SlideShare une entreprise Scribd logo

Defend against adversarial AI using Adversarial Robustness Toolbox

Télécharger en tant que PPTX, PDF
Animesh Singh
Animesh Singh

With great power comes great responsibility. Adversarial examples in AI pose an asymmetrical challenge with respect to attackers and defenders. AI developers must be empowered to defend deep neural networks against adversarial attacks and allow rapid crafting and analysis of attack and defense methods for machine learning models. Animesh Singh and Tommy Li explain how to implement state-of-the-art methods for attacking and defending classifiers using the open source Adversarial Robustness Toolbox. The library provides AI developers with interfaces that support the composition of comprehensive defense systems using individual methods as building blocks. Animesh and Tommy then demonstrate how to use a Jupyter notebook to leverage attack methods from the Adversarial Robustness Toolbox (ART) into a model training pipeline. This notebook trains a CNN model on the Fashion MNIST dataset, and the generated adversarial samples are used to evaluate the robustness of the trained model.

Données & analyses
1  sur  57
Animesh Singh & Tommy Li AI and Deep Learning Platform, IBM Defend against adversarial AI using Adversarial Robustness Toolbox ART CODAIT codait.org
Center for Open Source Data and AI Technologies (CODAIT) Code – Build and improve practical frameworks to enable more developers to realize immediate value. Content – Showcase solutions for complex and real-world AI problems. Community – Bring developers and data scientists to engage with IBM Improving Enterprise AI lifecycle in Open Source • Team contributes to over 10 open source projects • 17 committers and many contributors in Apache projects • Over 1100 JIRAs and 66,000 lines of code committed to Apache Spark itself; over 65,000 LoC into SystemML • Over 25 product lines within IBM leveraging Apache Spark • Speakers at over 100 conferences, meetups, unconferences and more CODAIT codait.org
2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Progress in Deep Learning 2012 Introduced deep learning with GPUs 3 1997
2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Progress in Deep Learning 2012 Introduced deep learning with GPUs 4 2011
2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Progress in Deep Learning 2012 Introduced deep learning with GPUs 5 2017
2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Progress in Deep Learning 2012 Introduced deep learning with GPUs 6 2017 2018
2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Deep Leaning: Progress 2012 Introduced deep learning with GPUs IBM Cloud / Watson and Cloud Platform / © 2018 IBM Corporation 7
A human brain has: • 200 billion neurons • 32 trillion connections between them • 25 million “neurons” • 100 million connections (parameters) Deep Learning = Training Artificial Neural Networks IBM Cloud / Watson and Cloud Platform / © 2018 IBM Corporation 8
A human brain has: • 200 billion neurons • 32 trillion connections between them • 25 million “neurons” • 100 million connections (parameters) Deep Learning = Training Artificial Neural Networks IBM Cloud / Watson and Cloud Platform / © 2018 IBM Corporation 9
The Machine Learning Workflow 10
Perception
In reality the workflow spans teams …
Neural Network Design Workflow domain data design neural network HPO • neural network structure • hyperparameters NO Performance meets needs? Start another experiment optimal hyperparameters
Neural Network Design Workflow domain data HPO • neural network structure • hyperparameters NO yes Performance meets needs? Start another experiment trained model deployCloud optimal hyperparameters evaluat e BAD Still good! design neural network
AIOps Prepared and Analyzed Data AI PLATFORM Initial Model Trained Model Deployed Model AI Workflow
AIOps Prepared and Analyzed Data Trained Model Deployed Model Many tools available to build initial models Prepared and Analyzed Data Initial Model Deployed Model
AIOps Prepared and Analyzed Data Trained Model Deployed Model Many tools to train machine learning and deep learning models Prepared and Analyzed Data Initial Model Deployed Model FfDL
Fabric for Deep Learning https://github.com/IBM/FfDL FfDL Github Page https://github.com/IBM/FfDL FfDL dwOpen Page https://developer.ibm.com/code/open/projects/fabri c-for-deep-learning-ffdl/ FfDL Announcement Blog http://developer.ibm.com/code/2018/03/20/fabric- for-deep-learning FfDL Technical Architecture Blog http://developer.ibm.com/code/2018/03/20/democr atize-ai-with-fabric-for-deep-learning Deep Learning as a Service within Watson Studio https://www.ibm.com/cloud/deep-learning Research paper: “Scalable Multi-Framework Management of Deep Learning Training Jobs” http://learningsys.org/nips17/assets/papers/paper_ 29.pdf • Fabric for Deep Learning or FfDL (pronounced as ‘fiddle’ aims at making Deep Learning easily accessible to Data Scientists, and AI developers. • FfDL Provides a consistent way to train and visualize Deep Learning jobs across multiple frameworks like TensorFlow, Caffe, PyTorch, Keras etc. FfDL 18 Community Partners FfDL is one of InfoWorld’s 2018 Best of Open Source Software Award winners for machine learning and deep learning!
AIOps Trained Model Deployed Model And there are platforms to serve your models, create model catalogues etc. Prepared and Analyzed Data Initial Model Deployed Model FfDL kube-batch Jupyter Enterprise Gateway MAX Istio OpenWhisk
AIOps Prepared and Analyzed Data Trained Model Deployed Model But what about trust in AI? Prepared and Analyzed Data Initial Model Deployed Model Can the trained model be trusted? Can the dataset be trusted? Is the deployed model robust enough? Is the model vulnerable to adversarial attacks?
Is it fair? Is it easy to understand? Did anyone tamper with it? Is it accountable? #21, #32, #93 #21, #32, #93 What does it take to trust a decision made by a machine? (Other than that it is 99% accurate)?
FAIRNESS EXPLAINABILITY ROBUSTNESS ASSURANCE Our vision for Trusted AI Pillars of trust, woven into the lifecycle of an AI application
AIOps Prepared and Analyzed Data Trained Model Deployed Model Now how do we check for bias throughout AI lifecycle? Prepared and Analyzed Data Initial Model Deployed Model Are model weights biased? Are predictions biased? Is the dataset biased?
AIOps Prepared and Analyzed Data Trained Model Deployed Model Enter: AI Fairness 360 Prepared and Analyzed Data Initial Model Deployed Model AIF360
AI Fairness 360 https://github.com/IBM/AIF360 AIF360AIF360 toolkit is an open-source library to help detect and remove bias in machine learning models. The AI Fairness 360 Python package includes a comprehensive set of metrics for datasets and models to test for biases, explanations for these metrics, and algorithms to mitigate bias in datasets and models. Toolbox Fairness metrics (70+) Fairness metric explanations Bias mitigation algorithms (10) 25 Supported bias mitigation algorithms Optimized Preprocessing (Calmon et al., 2017) Disparate Impact Remover (Feldman et al., 2015) Equalized Odds Postprocessing (Hardt et al., 2016) Reweighing (Kamiran and Calders, 2012) Reject Option Classification (Kamiran et al., 2012) Prejudice Remover Regularizer (Kamishima et al., 2012) Calibrated Equalized Odds Postprocessing (Pleiss et al., 2017) Learning Fair Representations (Zemel et al., 2013) Adversarial Debiasing (Zhang et al., 2018) Supported fairness metrics Comprehensive set of group fairness metrics derived from selection rates and error rates Comprehensive set of sample distortion metrics Generalized Entropy Index (Speicher et al., 2018)
Metrics (70+)
(d’Alessandro et al., 2017) Algorithms (10)
© 2018 IBM Corporation IBM Confidential Demo Application: AI Fairness 360 Web Application http://aif360.mybluemix.net/
AIOps Prepared and Analyzed Data Trained Model Deployed Model Now let`s talk about Robustness Prepared and Analyzed Data Initial Model Deployed Model Is the model vulnerable to adversarial attacks? Is the dataset poisoned?
Deep learning and adversarial attacks 30 Deep Learning models are now used in many areas Can we trust them?
31 https://arxiv.org/pdf/1707.08945.p df Scarier example
32 https://arxiv.org/abs/1704.05712 Another Scarier example
Data AttackerNeural Network poison train input perturb output result $$$ benefit Adversarial Threats to AI Evasion attacks  Performed at test time  Perturb inputs with crafted noise  Model fails to predict correctly  Undetectable by humans Poisoning attacks  Performed at training time  Insert poisoned sample in training data  Use backdoor later
Exposure to poisoning • Could the attacker have created backdoors via poisoning of training data? Plausible deniability • How important is it for the adversary to use adversarial samples with strong resemblance to the original inputs? Type I vs type II errors • Is the attacker trying to bypass safeguards or aiming to cause false alarms? • What are the costs associated with such errors? Black vs white box • What knowledge does the attacker have about the AI model? • How does the attacker access the AI model? • Limitations to the number of queries? 34 Threat Models
Evasion attacks – an analysis 35 Why do adversarial examples exist? • Unless test error is 0%, there is always room for adversarial samples. • Attacks push inputs across the decision boundary. • Surprising: proximity of the nearest decision boundary! [Gilmer et al., 2018. Adversarial Spheres. https://arxiv.org/abs/1801.02774]
Evasion attacks – an analysis 36 Why do adversarial examples exist? Linearity hypothesis: • Neural Network outputs extrapolate linearly as a function of their inputs. • Adversarial examples push DNNs quickly outside their designated “operating range”. • Adversarial directions form a subspace. [Goodfellow et al., 2014. Explaining and Harnessing Adversarial Examples. https://arxiv.org/abs/1412.6572; Fawzi et al., 2016. Robustness of Classifiers: From Adversarial to Random Noise. Advances in Neural Information Processing Systems (NIPS)] Adversarial direction Modellogits(10classes)
Evasion attacks – an analysis 37 Why do adversarial examples exist? Fooling images: • DNNs don’t learn actually to recognize e.g. a schoolbus, but to discriminate it from any other object in the training set. [Nguyen et al., 2014. Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. https://arxiv.org/abs/1412.1897]
Robustness Metrics DetectionModel Hardening Static Data Preprocessing Model Design Statistical Tests Detector Networks Bayesian Uncertainty Attack Independent Attack Specific Adversarial Training Dynamic GaussianData Augmentation FeatureSqueezing LabelSmoothing ShatteredGradients StochasticGradients Saddlepoint Optimization Dimensionality Reduction BReLUs CLEVER GlobalLipschitzBound LossSensitivity MinimalPerturbation Adversarial SuccessRates MMD KernelDensity Estimates LocalIntrinsic Dimensionality Magnet DetectorsonInputs DetectorsonInternal Representations DropoutUncertainty BayesianSVMs How to defend? Taxonomy of defenses
