Jon Vadillo Jueguen: “Broadening the Horizon of Adversarial Attacks in Deep Learning”.

Zuzendariak_Directores: José Antonio Lozano Alonso/ Roberto Santana Hermida.

2023_01_13, 10:30  Sala Ada Lovelace aretoa.

Abstract:

"Machine Learning models such as Deep Neural Networks (DNNs) are currently the core of a wide range of technologies applied in critical tasks, such as autonomous driving, malware detection or face recognition, and effectiveness and robustness are therefore two fundamental requirements for these models. However, DNNs can be easily fooled by inputs perturbed imperceptibly for humans, known as adversarial examples, which implies a security breach that can be maliciously exploited by an adversary for illicit purposes. Given that these vulnerabilities directly affect the integrity and reliability of multiple systems which are, progressively, being deployed in real-world applications, it is crucial to determine the scope of these vulnerabilities and how an adversary could exploit them for illegitimate purposes, in order to make a more responsible, aware and secure use of those systems. For these reasons, the main objective of this thesis is to investigate new notions of adversarial attacks and vulnerabilities in DNNs. As a result, throughout this thesis we introduce new attack paradigms that exceed or extend the capabilities of the methods currently available in the literature, as they are able to achieve more general, complex or ambitious goals. At the same time, based on these extended capabilities, our thesis reveals new security gaps in use cases and scenarios where the implications of adversarial attacks had not been investigated before. Our work also sheds light on properties of DNNs that make them more vulnerable to adversarial attacks, indirectly exposing more effective ways to exploit such vulnerabilities, but, at the same time, contributing to a better understanding of these intriguing phenomena."