Title: From Pandas and Gibbons to Malware Detection: Attacking and Defending Real-world Uses of Machine Learning

Abstract: A multitude of research results has shown that slightly changing the inputs given to an ML algorithm can trick the algorithm into producing "wrong" outputs. Such research typically assumes that an attacker has complete control over the input but also wants to change the input as little as possible. In this talk I'll argue that practical threat models are different: attackers work under constraints and toward goals that most research typically doesn't consider. Using face recognition and malware detection as examples, I'll show that under more realistic constraints, defeating ML requires creating new attack methods. I'll also show that even assessing the risk of real-world uses of ML may require new definitions of robustness, which in turn enable better defenses but also more efficient attacks.

Bio: Lujo Bauer is a Professor of Electrical and Computer Engineering, and of Computer Science, at Carnegie Mellon University. He is also a member of CyLab, Carnegie Mellon's computer security and privacy institute. Lujo received his Ph.D. in Computer Science from Princeton University in 2003. Lujo's research examines many aspects of computer security and privacy, including building systems in which usability and  security co-exist and designing practical tools for identifying software  vulnerabilities. His recent work focuses on developing tools and guidance to help users stay safer online and on examining how advances in machine learning can (or might not) lead to a more secure future. Lujo served as program (co-)chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014), and is looking forward to doing so for USENIX in 2025.
 

 

Trustworthiness of Machine-Learning-Based Systems (TrustML) Research Cluster

Vancouver, BC Canada

UBC receives support for managing its research enterprise from the federal Research Support Fund.

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Bluesky The logo for the Bluesky social media service. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. External Link An arrow entering a square. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service.