How to defend? 39 Adversarial training • Train DNNs solely on adversarial samples • Increase DNN capacity to maintain accuracy on clean data • Use specific algorithm for crafting the adversarial samples [Madry et al., 2017. Towards Deep Learning Models Resistant to Adversarial Attacks. https://arxiv.org/abs/1706.06083] Performance on CIFAR-10 data Data Model Accuracy Original A 87.3% PGD-20 A 45.8% PGD-7 A’ 64.2% FGSM Anat 85.6%
How to defend? 40 Preprocessing data • Process samples in order to remove adversarial noise • Input the cleaned samples to the classifier • Somewhat effective, however can be easily defeated by an adaptive adversary. Feature squeezing [W. Xu, D. Evans, and Y. Qi. Feature squeezing: Detecting adversarial examples in deep neural networks. CoRR, abs/1704.01155, 2017a.]
How to defend? CLEVER Estimate Lipschitz constant to construct an ϵ-ball within which all images are correctly classified. 41 https://bigcheck.mybluemix.net We fit the cross Lipschitz constant samples in S (see Algorithm 1) with reverse Weibull class dis- tribution to obtain the maximum likelihood estimate of the location parameter ˆaW , scale parameter ˆbW and shape parameter ˆcW , as introduced in Theorem 4.1. To validate that reverse Weibull distri- bution isagood fit to theempirical distribution of thecross Lipschitz constant samples, weconduct Kolmogorov-Smirnov goodness-of-fit test (a.k.a. K-S test) to calculate the K-S test statistics D and corresponding p-values. Thenull hypothesis isthat samples S follow areverseWeibull distribution. Figure 2 plots the probability distribution function of the cross Lipschitz constant samples and the fitted Reverse Weibull distribution for images from various data sets and network architectures. The estimated MLE parameters, p-values, and the K-S test statistics D are also shown. We also calculate thepercentage of exampleswhoseestimation havep-valuesgreater than 0.05, asillustrated in Figure 3. If the p-value is greater than 0.05, the null hypothesis cannot be rejected, meaning that the underlying data samples fit a reverse Weibull distribution well. Figure 3 shows that all numbers are close to 100%, validating the use of reverse Weibull distribution as an underlying distribution of gradient norm samples empirically. Therefore, the fitted location parameter of reverse Weibull distribution (i.e., the extreme value), ˆaW , can be used as a good estimation of local cross Lipschitz constant to calculate theCLEVER score. Theexact numbers areshown in Table 5 in Appendix E. (a) CIFAR-MLP (b) MNIST-CNN (c) ImageNet-MobileNet Figure2: ThecrossLipschitz constant samplesfor threeimagesfrom CIFAR, MNIST and ImageNet datasets, and their fitted Reverse Weibull distributions with the corresponding MLE estimates of location, scale and shape parameters (aW , bW , cW ) shown on the top of each plot. The D-statistics of K-Stest and p-valuesaredenoted asksand pval. With small ksand high p-value, thehypothesized reverse Weibull distribution fits the empirical distribution of cross Lipschitz constant samples well. 80 85 90 95 100 percentage (%) MobileNet Resnet Inception CIFAR-BReLU CIFAR-DD CIFAR-CNN CIFAR-MLP MNIST-BReLU MNIST-DD MNIST-CNN MNIST-MLP p = 1 p = 2 (a) Least likely target 80 85 90 95 100 percentage (%) MobileNet Resnet Inception CIFAR-BReLU CIFAR-DD CIFAR-CNN CIFAR-MLP MNIST-BReLU MNIST-DD MNIST-CNN MNIST-MLP p = 1 p = 2 (b) Random target 80 85 90 95 100 percentage (%) MobileNet Resnet Inception CIFAR-BReLU CIFAR-DD CIFAR-CNN CIFAR-MLP MNIST-BReLU MNIST-DD MNIST-CNN MNIST-MLP p = 1 p = 2 (c) Top 2 target Proposal Highlights & Preliminary Results Abstract: Although neural networks are becoming the core engine for driving Artificial Intelligence (AI) research and technology at an unprecedented speed, recent studies have highlighted their lack of model robustness to adversarial attacks, giving rise to new safety/security challenges in both the digital space and the physical world. In order to address the emerging AI-security issue, this proposal aims to provide a certified robustness evaluation framework that jointly takes into consideration an arbitrary neural network model and its underlying datasets. Specifically, we aim at developing an attack-agnostic robustness metric to evaluate the robustness of neural network classifiers. We further aim at providing efficient data-driven schemes to improve model robustness by pinpointing exemplary anchor points inferred from the underlying datasets. Introduction Neural network classifiers are easily fooled by adversarial perturbations Visual illustration of adversarial examples crafted by adversarial attack algorithms in [2]. The original example (a) is an ostrich image selected from the ImageNet dataset. The adversarial examples in (b) are classified as the target class labels (safe, shoe shop and vacuum respectively) by the Inception-v3 model Motivations How do we evaluate the robustness of a neural network? • Upper bounds: Current robustness measure of neural network models are mostly dependent on attack methods e.g. distortions found by FGSM, I-FGSM, DeepFool, C&W attacks, etc. • Lower bounds: Theoretical robustness guarantees are limited Our goal: Devise attack-agnostic robustness metric for neural networks We proved that the robustness of a network is related to its local Lipschitz constant, which can be evaluated numerically via extreme value theory. Our approach [1]: • Targeted attack • untargeted attack Our approach – Cross Lipschitz Extreme Value for nEtwork Robustness (more results in [1]): [3, Hein] [4, Bastani] MNIST: least likely target CIFAR: least likely target ImageNet: least likely target Comparison of L-inf distortion l (luca@mit.edu), Lily Weng (twweng@mit.edu), Pin-Yu Chen (Pin- models are mostly dependent on attack methods e.g. distortions found by FGSM, I-FGSM, DeepFool, C&W attacks, etc. • Lower bounds: Theoretical robustness guarantees are limited We proved that the robustness of a network is related to its local Lipschitz constant, which can be evaluated numerically via extreme value theory. Our approach [1]: • Targeted attack • untargeted attack Etwork Robustness (more results in [1]): of Neural Networks: An Extreme Value Theory Approach,“ ICLR 2018 s of a classifier against adversarial manipulation,“ NIPS 2017 s,“ NIPS 2016 [3, Hein] [4, Bastani] ia adversarial examples,“ AAAI 2018 likely target ImageNet: least likely target Comparison of the CLEVER score calculated with {50,100,250,500} samples and the L2 distortion by CW attack on ImageNet models nal of Global Optimization, 1996[Weng et al., 2018. Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach. ICLR 2018]
How to defend? 42 Poisoning detection Poisoned MNIST sample (will be classified as ‘1’ by poisoned model with high probability). Unsupervised clustering of training data based on DNN internal activations: Discovers partition of poisonous vs normal training samples.
AIOps Prepared and Analyzed Data Trained Model Deployed Model How to do all this? Enter Adversarial Robustness Toolbox Prepared and Analyzed Data Initial Model Deployed Model ART
IBM Adversarial Robustness Toolbox ART ART is a library dedicated to adversarial machine learning. Its purpose is to allow rapid crafting and analysis of attack and defense methods for machine learning models. The Adversarial Robustness Toolbox provides an implementation for many state-of-the-art methods for attacking and defending classifiers. 44 https://github.com/IBM/adversarial-robustness- toolbox The Adversarial Robustness Toolbox contains implementations of the following attacks: Deep Fool (Moosavi-Dezfooli et al., 2015) Fast Gradient Method (Goodfellow et al., 2014) Jacobian Saliency Map (Papernot et al., 2016) Universal Perturbation (Moosavi-Dezfooli et al., 2016) Virtual Adversarial Method (Moosavi-Dezfooli et al., 2015) C&W Attack (Carlini and Wagner, 2016) NewtonFool (Jang et al., 2017) The following defense methods are also supported: Feature squeezing (Xu et al., 2017) Spatial smoothing (Xu et al., 2017) Label smoothing (Warde-Farley and Goodfellow, 2016) Adversarial training (Szegedy et al., 2013) Virtual adversarial training (Miyato et al., 2017)
The Adversarial Robustness Toolbox (ART) 45 • Library for adversarial machine learning • Baseline implementation of attacks and defenses for classifiers • Dedicated to images • Python 2 & 3 • MIT license • Supported frameworks: Load classifier model (Keras, TF, PyTorch etc) Perform attack Load ART modules Evaluate robustness
The Adversarial Robustness Toolbox (ART) 46 • Library for adversarial machine learning • Baseline implementation of attacks and defenses for classifiers • Dedicated to images • Python 2 & 3 • MIT license • Supported frameworks:
Adversarial Robustness Toolbox (ART) Poisoning detection • Detection based on clustering activations • Proof of attack strategy Evasion detection • Detector based on inputs • Detector based on activations Robustness metrics • CLEVER • Empirical robustness • Loss sensitivity Unified model API • Training • Prediction • Access to loss and prediction gradients Evasion defenses • Feature squeezing • Spatial smoothing • Label smoothing • Adversarial training • Virtual adversarial training • Thermometer encoding • Gaussian augmentation • Total variance minimization Evasion attacks • FGSM • JSMA • BIM • PGD • Carlini & Wagner • DeepFool • NewtonFool • Elastic net attack • Universal perturbation • Spatial transformations 47
Conclusions 48 • Adversarial attacks pose a threat to the deployment of AI in security critical applications • There is ongoing work on practical defenses with strong guarantees • Future work: analyzing the adversarial threat on other types of data (text, speech, video, time series…) Bigger picture: Trusted AI Security ↔ Fairness ↔ Explainability ↔ Privacy https://www.research.ibm.com/artificial-intelligence/trusted-ai/
49 ART Demo: https://art-demo.mybluemix.net/
ADVERSARIAL ROBUSTNESS TOOLBOX (ART) ATTACKING ALGORITHMS DEFENDING ALGORITHMS FABRIC FOR DEEP LEARNING (FfDL) DISTRIBUTED DEEP LEARNING TRAINING CLI SDK BROWSER OBJECT STORAGE Model Definition Training Data Trained Models 1 2 3 4 Code Pattern: Adversarial Robustness Toolbox and FfDL integration for detecting Model vulnerabilities
Jupyter notebook with an example 51 https://nbviewer.jupyter.org/github/IBM/adversarial-robustness-toolbox/ blob/master/notebooks/attack_defense_imagenet.ipynb
52
Load an ImageNet example image 53
54
55
Apply a defense method 56
AIOps Trained Model Deployed Model AI Lifecycle Prepared and Analyzed Data Initial Model Deployed Model FfDL kube-batch Jupyter Enterprise Gateway MAX AIF360 AIF360 Istio OpenWhisk ART

