ABSTRACT
Deep neural networks have experienced unprecedented success in a variety of domains, including image recognition, audio processing, language modeling, and autonomous driving. However, input data can be subtly altered to cause significant mispredictions by deep learning systems. Often, these changes are completely imperceptible to humans. This chapter explores these kinds of attacks through an analysis of the rapidly developing field of adversarial machine learning. The chapter begins with a case study that focuses on attacks against autonomous vehicles. Then, the chapter connects adversarial machine learning to a more formal security model by introducing a taxonomy of adversarial attacks that covers threat categories and an information-level hierarchy. Attack generation against machine learning models is covered end to end: how an adversary might analyze a machine learning model, build a pseudo-model, and generate adversarial samples to attack the model. Defenses are also surveyed: adversarial training, defensive distillation, gradient masking, and detection defenses such as feature squeezing and reformers. The importance of adversarial machine learning is highlighted via its impact on several problem domains, including face recognition, antivirus, and online search. Finally, the chapter concludes with recent developments, trends, and where the future of adversarial machine learning may lead.
