What is Adversarial Machine Learning?

Introduction

AdvertisementsAdversarial Machine Learning (AML) has recently captured the attention of Machine Learning and AI researchers. Why? In recent years, the development of deep learning (DL) has significantly improved the capabilities of machine learning (ML) models in a variety of predictive tasks, such as image recognition and processing unstructured data.

Contents

ML/DL models are vulnerable to security threats arising from the adversarial use of AI. Adversarial attacks are now a hot research topic in the deep learning world, and for good reason – they’re as crucial to the field as information security and cryptography. Think of adversarial examples as the viruses and malware of deep learning systems. They pose a real threat that needs to be addressed to keep AI systems safe and reliable.

With the emergence of cutting-edge advances such as ChatGPT’s incredible performance, the stakes are higher than ever regarding the potential risks and consequences of adversary attacks against such important and powerful AI technologies. For instance, it’s been found through various studies that large language models, like OpenAI’s GPT-3, might unintentionally give away private and sensitive details if they come across certain words or phrases. In critical applications like Facial Recognition systems, Self-driving cars, the consequences are severe. So, let’s dive into the world of adversarial machine learning, explore its aspects, and how to protect ourselves from these threats.

What is Adversarial Machine Learning

AdvertisementsAdversarial Machine Learning is all about understanding and defending against the attack on AI systems. These attacks involve the manipulation of input data to trick the model into misleading predictions.

- Advertisement -

Leveraging adversarial machine learning helps enhance security measures and promote responsible AI, making it essential for developing reliable and trustworthy solutions.

Adversarial attack on a Machine learning model

In the early 2000s, researchers discovered that spammers could trick simple machine learning models like spam filters with evasive tactics. Over time, it became clear that even sophisticated models, including neural networks, are vulnerable to adversary attacks. Although it was recently observed that real-world factors can make these attacks less effective, experts like Nicholas Frosst of Google Brain are still skeptical about new machine learning approaches that mimic human cognition. discussing. Big tech companies have started sharing resources to improve the robustness of their machine learning models and reduce the risk of adversarial attacks.

Source: https://arxiv.org/pdf/1412.6572.pdf

Caption: Adversarial examples causes Neural Network to make unexpected errors by intentionally misleading them with deceptive inputs.

To us humans, these two images look the same, but a Google study in 2015 showed a popular object detection neural network ‘GoogleNet‘ saw the left one as a “panda” and thae right one as a “gibbon” – with even more confidence! The right image, an “adversarial example,” has subtle changes that are invisible to us but completely alter what a machine learning algorithm sees.

Machine learning models, especially deep neural networks (DNNs), have completely dominated the modern digital world, enabling significant advances in a variety of industries through superior pattern recognition and decision-making abilities. However, their complex calculations are often difficult for humans to interpret, making them appear as “black boxes.” Additionally, these networks are susceptible to manipulation through small data alterations, leaving them vulnerable to adversarial attacks.Advertisements