Recommandé

Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Oth...
Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Oth...Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Oth...
Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Oth...Hunter Carlisle
 
Spectral clustering Tutorial
Spectral clustering TutorialSpectral clustering Tutorial
Spectral clustering TutorialZitao Liu
 
Data Science, Machine Learning and Neural Networks
Data Science, Machine Learning and Neural NetworksData Science, Machine Learning and Neural Networks
Data Science, Machine Learning and Neural NetworksBICA Labs
 
Memebership inference attacks against machine learning models
Memebership inference attacks against machine learning modelsMemebership inference attacks against machine learning models
Memebership inference attacks against machine learning modelsRrubaa Panchendrarajan
 
ATL tutorial - EclipseCon 2008
ATL tutorial - EclipseCon 2008ATL tutorial - EclipseCon 2008
ATL tutorial - EclipseCon 2008William Piers
 
What is Apriori Algorithm | Edureka
What is Apriori Algorithm | EdurekaWhat is Apriori Algorithm | Edureka
What is Apriori Algorithm | EdurekaEdureka!
 
A friendly introduction to GANs
A friendly introduction to GANsA friendly introduction to GANs
A friendly introduction to GANsCsongor Barabasi
 
presentation.pdf
presentation.pdfpresentation.pdf
presentation.pdfcaa28steve
 

Recommandé

Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Oth...
Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Oth...Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Oth...
Secure Machine Learning: Overcoming Algorithmic Bias, Adversarial ML, and Oth...Hunter Carlisle
 
Spectral clustering Tutorial
Spectral clustering TutorialSpectral clustering Tutorial
Spectral clustering TutorialZitao Liu
 
Data Science, Machine Learning and Neural Networks
Data Science, Machine Learning and Neural NetworksData Science, Machine Learning and Neural Networks
Data Science, Machine Learning and Neural NetworksBICA Labs
 
Memebership inference attacks against machine learning models
Memebership inference attacks against machine learning modelsMemebership inference attacks against machine learning models
Memebership inference attacks against machine learning modelsRrubaa Panchendrarajan
 
ATL tutorial - EclipseCon 2008
ATL tutorial - EclipseCon 2008ATL tutorial - EclipseCon 2008
ATL tutorial - EclipseCon 2008William Piers
 
What is Apriori Algorithm | Edureka
What is Apriori Algorithm | EdurekaWhat is Apriori Algorithm | Edureka
What is Apriori Algorithm | EdurekaEdureka!
 
A friendly introduction to GANs
A friendly introduction to GANsA friendly introduction to GANs
A friendly introduction to GANsCsongor Barabasi
 
presentation.pdf
presentation.pdfpresentation.pdf
presentation.pdfcaa28steve
 
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfAWS Chicago
 
Demystifying Graph Neural Networks
Demystifying Graph Neural NetworksDemystifying Graph Neural Networks
Demystifying Graph Neural NetworksNeo4j
 
Machine Learning Ml Overview Algorithms Use Cases And Applications
Machine Learning Ml Overview Algorithms Use Cases And ApplicationsMachine Learning Ml Overview Algorithms Use Cases And Applications
Machine Learning Ml Overview Algorithms Use Cases And ApplicationsSlideTeam
 
Model Evaluation in the land of Deep Learning
Model Evaluation in the land of Deep LearningModel Evaluation in the land of Deep Learning
Model Evaluation in the land of Deep LearningPramit Choudhary
 
Unified Medical Language System & MetaMap
Unified Medical Language System & MetaMapUnified Medical Language System & MetaMap
Unified Medical Language System & MetaMapOsama Jomaa
 
Machine Learning Final presentation
Machine Learning Final presentation Machine Learning Final presentation
Machine Learning Final presentation AyanaRukasar
 
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptx
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptxNeo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptx
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptxNeo4j
 
AutoML - The Future of AI
AutoML - The Future of AIAutoML - The Future of AI
AutoML - The Future of AINing Jiang
 
Journey of Generative AI
Journey of Generative AIJourney of Generative AI
Journey of Generative AIthomasjvarghese49
 
Generative AI, WiDS 2023.pptx
Generative AI, WiDS 2023.pptxGenerative AI, WiDS 2023.pptx
Generative AI, WiDS 2023.pptxColleen Farrelly
 
Learn to Use Databricks for the Full ML Lifecycle
Learn to Use Databricks for the Full ML LifecycleLearn to Use Databricks for the Full ML Lifecycle
Learn to Use Databricks for the Full ML LifecycleDatabricks
 
Machine learning ~ Forecasting
Machine learning ~ ForecastingMachine learning ~ Forecasting
Machine learning ~ ForecastingShaswat Mandhanya
 
