameters).
Through use cases and illustrative examples, we will discuss how adversarial attacks pose a real world security threat? How can these attacks be performed? What are the different types of attacks? What are the different defence techniques so far and how to make a system more robust against adversarial attacks?
Bio: Sihem Romdhani received her MASc degree in Machine Learning from the department of Electrical and Computer Engineering at the University of Waterloo, where her research was focused on Deep Learning for Speech Recognition. She is currently working with Veeva Systems as a Machine Learning Engineer and Data Scientist, where she is building ML models for Natural Language Processing. She has led multiple projects on text parsing, sequence tagging, and information extraction from unstructured text data. Sihem is very interested in Deep Learning and how to apply it to solve new and challenging problems. Throughout her education, academic research, and work in industry, she gathered experiences and knowledge that she enjoys sharing by actively doing public presentations.