YouTube</a></pre> <h2 id="what-is-an-adversarial-example" class="rb-heading-index-2"><strong>What is an Adversarial Example?</strong></h2> <p>An adversarial example is an instance characterized by subtle, deliberate feature alterations that mislead a machine-learning model into making an incorrect prediction. Long before machine learning, perceptual illusions were used to understand human cognition, revealing the implicit priors present in human perception, such as Adelson’s <a href="https://en.wikipedia.org/wiki/Checker_shadow_illusion">checkerboard illusion</a>.<strong><br /></strong></p> <p>Deep Learning models, like humans, are susceptible to such adversarial examples or ‘illusions’. The Fast Gradient Sign Method (FGSM) is one technique used to generate such examples, which are algorithmically designed to fool machine learning models. The connection between human perceptual illusions and adversarial examples in machines goes beyond the surface; they both reveal the features that are essential for system performance. The study of adversarial examples has expanded beyond deep learning, as various machine learning models, including logistic regression, linear regression, decision trees, k-Nearest Neighbor (kNN), and <a href="https://www.aiplusinfo.com/blog/what-are-support-vector-machines-svm-in-machine-learning/">Support Vector Machines (SVM)</a>, are also vulnerable to these instances.</p> <p><em><strong>Also Read: <a class="LinkSuggestion__Link-sc-1gewdgc-4 cLBplk" href="https://www.aiplusinfo.com/blog/ai-and-cybersecurity/" target="_blank" rel="noopener">AI and Cybersecurity</a></strong></em></p> <h2 id="difference-between-adversarial-white-box-vs-black-box-attacks" class="rb-heading-index-3"><strong>Difference between adversarial White Box vs. Black Box attacks</strong></h2> <p>When it comes to Adversarial Machine Learning. there are two main types of attacks: white box and black box attacks. Understanding the differences between these strategies is crucial to better protect AI systems.</p> <p>In white box attacks, the attacker has full knowledge of the targeted machine learning model, such as its architecture, weights, and training data. This access allows the attacker to create adversarial examples with remarkable accuracy, directly tampering with the model’s internal components. Now although white box attacks tend to be more effective, to execute they need a higher level of expertise and access to the model’s metadata which can be challenging to secure.</p> <p><span id="ezoic-pub-ad-placeholder-177" class="ezoic-adpicker-ad"></span><span class="ezoic-ad ezoic-at-0 box-4 box-4177 adtester-container adtester-container-177" data-ez-name="aiplusinfo_com-box-4"><span class="ezoic-ad-disclosure">Advertisements</span><span id="div-gpt-ad-aiplusinfo_com-box-4-0" ezaw="468" ezah="60" class="ezoic-ad"></span></span>Black box attacks take place when the attacker has limited information about the target mode. Tackling the complex nature of black box machines is important in creating dependable and transparent AI systems capable of resisting adversarial challenges. In this scenario, the attacker knows only the model input/output, lacking details about its architecture, weights, or training data. To create an adversarial real-world scenario, the attacker has to rely on alternative methods like transferability, where an adversarial example made for one model is used to attack another model with similar architecture or training data.</p> <p>Most adversarial ML attacks are currently white-box attacks, which can later be converted to black-box attacks by exploiting the transferability property of adversarial examples. The transferability property of adversarial ML means that adversarial perturbations generated for one ML model will often mislead other unseen ML models. To counter these attacks, various adversarial defenses such as retraining, timely detection, defensive distillation, and feature squeezing have been proposed.</p> <h2 id="the-threat-of-adversarial-attacks-in-machine-learning" class="rb-heading-index-4"><strong>The Threat of Adversarial Attacks in Machine Learning</strong></h2> <p>A <a href="https://arxiv.org/pdf/2002.05646.pdf">Microsoft research study</a> explored the readiness of 28 organizations to handle adversarial machine learning attacks, revealing that the majority of practitioners in the industry were ill-equipped with the required tools and know-how to safeguard their ML systems. The study sheds light on the existing gaps in securing machine learning systems from an industry perspective and urges researchers to update the Security Development Lifecycle for industrial-grade software in the age of adversarial ML.</p> <p>Adversarial attacks have some concerning characteristics that make them, particularly challenging to deal with:</p> <ul> <li><strong>Hard to detect</strong>: Adversarial examples are often created by making tiny adjustments to the input data, which are nearly impossible for humans to notice. Despite these small changes, machine learning models may still classify these examples incorrectly with high confidence.