Generative models
Generative modelsGenerative models
Generative modelsBirger Moell
 
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...Krishnaram Kenthapadi
 
The Future of AI is Generative not Discriminative 5/26/2021
The Future of AI is Generative not Discriminative 5/26/2021The Future of AI is Generative not Discriminative 5/26/2021
The Future of AI is Generative not Discriminative 5/26/2021Steve Omohundro
 
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...Neo4j
 
Using Generative AI
Using Generative AIUsing Generative AI
Using Generative AIMark DeLoura
 
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....Databricks
 
An Introduction to Generative AI - May 18, 2023
An Introduction to Generative AI - May 18, 2023An Introduction to Generative AI - May 18, 2023
An Introduction to Generative AI - May 18, 2023CoriFaklaris1
 
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...Ed Fernandez
 
Japan 20200724 v13
Japan 20200724 v13Japan 20200724 v13
Japan 20200724 v13ISSIP
 
IBM Developer Model Asset eXchange - Deep Learning for Everyone
IBM Developer Model Asset eXchange - Deep Learning for EveryoneIBM Developer Model Asset eXchange - Deep Learning for Everyone
IBM Developer Model Asset eXchange - Deep Learning for EveryoneNick Pentreath
 

Contenu connexe

Tendances

Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfAWS Chicago
 
Demystifying Graph Neural Networks
Demystifying Graph Neural NetworksDemystifying Graph Neural Networks
Demystifying Graph Neural NetworksNeo4j
 
Machine Learning Ml Overview Algorithms Use Cases And Applications
Machine Learning Ml Overview Algorithms Use Cases And ApplicationsMachine Learning Ml Overview Algorithms Use Cases And Applications
Machine Learning Ml Overview Algorithms Use Cases And ApplicationsSlideTeam
 
Model Evaluation in the land of Deep Learning
Model Evaluation in the land of Deep LearningModel Evaluation in the land of Deep Learning
Model Evaluation in the land of Deep LearningPramit Choudhary
 
Unified Medical Language System & MetaMap
Unified Medical Language System & MetaMapUnified Medical Language System & MetaMap
Unified Medical Language System & MetaMapOsama Jomaa
 
Machine Learning Final presentation
Machine Learning Final presentation Machine Learning Final presentation
Machine Learning Final presentation AyanaRukasar
 
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptx
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptxNeo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptx
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptxNeo4j
 
AutoML - The Future of AI
AutoML - The Future of AIAutoML - The Future of AI
AutoML - The Future of AINing Jiang
 
Generative AI, WiDS 2023.pptx
Generative AI, WiDS 2023.pptxGenerative AI, WiDS 2023.pptx
Generative AI, WiDS 2023.pptxColleen Farrelly
 
Learn to Use Databricks for the Full ML Lifecycle
Learn to Use Databricks for the Full ML LifecycleLearn to Use Databricks for the Full ML Lifecycle
Learn to Use Databricks for the Full ML LifecycleDatabricks
 
Machine learning ~ Forecasting
Machine learning ~ ForecastingMachine learning ~ Forecasting
Machine learning ~ ForecastingShaswat Mandhanya
 
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...Krishnaram Kenthapadi
 
The Future of AI is Generative not Discriminative 5/26/2021
The Future of AI is Generative not Discriminative 5/26/2021The Future of AI is Generative not Discriminative 5/26/2021
The Future of AI is Generative not Discriminative 5/26/2021Steve Omohundro
 
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...Neo4j
 
Using Generative AI
Using Generative AIUsing Generative AI
Using Generative AIMark DeLoura
 
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....Databricks
 
An Introduction to Generative AI - May 18, 2023
An Introduction to Generative AI - May 18, 2023An Introduction to Generative AI - May 18, 2023
An Introduction to Generative AI - May 18, 2023CoriFaklaris1
 
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...Ed Fernandez
 

Tendances (20)

Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdfSuresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
Suresh Poopandi_Generative AI On AWS-MidWestCommunityDay-Final.pdf
 
Demystifying Graph Neural Networks
Demystifying Graph Neural NetworksDemystifying Graph Neural Networks
Demystifying Graph Neural Networks
 
Machine Learning Ml Overview Algorithms Use Cases And Applications
Machine Learning Ml Overview Algorithms Use Cases And ApplicationsMachine Learning Ml Overview Algorithms Use Cases And Applications
Machine Learning Ml Overview Algorithms Use Cases And Applications
 
Model Evaluation in the land of Deep Learning
Model Evaluation in the land of Deep LearningModel Evaluation in the land of Deep Learning
Model Evaluation in the land of Deep Learning
 
Unified Medical Language System & MetaMap
Unified Medical Language System & MetaMapUnified Medical Language System & MetaMap
Unified Medical Language System & MetaMap
 
Machine Learning Final presentation
Machine Learning Final presentation Machine Learning Final presentation
Machine Learning Final presentation
 
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptx
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptxNeo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptx
Neo4j & AWS Bedrock workshop at GraphSummit London 14 Nov 2023.pptx
 
AutoML - The Future of AI
AutoML - The Future of AIAutoML - The Future of AI
AutoML - The Future of AI
 
Journey of Generative AI
Journey of Generative AIJourney of Generative AI
Journey of Generative AI
 
Generative AI, WiDS 2023.pptx
Generative AI, WiDS 2023.pptxGenerative AI, WiDS 2023.pptx
Generative AI, WiDS 2023.pptx
 
Learn to Use Databricks for the Full ML Lifecycle
Learn to Use Databricks for the Full ML LifecycleLearn to Use Databricks for the Full ML Lifecycle
Learn to Use Databricks for the Full ML Lifecycle
 
Machine learning ~ Forecasting
Machine learning ~ ForecastingMachine learning ~ Forecasting
Machine learning ~ Forecasting
 
Generative models
Generative modelsGenerative models
Generative models
 
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...
Fairness-aware Machine Learning: Practical Challenges and Lessons Learned (WS...
 
The Future of AI is Generative not Discriminative 5/26/2021
The Future of AI is Generative not Discriminative 5/26/2021The Future of AI is Generative not Discriminative 5/26/2021
The Future of AI is Generative not Discriminative 5/26/2021
 
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
 
Using Generative AI
Using Generative AIUsing Generative AI
Using Generative AI
 
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
 
An Introduction to Generative AI - May 18, 2023
An Introduction to Generative AI - May 18, 2023An Introduction to Generative AI - May 18, 2023
An Introduction to Generative AI - May 18, 2023
 
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...
Machine Learning Platformization & AutoML: Adopting ML at Scale in the Enterp...
 

Similaire à Defend against adversarial AI using Adversarial Robustness Toolbox

Japan 20200724 v13
Japan 20200724 v13Japan 20200724 v13
Japan 20200724 v13ISSIP
 
IBM Developer Model Asset eXchange - Deep Learning for Everyone
IBM Developer Model Asset eXchange - Deep Learning for EveryoneIBM Developer Model Asset eXchange - Deep Learning for Everyone
IBM Developer Model Asset eXchange - Deep Learning for EveryoneNick Pentreath
 
Big Data Spain 2018: How to build Weighted XGBoost ML model for Imbalance dat...
Big Data Spain 2018: How to build Weighted XGBoost ML model for Imbalance dat...Big Data Spain 2018: How to build Weighted XGBoost ML model for Imbalance dat...
Big Data Spain 2018: How to build Weighted XGBoost ML model for Imbalance dat...Alok Singh
 
AI Security : Machine Learning, Deep Learning and Computer Vision Security
AI Security : Machine Learning, Deep Learning and Computer Vision SecurityAI Security : Machine Learning, Deep Learning and Computer Vision Security
AI Security : Machine Learning, Deep Learning and Computer Vision SecurityCihan Özhan
 
Microsoft AI Platform - AETHER Introduction
Microsoft AI Platform - AETHER IntroductionMicrosoft AI Platform - AETHER Introduction
Microsoft AI Platform - AETHER IntroductionKarthik Murugesan
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stackMinhaz A V
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software EngineeringMiroslaw Staron
 
Data Science at Speed. At Scale.
Data Science at Speed. At Scale.Data Science at Speed. At Scale.
Data Science at Speed. At Scale.DataWorks Summit
 
IBM Developer Model Asset eXchange
IBM Developer Model Asset eXchangeIBM Developer Model Asset eXchange
IBM Developer Model Asset eXchangeNick Pentreath
 
Introducción al Machine Learning Automático
Introducción al Machine Learning AutomáticoIntroducción al Machine Learning Automático
Introducción al Machine Learning AutomáticoSri Ambati
 
