Motivation of the talk:

• Situation #1:
  Imagine a self-driving car on the road: they depend on computational perceptions of images of traffic signals. Now if that image is perturbed with very small imperceptible noise, it would lead the car to interpret the 'stop' signal as 'go' or maybe the 'go straight' as 'go left'. Imagine the kind of chaos and fatalities that would lead to!
• Situation #2:
  Say you are building a deep learning classifier to predict if a tumor is benign or malignant. If an attacker perturbs very slightly a particular image that the classifier predicted as 'malignant', it would result in what is called adversarial fooling of neural networks : the classifier (even if it is a state-of-the-art neural network) may predict the same one as 'benign'. That would lead to incorrect diagnosis and perhaps cost a life. (Same for a benign tumor caused to be predicted as malignant.)

Deep learning systems for different use-cases and domains are increasingly becoming more common. Moreover, data breaches are reported upon widely in present times. An added threat in this regard is malicious actors launching adversarial attacks on our deep learning systems. That is why we urgently need to build more robust deep learning models and continually test the strength of their defenses by launching adversarial attacks against them. This is especially important in fields like healthcare where it can cost human life.

There is, and in recent years always has been, a great amount of buzz around AI and deep learning, but the topic of adversarial machine learning, and the broad topic of AI security (including differential privacy and federated learning) is less talked about in relative terms. I hope this talk can shed some light on this very relevant and important issue, as well as interest the audience to try out these Python libraries to build more robust models and defend them against such attacks.

What the talk will cover:

In this talk, I will discuss the hidden gems of Python libraries (like Cleverhans and Foolbox) that are very important to tackle such adversarial attacks. Adversarial attacks are nothing but addition of small amount of malicious input to a neural network to cause it to misclassify. I will show how these attacks a) compromise confidential and private data and b) fool neural networks to make wrong predictions. I will also demonstrate with code the different types of adversarial attacks and the possible attack defenses using Cleverhans and Foolbox libraries.

Outline of the talk:

• Self-introduction. Why am I here? Setting expectations for the talk. [1.5 min]
• Introduction to adversarial examples: Visual presentation [4-5 min]
• Brief on adversarial attacks e.g. FGSM, BIM, targeted & un-targeted [6-7 min]
• Real life use-cases where adversarial examples become adversarial threats : Malware, disease diagnosis (FATAL), autonomous cars (ALSO FATAL) [2-3 min]
• What is Cleverhans? Success stories (Research) [1 min]
• Why is Cleverhans so cool? [2 min]
• Briefing about other libs as well, esp. Foolbox [5 min]
• Demo of the code: adversarial attacks in medical imaging : How to reciprocate results + how to improve results + scope of the work + contribute (Anyone is welcome!) [5-7 min]
• How to become a Cleverhans contributor? (or the other libs mentioned) [1.5 min]
• Q&A. [5 min]

The usual prerequisites for the talk are background knowledge of basic linear algebra, probability and stats, and basics of neural nets. However, though it has been marked as intermediate owing to the scope and depth of the topic, I'll try to make sure that it remains beginner friendly for the most part.