</li> <li><strong>Transferable attacks</strong>: Surprisingly, adversarial examples created for one model can also deceive other models with different architectures, trained for the same task. This allows attackers to use a substitute model to generate attacks that will work on the target model, even if the two models have different structures or algorithms.</li> <li><strong>No clear explanation</strong>: Currently, there is no widely accepted theory that explains why adversarial attacks are so effective. Various hypotheses, such as linearity, invariance, and non-robust features, have been proposed, leading to different defense mechanisms.</li> </ul> <h2 id="how-adversarial-attacks-on-ai-systems-work" class="rb-heading-index-5"><strong>How Adversarial Attacks on AI Systems Work</strong></h2> <p>Adversarial attacks on AI systems involve various strategies aimed at exploiting vulnerabilities in deep learning models. Let’s explore five known techniques that adversaries can use to compromise these models:</p> <h2><strong><img decoding="async" loading="lazy" class="aligncenter" src="https://cdn.filestackcontent.com/8XUgYPoQbiflHEccaNDn" alt width="571" height="339" ezimgfmt="rs rscb1 src ng ngcb1"></strong></h2> <p><em>The <a href="https://www.researchgate.net/publication/341565966_A_Survey_on_Adversarial_Recommender_Systems_From_AttackDefense_Strategies_to_Generative_Adversarial_Networks">image</a> illustrates the difference between evasion and poisoning attacks. Evasion attacks target the testing phase, modifying input samples to fool the model. Poisoning attacks occur during the training phase, where adversaries corrupt the training data to compromise the model’s performance.</em></p> <h3 id="1-poisoning-attacks" class="rb-heading-index-7"><strong>1. Poisoning Attacks</strong></h3> <p>These attacks involve injecting false data points into the training data with the goal of corrupting or degrading the model. Poisoning attacks have been studied in various tasks, such as binary classification, <a href="https://www.aiplusinfo.com/blog/unsupervised-learning/">unsupervised learning</a> like clustering and anomaly detection, and matrix completion tasks in recommender systems.  To defend against poisoning attacks, several approaches have been proposed, such as robust learning algorithms that are less sensitive to outliers or malicious data points, data provenance verification to ensure the integrity and trustworthiness of training data, and online learning algorithms that can adapt to changes in the data distribution.</p> <h3 id="2-evasion-attacks" class="rb-heading-index-8"><strong>2. Evasion Attacks</strong></h3> <p>Evasion attacks typically occur after a machine learning system has completed its training phase and involve the manipulation of new data inputs to deceive the model. These attacks are also called decision-time attacks, as they attempt to evade the decision made by the learned model at test time. Evasion attacks have been used to bypass spam and network intrusion detectors.</p> <p>Techniques like Adversarial training strengthen models by incorporating adversarial examples, and model ensembles that boost resilience by combining multiple models. Additional methods include detecting adversarial examples, applying input preprocessing, and creating certified defenses to ensure model robustness.</p> <h3 id="3-model-extraction" class="rb-heading-index-9"><strong>3. Model Extraction</strong></h3> <p>Model extraction is an adversarial attack technique where an attacker aims to replicate a machine learning model without having direct access to its architecture or training data. By sending crafted input samples to the target model and observing its outputs, the attacker can create a surrogate model that mimics the target model’s behavior. This could lead to intellectual property theft, competitive disadvantages, or allow attackers to further exploit vulnerabilities within the extracted model. To prevent model extraction, researchers have proposed various defense mechanisms such as limiting access to model outputs, obfuscating predictions, and watermarking the models to prove ownership.</p> <h3 id="4-training-data-backdoor-attack" class="rb-heading-index-10"><strong>4. Training Data (Backdoor Attack)</strong></h3> <p>Another method is tampering with the training data by adding imperceptible patterns that create backdoors. These backdoors can then be used to control the model’s output, further compromising its integrity. This stealthy nature makes backdoor attacks particularly challenging to detect and mitigate. Defenses against backdoor attacks include data sanitization, outlier detection, and the use of techniques like fine-pruning to remove the backdoor from the model after training.</p> <h3 id="5-inference-attack" class="rb-heading-index-11"><strong>5. Inference Attack</strong></h3> <p>These attacks focus on obtaining information about private data used by the model. Attackers can exploit vulnerabilities to gain insights into sensitive information, potentially breaching privacy or security. These attacks can be categorized into two types: membership inference and attribute inference attacks. Membership inference aims to determine whether a specific data point was used in the training set, potentially exposing sensitive user information. In attribute inference attacks, the attacker tries to infer the value of a specific attribute of a training data point based on the model’s output. To counteract inference attacks, various techniques have been proposed, such as differential privacy, which adds noise to the model’s predictions to protect the privacy of the training data and secure multi-party computation (SMPC), which allows multiple parties to collaboratively compute a function while keeping their input data private.