ECE MS Thesis Defense: Yize Li

MS Thesis Defense: Supervised Classification on Deep Neural Network Attack Toolchains

Yize Li

Location: Zoom Link

Abstract: Deep learning, while an important machine learning technique, is susceptible to adversarial example attacks. Adversarial examples generated by adding perturbations on clean images/video frames can lead to mis-predictions of deep neural networks. Moreover, deep learning/machine learning can be used to deceive humans by generating adversarial falsified media e.g., deepfake attacks. The thesis work will study the above two attack scenarios, i.e., machine-centric adversary and human-centric adversary, with targets to fool ML decisions and human decisions, respectively. We aim to build a generalizable and scalable supervised learning system for classifying attack attributes behind the machine-centric attacks as well as the human-centric attacks. We start from building an integrated Attack Toolchain Library (ATL) with a broad coverage of both machine-centric and human-centric adversaries, as well as through an integrated user interface for great flexibility and extensibility to serve our downstream tasks. Based on the developed ATL, we further design a meta-classifier pipeline architecture for predicting attack attributes. The proposed overall meta-classifier shows effectiveness in dealing with false alarms and data distribution shift, and generalization to both machine-centric and human-centric attacks.