OPTIMAL STRATEGIES AGAINST GENERATIVE ATTACKS

Roy Mor, Erez Peterfreund, Matan Gavish, Amir Globerson

Research output: Contribution to conferencePaperpeer-review

1 Scopus citations

Abstract

Generative neural models have improved dramatically recently. With this progress comes the risk that such models will be used to attack systems that rely on sensor data for authentication and anomaly detection. Many such learning systems are installed worldwide, protecting critical infrastructure or private data against malfunction and cyber attacks. We formulate the scenario of such an authentication system facing generative impersonation attacks, characterize it from a theoretical perspective and explore its practical implications. In particular, we ask fundamental theoretical questions in learning, statistics and information theory: How hard is it to detect a “fake reality”? How much data does the attacker need to collect before it can reliably generate nominally-looking artificial data? Are there optimal strategies for the attacker or the authenticator? We cast the problem as a maximin game, characterize the optimal strategy for both attacker and authenticator in the general case, and provide the optimal strategies in closed form for the case of Gaussian source distributions. Our analysis reveals the structure of the optimal attack and the relative importance of data collection for both authenticator and attacker. Based on these insights we design practical learning approaches and show that they result in models that are more robust to various attacks on real-world data.

Original languageEnglish
StatePublished - 2020
Event8th International Conference on Learning Representations, ICLR 2020 - Addis Ababa, Ethiopia
Duration: 30 Apr 2020 → …

Conference

Conference8th International Conference on Learning Representations, ICLR 2020
Country/TerritoryEthiopia
CityAddis Ababa
Period30/04/20 → …

Funding

FundersFunder number
Blavatnik Interdisciplinary Research Center
Feder-mann Research Center
Federmann Research Center
ICRC
Israel Science Foundation1186/18, 1523/16

    Fingerprint

    Dive into the research topics of 'OPTIMAL STRATEGIES AGAINST GENERATIVE ATTACKS'. Together they form a unique fingerprint.

    Cite this