</p> <h2 id="what-are-adversarial-examples" class="rb-heading-index-12"><strong>What Are Adversarial Examples?</strong></h2> <p>An adversarial example is an input data point that has been subtly modified to produce incorrect predictions from a machine learning model. These modifications are often imperceptible to humans but can lead to wrong predictions or security violations in AI systems. Adversarial examples can be generated using various attack methods, including Fast Gradient Sign Method (FGSM), Jacobian-based Saliency Map Attack (JSMA), DeepFool, and Carlini & Wagner Attack (C&W).</p> <h2 id="popular-adversarial-attack-methods" class="rb-heading-index-13"><strong>Popular Adversarial Attack Methods</strong></h2> <h2 id="fastgradient-sign-method-fgsm" class="rb-heading-index-14"><strong>FastGradient Sign method (FGSM)</strong></h2> <p>The Fast Gradient Sign Method (FGSM) first made its appearance in the paper “<a href="https://arxiv.org/pdf/1412.6572.pdf">Explaining and Harnessing Adversarial Examples</a>“. It is a white box attack that generates adversarial examples by computing the gradient of the loss function with respect to the input image. It then adds a small perturbation in the direction of the gradient sign to create an adversarial image.</p> <p><span id="ezoic-pub-ad-placeholder-178" class="ezoic-adpicker-ad"></span><span class="ezoic-ad ezoic-at-0 large-leaderboard-2 large-leaderboard-2178 adtester-container adtester-container-178" data-ez-name="aiplusinfo_com-large-leaderboard-2"><span class="ezoic-ad-disclosure">Advertisements</span><span id="div-gpt-ad-aiplusinfo_com-large-leaderboard-2-0" ezaw="468" ezah="60" class="ezoic-ad"></span></span>It involves three main steps: calculating the loss after forward propagation, computing the gradient with respect to the input image’s pixels, and slightly adjusting the pixels to maximize the loss. In regular machine learning, gradients help determine the direction to adjust the model’s weights to minimize loss. However, in FGSM, we manipulate the input image pixels to maximize loss and cause the model to make incorrect predictions.</p> <p>Backpropagation is used to calculate the gradients from the output layer to the input image. The main difference between the equations used for regular neural network training and FGSM is that one minimizes loss while the other maximizes it. This is achieved by either subtracting or adding the gradient multiplied by a small value called <strong>epsilon</strong>.</p> <p>The process can be summarized as follows: forward-propagate the image through the neural network, calculate the loss, back-propagate the gradients to the image, and nudge the pixels to maximize the loss value. By doing so, we encourage the neural network to make incorrect predictions. The degree of noticeability of the noise on the resulting image depends on the epsilon value – the larger it is, the more noticeable the noise and the higher the likelihood of the network making an incorrect prediction.</p> <h2 id="jacobianbased-saliency-map-attack-jsma" class="rb-heading-index-15"><strong>Jacobian-based Saliency Map Attack (JSMA)</strong></h2> <p><a href="https://arxiv.org/abs/1808.07945">Jacobian-based Saliency Map Attack (JSMA)</a> is a fast, effective, and widely used L0 adversarial attack that fools neural network classifiers by exploiting the Jacobian matrix of the outputs with respect to the inputs.</p> <p>Perturbation bounds are an essential part of understanding adversarial attacks on machine learning models. These bounds determine the size of the perturbation, which can be measured using different mathematical norms like L0, L1, L2, and L_infinity norms. L0 norm attacks are particularly concerning because they can modify only a small number of features in an input signal, making them realistic and dangerous for real-world systems. On the other hand, L_infinity attacks are the most widely studied because of their simplicity and mathematical convenience in robust optimization.</p> <p>Researchers have proposed new variants of JSMA, such as Weighted JSMA (WJSMA) and Taylor JSMA (TJSMA), which take into account the input’s characteristics and output probabilities to craft more powerful attacks. These improved versions have demonstrated significantly faster and more efficient results than the original targeted and non-targeted versions of JSMA, while maintaining their computational advantages.