TechEvent 2019: Artificial Intelligence in Dev & Ops; Martin Luckow - Trivadis
TechEvent 2019: Artificial Intelligence in Dev & Ops; Martin Luckow - TrivadisTechEvent 2019: Artificial Intelligence in Dev & Ops; Martin Luckow - Trivadis
TechEvent 2019: Artificial Intelligence in Dev & Ops; Martin Luckow - TrivadisTrivadis
 
ODSC18, London, How to build high performing weighted XGBoost ML Model for Re...
ODSC18, London, How to build high performing weighted XGBoost ML Model for Re...ODSC18, London, How to build high performing weighted XGBoost ML Model for Re...
ODSC18, London, How to build high performing weighted XGBoost ML Model for Re...Alok Singh
 
[DSC Adria 23] Muthu Ramachandran AI Ethics Framework for Generative AI such ...
[DSC Adria 23] Muthu Ramachandran AI Ethics Framework for Generative AI such ...[DSC Adria 23] Muthu Ramachandran AI Ethics Framework for Generative AI such ...
[DSC Adria 23] Muthu Ramachandran AI Ethics Framework for Generative AI such ...DataScienceConferenc1
 
Building Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to startBuilding Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to startMaxim Salnikov
 
Trusted, Transparent and Fair AI using Open Source
Trusted, Transparent and Fair AI using Open SourceTrusted, Transparent and Fair AI using Open Source
Trusted, Transparent and Fair AI using Open SourceAnimesh Singh
 
AI @ Microsoft, How we do it and how you can too!
AI @ Microsoft, How we do it and how you can too!AI @ Microsoft, How we do it and how you can too!
AI @ Microsoft, How we do it and how you can too!Microsoft Tech Community
 
Top Artificial Intelligence Tools & Frameworks in 2023.pdf
Top Artificial Intelligence Tools & Frameworks in 2023.pdfTop Artificial Intelligence Tools & Frameworks in 2023.pdf
Top Artificial Intelligence Tools & Frameworks in 2023.pdfYamuna5
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...Edge AI and Vision Alliance
 
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...DataWorks Summit/Hadoop Summit
 

Similaire à Defend against adversarial AI using Adversarial Robustness Toolbox (20)

Japan 20200724 v13
Japan 20200724 v13Japan 20200724 v13
Japan 20200724 v13
 
IBM Developer Model Asset eXchange - Deep Learning for Everyone
IBM Developer Model Asset eXchange - Deep Learning for EveryoneIBM Developer Model Asset eXchange - Deep Learning for Everyone
IBM Developer Model Asset eXchange - Deep Learning for Everyone
 
Big Data Spain 2018: How to build Weighted XGBoost ML model for Imbalance dat...
Big Data Spain 2018: How to build Weighted XGBoost ML model for Imbalance dat...Big Data Spain 2018: How to build Weighted XGBoost ML model for Imbalance dat...
Big Data Spain 2018: How to build Weighted XGBoost ML model for Imbalance dat...
 
AI Security : Machine Learning, Deep Learning and Computer Vision Security
AI Security : Machine Learning, Deep Learning and Computer Vision SecurityAI Security : Machine Learning, Deep Learning and Computer Vision Security
AI Security : Machine Learning, Deep Learning and Computer Vision Security
 
Microsoft AI Platform - AETHER Introduction
Microsoft AI Platform - AETHER IntroductionMicrosoft AI Platform - AETHER Introduction
Microsoft AI Platform - AETHER Introduction
 
High time to add machine learning to your information security stack
High time to add machine learning to your information security stackHigh time to add machine learning to your information security stack
High time to add machine learning to your information security stack
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software Engineering
 
Data Science at Speed. At Scale.
Data Science at Speed. At Scale.Data Science at Speed. At Scale.
Data Science at Speed. At Scale.
 
IBM Developer Model Asset eXchange
IBM Developer Model Asset eXchangeIBM Developer Model Asset eXchange
IBM Developer Model Asset eXchange
 
Introducción al Machine Learning Automático
Introducción al Machine Learning AutomáticoIntroducción al Machine Learning Automático
Introducción al Machine Learning Automático
 
TechEvent 2019: Artificial Intelligence in Dev & Ops; Martin Luckow - Trivadis
TechEvent 2019: Artificial Intelligence in Dev & Ops; Martin Luckow - TrivadisTechEvent 2019: Artificial Intelligence in Dev & Ops; Martin Luckow - Trivadis
TechEvent 2019: Artificial Intelligence in Dev & Ops; Martin Luckow - Trivadis
 
ODSC18, London, How to build high performing weighted XGBoost ML Model for Re...
ODSC18, London, How to build high performing weighted XGBoost ML Model for Re...ODSC18, London, How to build high performing weighted XGBoost ML Model for Re...
ODSC18, London, How to build high performing weighted XGBoost ML Model for Re...
 
[DSC Adria 23] Muthu Ramachandran AI Ethics Framework for Generative AI such ...
[DSC Adria 23] Muthu Ramachandran AI Ethics Framework for Generative AI such ...[DSC Adria 23] Muthu Ramachandran AI Ethics Framework for Generative AI such ...
[DSC Adria 23] Muthu Ramachandran AI Ethics Framework for Generative AI such ...
 
Building Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to startBuilding Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to start
 
Introduction to ML.NET
Introduction to ML.NETIntroduction to ML.NET
Introduction to ML.NET
 
Trusted, Transparent and Fair AI using Open Source
Trusted, Transparent and Fair AI using Open SourceTrusted, Transparent and Fair AI using Open Source
Trusted, Transparent and Fair AI using Open Source
 
AI @ Microsoft, How we do it and how you can too!
AI @ Microsoft, How we do it and how you can too!AI @ Microsoft, How we do it and how you can too!
AI @ Microsoft, How we do it and how you can too!
 
Top Artificial Intelligence Tools & Frameworks in 2023.pdf
Top Artificial Intelligence Tools & Frameworks in 2023.pdfTop Artificial Intelligence Tools & Frameworks in 2023.pdf
Top Artificial Intelligence Tools & Frameworks in 2023.pdf
 
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
“Responsible AI: Tools and Frameworks for Developing AI Solutions,” a Present...
 
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
 

Plus de Animesh Singh

Machine Learning Exchange (MLX)
Machine Learning Exchange (MLX)Machine Learning Exchange (MLX)
Machine Learning Exchange (MLX)Animesh Singh
 
KFServing Payload Logging for Trusted AI
KFServing Payload Logging for Trusted AIKFServing Payload Logging for Trusted AI
KFServing Payload Logging for Trusted AIAnimesh Singh
 
KFServing and Kubeflow Pipelines
KFServing and Kubeflow PipelinesKFServing and Kubeflow Pipelines
KFServing and Kubeflow PipelinesAnimesh Singh
 
Kubeflow Distributed Training and HPO
Kubeflow Distributed Training and HPOKubeflow Distributed Training and HPO
Kubeflow Distributed Training and HPOAnimesh Singh
 
Kubeflow Pipelines (with Tekton)
Kubeflow Pipelines (with Tekton)Kubeflow Pipelines (with Tekton)
Kubeflow Pipelines (with Tekton)Animesh Singh
 
KFServing - Serverless Model Inferencing
KFServing - Serverless Model InferencingKFServing - Serverless Model Inferencing
KFServing - Serverless Model InferencingAnimesh Singh
 
End to end Machine Learning using Kubeflow - Build, Train, Deploy and Manage
End to end Machine Learning using Kubeflow - Build, Train, Deploy and ManageEnd to end Machine Learning using Kubeflow - Build, Train, Deploy and Manage
End to end Machine Learning using Kubeflow - Build, Train, Deploy and ManageAnimesh Singh
 
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and IstioAdvanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and IstioAnimesh Singh
 
Hybrid Cloud, Kubeflow and Tensorflow Extended [TFX]
Hybrid Cloud, Kubeflow and Tensorflow Extended [TFX]Hybrid Cloud, Kubeflow and Tensorflow Extended [TFX]
Hybrid Cloud, Kubeflow and Tensorflow Extended [TFX]Animesh Singh
 
AIF360 - Trusted and Fair AI
AIF360 - Trusted and Fair AIAIF360 - Trusted and Fair AI
AIF360 - Trusted and Fair AIAnimesh Singh
 
AI & Machine Learning Pipelines with Knative
AI & Machine Learning Pipelines with KnativeAI & Machine Learning Pipelines with Knative
AI & Machine Learning Pipelines with KnativeAnimesh Singh
 
Fabric for Deep Learning
Fabric for Deep LearningFabric for Deep Learning
Fabric for Deep LearningAnimesh Singh
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Animesh Singh
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...Animesh Singh
 
