Professor Ron Rivest observed the close relationship between cryptography and machine learning at the ASIACRYPT conference back in 1991. Cross-fertilization of common notions, such as integrity, privacy, confidentiality and authenticity, have only grown in the following three decades as these fields have become more central to our everyday lives.

This blog post is the first in a series related to machine learning, and highlights a realistic weakness in the integrity of image classification systems. As a running example, the post will demonstrate how images that are correctly recognized as containing a stop signal are minimally perturbed into derived images which are then incorrectly classified into another category. Consider the impact of self-driving cars that incorrectly recognize stop signals, or the potential consequences of client-side media scanning incorrectly flagging problematic content.

This is an executable blog post that you can run yourself by loading the Gist .ipynb file into any Jupyter-based notebook system, or you can just continue browsing it below.

      <svg style="box-sizing: content-box; color: var(--color-icon-primary);" width="64" height="64" viewbox="0 0 16 16" fill="none" aria-hidden="true" data-view-component="true" class="octospinner mx-auto anim-rotate">
  <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" fill="none"></circle>
  <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke"></path>
</svg>  <span class="sr-only">Loading</span>

      <div class="render-viewer-error">Sorry, something went wrong. <a class="Link--inTextBlock" href="https://gist.github.com/eschorn1/f587ccf5b33db405f0e416865bdeff39.json">Reload?</a></div>
      <div class="render-viewer-fatal">Sorry, we cannot display this file.</div>
      <div class="render-viewer-invalid">Sorry, this file is invalid so it cannot be displayed.</div>
      <iframe class="render-viewer " src="https://notebooks.githubusercontent.com/view/ipynb?bypass_fastly=true&color_mode=auto&commit=82749267089567a9ffb71153457795a329db9e1e&docs_host=https%3A%2F%2Fdocs.github.com&enc_url=68747470733a2f2f7261772e67697468756275736572636f6e74656e742e636f6d2f676973742f657363686f726e312f66353837636366356233336462343035663065343136383635626465666633392f7261772f383237343932363730383935363761396666623731313533343537373935613332396462396531652f6e636367726f75705f6d6c3130315f626c6f672e6970796e62&logged_in=false&nwo=eschorn1%2Ff587ccf5b33db405f0e416865bdeff39&path=nccgroup_ml101_blog.ipynb&repository_id=119710881&repository_type=Gist#bfa7bff7-19a8-4fac-9243-a01262b15088" sandbox="allow-scripts allow-same-origin allow-top-navigation" title="File display" name="bfa7bff7-19a8-4fac-9243-a01262b15088">
          Viewer requires iframe.
      </iframe>
    

view raw nccgroup_ml101_blog.ipynb hosted with ❤ by GitHub

Eric Schorn

Eric Schorn is a Technical Director on NCC Group's Cryptography Services team. He has been programming since 8-bit 6502 assembly was in vogue, designed high-performance CPUs at the the individual transistor level, led the overall marketing function for the $600M/year ARM processor division, and holds 14 US Patents. He co-founded a blockchain-oriented start up and has developed/deployed multiple web applications in the cloud.

Machine Learning 101: The Integrity of Image (Mis)Classification?