</p> <h2 id="deepfool-attack" class="rb-heading-index-16"><strong>Deepfool Attack</strong></h2> <p>The DeepFool attack, developed by <a href="https://ieeexplore.ieee.org/document/7780651">Moosavi-Dezfooli et al</a>., focuses on discovering the minimal distance between the original input and the decision boundary of adversarial examples. This approach handles the non-linearity in high-dimensional spaces by employing an iterative linear approximation technique. In comparison to FGSM and JSMA, DeepFool minimizes the perturbation’s intensity rather than the number of selected features.</p> <p>The crux of the DeepFool algorithm lies in identifying an adversary through the creation of the smallest feasible perturbation. It conceptualizes the classifier’s decision space as divided by linear hyperplane boundaries, which guide the selection of various classes. To approach the nearest decision boundary, the algorithm shifts the image’s position in the decision space directly. However, due to the often non-linear nature of decision boundaries, the algorithm applies the perturbation iteratively, continuing until it crosses a decision boundary. This innovative method offers a unique and engaging perspective on adversarial attacks in deep learning models.</p> <h2 id="carlini-amp-wagner-attack-campw" class="rb-heading-index-17"><strong>Carlini & Wagner Attack (C&W)</strong></h2> <p><a href="https://arxiv.org/abs/1608.04644">Carlini & Wagner Attack (C&W)</a> is a powerful adversarial attack method that formulates an optimization problem to create adversarial examples. The goal is to cause a misclassification (targeted or untargeted) in a Deep Neural Network (DNN) and find an efficient way to solve the problem. The original optimization problem was difficult to solve due to its highly non-linear nature, but C&W managed to reformulate it by introducing an objective function, which measures “how close we are to being classified as the target class.”</p> <p>In the C&W attack, the original optimization problem was reformulated using a well-known trick to move the difficult constraints into the minimization function. To address the “<a href="https://web.stanford.edu/group/sisl/k12/optimization/MO-unit3-pdfs/3.1introandgraphical.pdf">box constraint</a>” issue, they used a “change of variables” method, allowing them to use first-order optimizers like Stochastic Gradient Descent (SGD) and its variants, such as the Adam optimizer.</p> <p><span id="ezoic-pub-ad-placeholder-179" class="ezoic-adpicker-ad"></span><span class="ezoic-ad ezoic-at-0 leader-1 leader-1179 adtester-container adtester-container-179" data-ez-name="aiplusinfo_com-leader-1"><span class="ezoic-ad-disclosure">Advertisements</span><span id="div-gpt-ad-aiplusinfo_com-leader-1-0" ezaw="468" ezah="60" class="ezoic-ad"></span></span>The final form of the optimization problem in the C&W attack is solved using the Adam optimizer, which is computationally efficient and less memory-intensive than classical second-order methods like L-BFGS. The attack can generate stronger, high-quality adversarial examples, but the cost to create them is also higher compared to other methods, such as the Fast Gradient Sign Method (FGSM).</p> <h2 id="generative-adversarial-networks-gan" class="rb-heading-index-18"><strong>Generative Adversarial Networks (GAN)</strong></h2> <p><a href="https://www.aiplusinfo.com/blog/introduction-to-generative-adversarial-networks-gans/">GANs</a> are a type of machine learning system that consists of two neural networks, a generator, and a discriminator, competing against each other in a zero-sum game. While GANs are not an adversarial attack method in and of themselves, they can be used to generate adversarial examples capable of fooling deep neural networks.</p> <p>The generator network creates fake samples, while the discriminator network attempts to distinguish between real and fake samples. As the generator improves, the generated samples become more challenging for the discriminator to distinguish, potentially leading to adversarial examples. At the onset of training, the generator produces data that is clearly fake, and the discriminator swiftly learns to identify it as inauthentic.</p> <p><img decoding="async" class="aligncenter" src="https://cdn.filestackcontent.com/IuPgGlinSLisZQuXXxLV" ezimgfmt="rs rscb1 src ng ngcb1"></p> <pre><em> Source: https://developers.google.com/machine-learning/gan/gan_structure</em></pre> <p>In the diagram, the real-world images and random input represent these two data sources. To train the generator, random noise is used as input, which transforms into meaningful output. The generator loss penalizes it for producing samples that the discriminator classifies as fake. The backpropagation process adjusts both the generator and discriminator weights to minimize their respective losses. This iterative training process enables the generator to produce increasingly convincing data, making it harder for the discriminator to differentiate between real and generated samples.</p> <p><em><strong>Also Read: <a class="LinkSuggestion__Link-sc-1gewdgc-4 cLBplk" href="https://www.aiplusinfo.com/blog/creative-adversarial-networks-how-they-generate-art/" target="_blank" rel="noopener">Creative Adversarial Networks: How They Generate Art?