How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...Animesh Singh
 
As a Service: Cloud Foundry on OpenStack - Lessons Learnt
As a Service: Cloud Foundry on OpenStack - Lessons LearntAs a Service: Cloud Foundry on OpenStack - Lessons Learnt
As a Service: Cloud Foundry on OpenStack - Lessons LearntAnimesh Singh
 
Introducing Cloud Native, Event Driven, Serverless, Micrsoservices Framework ...
Introducing Cloud Native, Event Driven, Serverless, Micrsoservices Framework ...Introducing Cloud Native, Event Driven, Serverless, Micrsoservices Framework ...
Introducing Cloud Native, Event Driven, Serverless, Micrsoservices Framework ...Animesh Singh
 
Finding and-organizing Great Cloud Foundry User Groups
Finding and-organizing Great Cloud Foundry User GroupsFinding and-organizing Great Cloud Foundry User Groups
Finding and-organizing Great Cloud Foundry User GroupsAnimesh Singh
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...Animesh Singh
 

Plus de Animesh Singh (20)

Machine Learning Exchange (MLX)
Machine Learning Exchange (MLX)Machine Learning Exchange (MLX)
Machine Learning Exchange (MLX)
 
KFServing Payload Logging for Trusted AI
KFServing Payload Logging for Trusted AIKFServing Payload Logging for Trusted AI
KFServing Payload Logging for Trusted AI
 
KFServing and Kubeflow Pipelines
KFServing and Kubeflow PipelinesKFServing and Kubeflow Pipelines
KFServing and Kubeflow Pipelines
 
KFServing and Feast
KFServing and FeastKFServing and Feast
KFServing and Feast
 
Kubeflow Distributed Training and HPO
Kubeflow Distributed Training and HPOKubeflow Distributed Training and HPO
Kubeflow Distributed Training and HPO
 
Kubeflow Pipelines (with Tekton)
Kubeflow Pipelines (with Tekton)Kubeflow Pipelines (with Tekton)
Kubeflow Pipelines (with Tekton)
 
KFServing - Serverless Model Inferencing
KFServing - Serverless Model InferencingKFServing - Serverless Model Inferencing
KFServing - Serverless Model Inferencing
 
End to end Machine Learning using Kubeflow - Build, Train, Deploy and Manage
End to end Machine Learning using Kubeflow - Build, Train, Deploy and ManageEnd to end Machine Learning using Kubeflow - Build, Train, Deploy and Manage
End to end Machine Learning using Kubeflow - Build, Train, Deploy and Manage
 
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and IstioAdvanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
Advanced Model Inferencing leveraging Kubeflow Serving, KNative and Istio
 
Hybrid Cloud, Kubeflow and Tensorflow Extended [TFX]
Hybrid Cloud, Kubeflow and Tensorflow Extended [TFX]Hybrid Cloud, Kubeflow and Tensorflow Extended [TFX]
Hybrid Cloud, Kubeflow and Tensorflow Extended [TFX]
 
AIF360 - Trusted and Fair AI
AIF360 - Trusted and Fair AIAIF360 - Trusted and Fair AI
AIF360 - Trusted and Fair AI
 
AI & Machine Learning Pipelines with Knative
AI & Machine Learning Pipelines with KnativeAI & Machine Learning Pipelines with Knative
AI & Machine Learning Pipelines with Knative
 
Fabric for Deep Learning
Fabric for Deep LearningFabric for Deep Learning
Fabric for Deep Learning
 
Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!Microservices, Kubernetes and Istio - A Great Fit!
Microservices, Kubernetes and Istio - A Great Fit!
 
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
How to build a Distributed Serverless Polyglot Microservices IoT Platform us...
 
How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...How to build an event-driven, polyglot serverless microservices framework on ...
How to build an event-driven, polyglot serverless microservices framework on ...
 
As a Service: Cloud Foundry on OpenStack - Lessons Learnt
As a Service: Cloud Foundry on OpenStack - Lessons LearntAs a Service: Cloud Foundry on OpenStack - Lessons Learnt
As a Service: Cloud Foundry on OpenStack - Lessons Learnt
 
Introducing Cloud Native, Event Driven, Serverless, Micrsoservices Framework ...
Introducing Cloud Native, Event Driven, Serverless, Micrsoservices Framework ...Introducing Cloud Native, Event Driven, Serverless, Micrsoservices Framework ...
Introducing Cloud Native, Event Driven, Serverless, Micrsoservices Framework ...
 
Finding and-organizing Great Cloud Foundry User Groups
Finding and-organizing Great Cloud Foundry User GroupsFinding and-organizing Great Cloud Foundry User Groups
Finding and-organizing Great Cloud Foundry User Groups
 
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
CAPS: What's best for deploying and managing OpenStack? Chef vs. Ansible vs. ...
 

Dernier

Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Delhi Call girls
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxolyaivanovalion
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...shivangimorya083
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfadriantubila
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxolyaivanovalion
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxolyaivanovalion
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxolyaivanovalion
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...amitlee9823
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...shambhavirathore45
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxMohammedJunaid861692
 

Dernier (20)

Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptx
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptx
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
 

