Sunday 10:45 AM–11:30 AM in C11

Building robust AI models against adversarial attacks: Python libraries Cleverhans and Foolbox

Deya Chatterjee

Audience level:


This talk will demonstrate how Python libraries like Cleverhans & Foolbox can help tackle adversarial attacks, i.e., addition of small malicious inputs to a neural network to cause it to mis-classify. A code demo using Cleverhans will show how these attacks a) compromise private data & b) fool neural networks to make wrong predictions, with very harmful results in many use-cases & their defenses.


Motivation of the talk:

Deep learning systems for different use-cases and domains are increasingly becoming more common. Moreover, data breaches are reported upon widely in present times. An added threat in this regard is malicious actors launching adversarial attacks on our deep learning systems. That is why we urgently need to build more robust deep learning models and continually test the strength of their defenses by launching adversarial attacks against them. This is especially important in fields like healthcare where it can cost human life.

There is, and in recent years always has been, a great amount of buzz around AI and deep learning, but the topic of adversarial machine learning, and the broad topic of AI security (including differential privacy and federated learning) is less talked about in relative terms. I hope this talk can shed some light on this very relevant and important issue, as well as interest the audience to try out these Python libraries to build more robust models and defend them against such attacks.

What the talk will cover:

In this talk, I will discuss the hidden gems of Python libraries (like Cleverhans and Foolbox) that are very important to tackle such adversarial attacks. Adversarial attacks are nothing but addition of small amount of malicious input to a neural network to cause it to misclassify. I will show how these attacks a) compromise confidential and private data and b) fool neural networks to make wrong predictions. I will also demonstrate with code the different types of adversarial attacks and the possible attack defenses using Cleverhans and Foolbox libraries.

Outline of the talk:

The usual prerequisites for the talk are background knowledge of basic linear algebra, probability and stats, and basics of neural nets. However, though it has been marked as intermediate owing to the scope and depth of the topic, I'll try to make sure that it remains beginner friendly for the most part.

Subscribe to Receive PyData Updates