Defend against adversarial AI using Adversarial Robustness Toolbox

  • 1. Animesh Singh & Tommy Li AI and Deep Learning Platform, IBM Defend against adversarial AI using Adversarial Robustness Toolbox ART CODAIT codait.org
  • 2. Center for Open Source Data and AI Technologies (CODAIT) Code – Build and improve practical frameworks to enable more developers to realize immediate value. Content – Showcase solutions for complex and real-world AI problems. Community – Bring developers and data scientists to engage with IBM Improving Enterprise AI lifecycle in Open Source • Team contributes to over 10 open source projects • 17 committers and many contributors in Apache projects • Over 1100 JIRAs and 66,000 lines of code committed to Apache Spark itself; over 65,000 LoC into SystemML • Over 25 product lines within IBM leveraging Apache Spark • Speakers at over 100 conferences, meetups, unconferences and more CODAIT codait.org
  • 3. 2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Progress in Deep Learning 2012 Introduced deep learning with GPUs 3 1997
  • 4. 2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Progress in Deep Learning 2012 Introduced deep learning with GPUs 4 2011
  • 5. 2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Progress in Deep Learning 2012 Introduced deep learning with GPUs 5 2017
  • 6. 2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Progress in Deep Learning 2012 Introduced deep learning with GPUs 6 2017 2018
  • 7. 2011 IBM Watson Jeopardy 2017 AlphaGo Apple’s releases Siri 1997 … Facebook’s face recognition 2015 2016 Siri gets deep learning IBM Deep Blue chess AlexNet Deep Leaning: Progress 2012 Introduced deep learning with GPUs IBM Cloud / Watson and Cloud Platform / © 2018 IBM Corporation 7
  • 8. A human brain has: • 200 billion neurons • 32 trillion connections between them • 25 million “neurons” • 100 million connections (parameters) Deep Learning = Training Artificial Neural Networks IBM Cloud / Watson and Cloud Platform / © 2018 IBM Corporation 8
  • 9. A human brain has: • 200 billion neurons • 32 trillion connections between them • 25 million “neurons” • 100 million connections (parameters) Deep Learning = Training Artificial Neural Networks IBM Cloud / Watson and Cloud Platform / © 2018 IBM Corporation 9
  • 10. The Machine Learning Workflow 10
  • 12. In reality the workflow spans teams …
  • 13. Neural Network Design Workflow domain data design neural network HPO • neural network structure • hyperparameters NO Performance meets needs? Start another experiment optimal hyperparameters
  • 14. Neural Network Design Workflow domain data HPO • neural network structure • hyperparameters NO yes Performance meets needs? Start another experiment trained model deployCloud optimal hyperparameters evaluat e BAD Still good! design neural network
  • 16. AIOps Prepared and Analyzed Data Trained Model Deployed Model Many tools available to build initial models Prepared and Analyzed Data Initial Model Deployed Model
  • 17. AIOps Prepared and Analyzed Data Trained Model Deployed Model Many tools to train machine learning and deep learning models Prepared and Analyzed Data Initial Model Deployed Model FfDL
  • 18. Fabric for Deep Learning https://github.com/IBM/FfDL FfDL Github Page https://github.com/IBM/FfDL FfDL dwOpen Page https://developer.ibm.com/code/open/projects/fabri c-for-deep-learning-ffdl/ FfDL Announcement Blog http://developer.ibm.com/code/2018/03/20/fabric- for-deep-learning FfDL Technical Architecture Blog http://developer.ibm.com/code/2018/03/20/democr atize-ai-with-fabric-for-deep-learning Deep Learning as a Service within Watson Studio https://www.ibm.com/cloud/deep-learning Research paper: “Scalable Multi-Framework Management of Deep Learning Training Jobs” http://learningsys.org/nips17/assets/papers/paper_ 29.pdf • Fabric for Deep Learning or FfDL (pronounced as ‘fiddle’ aims at making Deep Learning easily accessible to Data Scientists, and AI developers. • FfDL Provides a consistent way to train and visualize Deep Learning jobs across multiple frameworks like TensorFlow, Caffe, PyTorch, Keras etc. FfDL 18 Community Partners FfDL is one of InfoWorld’s 2018 Best of Open Source Software Award winners for machine learning and deep learning!
  • 19. AIOps Trained Model Deployed Model And there are platforms to serve your models, create model catalogues etc. Prepared and Analyzed Data Initial Model Deployed Model FfDL kube-batch Jupyter Enterprise Gateway MAX Istio OpenWhisk
  • 20. AIOps Prepared and Analyzed Data Trained Model Deployed Model But what about trust in AI? Prepared and Analyzed Data Initial Model Deployed Model Can the trained model be trusted? Can the dataset be trusted? Is the deployed model robust enough? Is the model vulnerable to adversarial attacks?
  • 21. Is it fair? Is it easy to understand? Did anyone tamper with it? Is it accountable? #21, #32, #93 #21, #32, #93 What does it take to trust a decision made by a machine? (Other than that it is 99% accurate)?
  • 22. FAIRNESS EXPLAINABILITY ROBUSTNESS ASSURANCE Our vision for Trusted AI Pillars of trust, woven into the lifecycle of an AI application
  • 23. AIOps Prepared and Analyzed Data Trained Model Deployed Model Now how do we check for bias throughout AI lifecycle? Prepared and Analyzed Data Initial Model Deployed Model Are model weights biased? Are predictions biased? Is the dataset biased?
  • 24. AIOps Prepared and Analyzed Data Trained Model Deployed Model Enter: AI Fairness 360 Prepared and Analyzed Data Initial Model Deployed Model AIF360
  • 25. AI Fairness 360 https://github.com/IBM/AIF360 AIF360AIF360 toolkit is an open-source library to help detect and remove bias in machine learning models. The AI Fairness 360 Python package includes a comprehensive set of metrics for datasets and models to test for biases, explanations for these metrics, and algorithms to mitigate bias in datasets and models. Toolbox Fairness metrics (70+) Fairness metric explanations Bias mitigation algorithms (10) 25 Supported bias mitigation algorithms Optimized Preprocessing (Calmon et al., 2017) Disparate Impact Remover (Feldman et al., 2015) Equalized Odds Postprocessing (Hardt et al., 2016) Reweighing (Kamiran and Calders, 2012) Reject Option Classification (Kamiran et al., 2012) Prejudice Remover Regularizer (Kamishima et al., 2012) Calibrated Equalized Odds Postprocessing (Pleiss et al., 2017) Learning Fair Representations (Zemel et al., 2013) Adversarial Debiasing (Zhang et al., 2018) Supported fairness metrics Comprehensive set of group fairness metrics derived from selection rates and error rates Comprehensive set of sample distortion metrics Generalized Entropy Index (Speicher et al., 2018)
  • 27. (d’Alessandro et al., 2017) Algorithms (10)
  • 28. © 2018 IBM Corporation IBM Confidential Demo Application: AI Fairness 360 Web Application http://aif360.mybluemix.net/
  • 29. AIOps Prepared and Analyzed Data Trained Model Deployed Model Now let`s talk about Robustness Prepared and Analyzed Data Initial Model Deployed Model Is the model vulnerable to adversarial attacks? Is the dataset poisoned?
  • 30. Deep learning and adversarial attacks 30 Deep Learning models are now used in many areas Can we trust them?
  • 33. Data AttackerNeural Network poison train input perturb output result $$$ benefit Adversarial Threats to AI Evasion attacks  Performed at test time  Perturb inputs with crafted noise  Model fails to predict correctly  Undetectable by humans Poisoning attacks  Performed at training time  Insert poisoned sample in training data  Use backdoor later
  • 34. Exposure to poisoning • Could the attacker have created backdoors via poisoning of training data? Plausible deniability • How important is it for the adversary to use adversarial samples with strong resemblance to the original inputs? Type I vs type II errors • Is the attacker trying to bypass safeguards or aiming to cause false alarms? • What are the costs associated with such errors? Black vs white box • What knowledge does the attacker have about the AI model? • How does the attacker access the AI model? • Limitations to the number of queries? 34 Threat Models
  • 35. Evasion attacks – an analysis 35 Why do adversarial examples exist? • Unless test error is 0%, there is always room for adversarial samples. • Attacks push inputs across the decision boundary. • Surprising: proximity of the nearest decision boundary! [Gilmer et al., 2018. Adversarial Spheres. https://arxiv.org/abs/1801.02774]
  • 36. Evasion attacks – an analysis 36 Why do adversarial examples exist? Linearity hypothesis: • Neural Network outputs extrapolate linearly as a function of their inputs. • Adversarial examples push DNNs quickly outside their designated “operating range”. • Adversarial directions form a subspace. [Goodfellow et al., 2014. Explaining and Harnessing Adversarial Examples. https://arxiv.org/abs/1412.6572; Fawzi et al., 2016. Robustness of Classifiers: From Adversarial to Random Noise. Advances in Neural Information Processing Systems (NIPS)] Adversarial direction Modellogits(10classes)
  • 37. Evasion attacks – an analysis 37 Why do adversarial examples exist? Fooling images: • DNNs don’t learn actually to recognize e.g. a schoolbus, but to discriminate it from any other object in the training set. [Nguyen et al., 2014. Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. https://arxiv.org/abs/1412.1897]
  • 38. Robustness Metrics DetectionModel Hardening Static Data Preprocessing Model Design Statistical Tests Detector Networks Bayesian Uncertainty Attack Independent Attack Specific Adversarial Training Dynamic GaussianData Augmentation FeatureSqueezing LabelSmoothing ShatteredGradients StochasticGradients Saddlepoint Optimization Dimensionality Reduction BReLUs CLEVER GlobalLipschitzBound LossSensitivity MinimalPerturbation Adversarial SuccessRates MMD KernelDensity Estimates LocalIntrinsic Dimensionality Magnet DetectorsonInputs DetectorsonInternal Representations DropoutUncertainty BayesianSVMs How to defend? Taxonomy of defenses
  • 39. How to defend? 39 Adversarial training • Train DNNs solely on adversarial samples • Increase DNN capacity to maintain accuracy on clean data • Use specific algorithm for crafting the adversarial samples [Madry et al., 2017. Towards Deep Learning Models Resistant to Adversarial Attacks. https://arxiv.org/abs/1706.06083] Performance on CIFAR-10 data Data Model Accuracy Original A 87.3% PGD-20 A 45.8% PGD-7 A’ 64.2% FGSM Anat 85.6%
  • 40. How to defend? 40 Preprocessing data • Process samples in order to remove adversarial noise • Input the cleaned samples to the classifier • Somewhat effective, however can be easily defeated by an adaptive adversary. Feature squeezing [W. Xu, D. Evans, and Y. Qi. Feature squeezing: Detecting adversarial examples in deep neural networks. CoRR, abs/1704.01155, 2017a.]
  • 41. How to defend? CLEVER Estimate Lipschitz constant to construct an ϵ-ball within which all images are correctly classified. 41 https://bigcheck.mybluemix.net We fit the cross Lipschitz constant samples in S (see Algorithm 1) with reverse Weibull class dis- tribution to obtain the maximum likelihood estimate of the location parameter ˆaW , scale parameter ˆbW and shape parameter ˆcW , as introduced in Theorem 4.1. To validate that reverse Weibull distri- bution isagood fit to theempirical distribution of thecross Lipschitz constant samples, weconduct Kolmogorov-Smirnov goodness-of-fit test (a.k.a. K-S test) to calculate the K-S test statistics D and corresponding p-values. Thenull hypothesis isthat samples S follow areverseWeibull distribution. Figure 2 plots the probability distribution function of the cross Lipschitz constant samples and the fitted Reverse Weibull distribution for images from various data sets and network architectures. The estimated MLE parameters, p-values, and the K-S test statistics D are also shown. We also calculate thepercentage of exampleswhoseestimation havep-valuesgreater than 0.05, asillustrated in Figure 3. If the p-value is greater than 0.05, the null hypothesis cannot be rejected, meaning that the underlying data samples fit a reverse Weibull distribution well. Figure 3 shows that all numbers are close to 100%, validating the use of reverse Weibull distribution as an underlying distribution of gradient norm samples empirically. Therefore, the fitted location parameter of reverse Weibull distribution (i.e., the extreme value), ˆaW , can be used as a good estimation of local cross Lipschitz constant to calculate theCLEVER score. Theexact numbers areshown in Table 5 in Appendix E. (a) CIFAR-MLP (b) MNIST-CNN (c) ImageNet-MobileNet Figure2: ThecrossLipschitz constant samplesfor threeimagesfrom CIFAR, MNIST and ImageNet datasets, and their fitted Reverse Weibull distributions with the corresponding MLE estimates of location, scale and shape parameters (aW , bW , cW ) shown on the top of each plot. The D-statistics of K-Stest and p-valuesaredenoted asksand pval. With small ksand high p-value, thehypothesized reverse Weibull distribution fits the empirical distribution of cross Lipschitz constant samples well. 80 85 90 95 100 percentage (%) MobileNet Resnet Inception CIFAR-BReLU CIFAR-DD CIFAR-CNN CIFAR-MLP MNIST-BReLU MNIST-DD MNIST-CNN MNIST-MLP p = 1 p = 2 (a) Least likely target 80 85 90 95 100 percentage (%) MobileNet Resnet Inception CIFAR-BReLU CIFAR-DD CIFAR-CNN CIFAR-MLP MNIST-BReLU MNIST-DD MNIST-CNN MNIST-MLP p = 1 p = 2 (b) Random target 80 85 90 95 100 percentage (%) MobileNet Resnet Inception CIFAR-BReLU CIFAR-DD CIFAR-CNN CIFAR-MLP MNIST-BReLU MNIST-DD MNIST-CNN MNIST-MLP p = 1 p = 2 (c) Top 2 target Proposal Highlights & Preliminary Results Abstract: Although neural networks are becoming the core engine for driving Artificial Intelligence (AI) research and technology at an unprecedented speed, recent studies have highlighted their lack of model robustness to adversarial attacks, giving rise to new safety/security challenges in both the digital space and the physical world. In order to address the emerging AI-security issue, this proposal aims to provide a certified robustness evaluation framework that jointly takes into consideration an arbitrary neural network model and its underlying datasets. Specifically, we aim at developing an attack-agnostic robustness metric to evaluate the robustness of neural network classifiers. We further aim at providing efficient data-driven schemes to improve model robustness by pinpointing exemplary anchor points inferred from the underlying datasets. Introduction Neural network classifiers are easily fooled by adversarial perturbations Visual illustration of adversarial examples crafted by adversarial attack algorithms in [2]. The original example (a) is an ostrich image selected from the ImageNet dataset. The adversarial examples in (b) are classified as the target class labels (safe, shoe shop and vacuum respectively) by the Inception-v3 model Motivations How do we evaluate the robustness of a neural network? • Upper bounds: Current robustness measure of neural network models are mostly dependent on attack methods e.g. distortions found by FGSM, I-FGSM, DeepFool, C&W attacks, etc. • Lower bounds: Theoretical robustness guarantees are limited Our goal: Devise attack-agnostic robustness metric for neural networks We proved that the robustness of a network is related to its local Lipschitz constant, which can be evaluated numerically via extreme value theory. Our approach [1]: • Targeted attack • untargeted attack Our approach – Cross Lipschitz Extreme Value for nEtwork Robustness (more results in [1]): [3, Hein] [4, Bastani] MNIST: least likely target CIFAR: least likely target ImageNet: least likely target Comparison of L-inf distortion l (luca@mit.edu), Lily Weng (twweng@mit.edu), Pin-Yu Chen (Pin- models are mostly dependent on attack methods e.g. distortions found by FGSM, I-FGSM, DeepFool, C&W attacks, etc. • Lower bounds: Theoretical robustness guarantees are limited We proved that the robustness of a network is related to its local Lipschitz constant, which can be evaluated numerically via extreme value theory. Our approach [1]: • Targeted attack • untargeted attack Etwork Robustness (more results in [1]): of Neural Networks: An Extreme Value Theory Approach,“ ICLR 2018 s of a classifier against adversarial manipulation,“ NIPS 2017 s,“ NIPS 2016 [3, Hein] [4, Bastani] ia adversarial examples,“ AAAI 2018 likely target ImageNet: least likely target Comparison of the CLEVER score calculated with {50,100,250,500} samples and the L2 distortion by CW attack on ImageNet models nal of Global Optimization, 1996[Weng et al., 2018. Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach. ICLR 2018]
  • 42. How to defend? 42 Poisoning detection Poisoned MNIST sample (will be classified as ‘1’ by poisoned model with high probability). Unsupervised clustering of training data based on DNN internal activations: Discovers partition of poisonous vs normal training samples.
  • 43. AIOps Prepared and Analyzed Data Trained Model Deployed Model How to do all this? Enter Adversarial Robustness Toolbox Prepared and Analyzed Data Initial Model Deployed Model ART
  • 44. IBM Adversarial Robustness Toolbox ART ART is a library dedicated to adversarial machine learning. Its purpose is to allow rapid crafting and analysis of attack and defense methods for machine learning models. The Adversarial Robustness Toolbox provides an implementation for many state-of-the-art methods for attacking and defending classifiers. 44 https://github.com/IBM/adversarial-robustness- toolbox The Adversarial Robustness Toolbox contains implementations of the following attacks: Deep Fool (Moosavi-Dezfooli et al., 2015) Fast Gradient Method (Goodfellow et al., 2014) Jacobian Saliency Map (Papernot et al., 2016) Universal Perturbation (Moosavi-Dezfooli et al., 2016) Virtual Adversarial Method (Moosavi-Dezfooli et al., 2015) C&W Attack (Carlini and Wagner, 2016) NewtonFool (Jang et al., 2017) The following defense methods are also supported: Feature squeezing (Xu et al., 2017) Spatial smoothing (Xu et al., 2017) Label smoothing (Warde-Farley and Goodfellow, 2016) Adversarial training (Szegedy et al., 2013) Virtual adversarial training (Miyato et al., 2017)
  • 45. The Adversarial Robustness Toolbox (ART) 45 • Library for adversarial machine learning • Baseline implementation of attacks and defenses for classifiers • Dedicated to images • Python 2 & 3 • MIT license • Supported frameworks: Load classifier model (Keras, TF, PyTorch etc) Perform attack Load ART modules Evaluate robustness
  • 46. The Adversarial Robustness Toolbox (ART) 46 • Library for adversarial machine learning • Baseline implementation of attacks and defenses for classifiers • Dedicated to images • Python 2 & 3 • MIT license • Supported frameworks:
  • 47. Adversarial Robustness Toolbox (ART) Poisoning detection • Detection based on clustering activations • Proof of attack strategy Evasion detection • Detector based on inputs • Detector based on activations Robustness metrics • CLEVER • Empirical robustness • Loss sensitivity Unified model API • Training • Prediction • Access to loss and prediction gradients Evasion defenses • Feature squeezing • Spatial smoothing • Label smoothing • Adversarial training • Virtual adversarial training • Thermometer encoding • Gaussian augmentation • Total variance minimization Evasion attacks • FGSM • JSMA • BIM • PGD • Carlini & Wagner • DeepFool • NewtonFool • Elastic net attack • Universal perturbation • Spatial transformations 47
  • 48. Conclusions 48 • Adversarial attacks pose a threat to the deployment of AI in security critical applications • There is ongoing work on practical defenses with strong guarantees • Future work: analyzing the adversarial threat on other types of data (text, speech, video, time series…) Bigger picture: Trusted AI Security ↔ Fairness ↔ Explainability ↔ Privacy https://www.research.ibm.com/artificial-intelligence/trusted-ai/
  • 50. ADVERSARIAL ROBUSTNESS TOOLBOX (ART) ATTACKING ALGORITHMS DEFENDING ALGORITHMS FABRIC FOR DEEP LEARNING (FfDL) DISTRIBUTED DEEP LEARNING TRAINING CLI SDK BROWSER OBJECT STORAGE Model Definition Training Data Trained Models 1 2 3 4 Code Pattern: Adversarial Robustness Toolbox and FfDL integration for detecting Model vulnerabilities
  • 51. Jupyter notebook with an example 51 https://nbviewer.jupyter.org/github/IBM/adversarial-robustness-toolbox/ blob/master/notebooks/attack_defense_imagenet.ipynb
  • 52. 52
  • 53. Load an ImageNet example image 53
  • 54. 54
  • 55. 55
  • 56. Apply a defense method 56
  • 57. AIOps Trained Model Deployed Model AI Lifecycle Prepared and Analyzed Data Initial Model Deployed Model FfDL kube-batch Jupyter Enterprise Gateway MAX AIF360 AIF360 Istio OpenWhisk ART