</a></strong></em></p> <h2 id="zerothorder-optimization-attack-zoo" class="rb-heading-index-19"><strong>Zeroth-order optimization attack (ZOO)</strong></h2> <p>The <a href="tps://arxiv.org/pdf/1708.03999.pdf">Zeroth Order Optimization (ZOO) attack</a> is a black-box attack technique that exploits zeroth order optimization to directly estimate the gradients of the targeted Deep Neural Network (DNN) for generating adversarial examples. Unlike traditional black-box attacks that rely on substitute models, the ZOO attack does not require training any substitute model and achieves comparable performance to state-of-the-art white-box attacks, such as Carlini and Wagner’s attack.</p> <p>In a black-box setting, an attacker only has access to the input (images) and output (confidence scores) of a targeted DNN. ZOO attack leverages zeroth order stochastic coordinate descent along with dimension reduction, hierarchical attack, and importance sampling techniques to efficiently attack black-box models. This approach spares the need for training substitute models and avoids the loss in attack transferability.</p> <h2 id="defense-against-adversarial-attack" class="rb-heading-index-20"><strong>Defense Against Adversarial Attack</strong></h2> <p>Adversarial training has proven to be an effective defense strategy. This approach involves generating adversarial examples during the training process. The intuition behind this is that if the model encounters adversarial examples while training, it will perform better when predicting similar adversarial examples later on.</p> <p>The loss function used in adversarial training is a modified version that combines the typical loss function for clean examples and a separate loss function for adversarial examples.</p> <p>During the training process, for every batch of ‘m’ clean images, ‘k’ adversarial images are generated using the current state of the network. Both clean and adversarial examples are then forward-propagated through the network, and the loss is calculated using the modified formula.</p> <p>Other defense strategies include gradient masking, defensive distillation, ensemble methods, feature squeezing, and autoencoders. Applying <a href="https://arxiv.org/pdf/1912.02258.pdf">game theory for security</a> can provide valuable insights into adversarial behavior, helping design optimal defense strategies for AI systems.</p> <p><em><strong>Also Read: <a class="LinkSuggestion__Link-sc-1gewdgc-4 cLBplk" href="https://www.aiplusinfo.com/blog/artificial-intelligence-automation-future-of-cybersecurity/" target="_blank" rel="noopener">Artificial Intelligence + Automation — future of cybersecurity.</a></strong></em></p> <h2 id="conclusion" class="rb-heading-index-21"><strong>Conclusion</strong></h2> <p>As we increasingly rely on AI to solve complex problems and make decisions for us, it is important to recognize the values of openness and robustness of Machine Learning models. We can create a safe and secure technological landscape using advanced defense methods that are equipped to tackle adversarial attacks, ensuring that we can trust AI to work for us, rather than against us.</p> <h2 id="references" class="rb-heading-index-22"><strong>References</strong></h2> <p>Siva Kumar, Ram Shankar, et al. “Adversarial Machine Learning – Industry Perspectives.” <em>SSRN Electronic Journal</em>, 2020, <a href="https://doi.org/10.2139/ssrn.3532474">https://doi.org/10.2139/ssrn.3532474</a>.</p> <p>Szegedy, Christian, et al. “Going Deeper with Convolutions.” <em>arXiv.Org</em>, 17 Sept. 2014, <a href="https://arxiv.org/abs/1409.4842">https://arxiv.org/abs/1409.4842</a>.</p> <p>“Overview of GAN Structure.” <em>Google Developers</em>,<a href="https:// https//developers.google.com/machine-learning/gan/gan_structure"> https://developers.google.com/machine-learning/gan/gan_structure</a>.</p> <p>Siva Kumar, Ram Shankar, et al. “Adversarial Machine Learning – Industry Perspectives.” <em>SSRN Electronic Journal</em>, 2020, <a href="https://doi.org/10.2139/ssrn.3532474">https://doi.org/10.2139/ssrn.3532474</a>.</p> <p>“DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks.” <em>IEEE Xplore</em>, <a href="https://ieeexplore.ieee.org/document/7780651">https://ieeexplore.ieee.org/document/7780651</a>.</p> <p>“Explaining and Harnessing Adversarial Examples.” <em>arXiv.Org</em>, 20 Dec. 2014, <a href="https://arxiv.org/abs/1412.6572">https://arxiv.org/abs/1412.6572</a>.</p> <p>Wiyatno, Rey, and Anqi Xu. “Maximal Jacobian-Based Saliency Map Attack.” <em>arXiv.Org</em>, 23 Aug. 2018, <a href="https://arxiv.org/abs/1808.07945">https://arxiv.org/abs/1808.07945</a>.</p> <p>Chen, Pin-Yu, et al. “ZOO.” <em>Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security</em>, ACM, 2017, <a href="https://arxiv.org/pdf/1708.03999.pdf">https://arxiv.org/pdf/1708.03999.pdf</a>. Accessed 25 Mar. 2023.</p> <p>Dasgupta, Prithviraj, and Joseph Collins. “A Survey of Game Theoretic Approaches for Adversarial Machine Learning in Cyber Security Tasks.” <em>AI Magazine</em>, vol. 40, no. 2, June 2019, pp. 31–43, <a href="https://doi.org/10.1609/aimag.v40i2.2847">https://doi.org/10.1609/aimag.v40i2.2847</a>.</p> <p>Carlini, Nicholas, and David Wagner. “Towards Evaluating the Robustness of Neural Networks.” <em>arXiv.Org</em>, 16 Aug. 2016, <a href="https://arxiv.org/abs/1608.04644">https://arxiv.org/abs/1608.04644</a>.</p> <div class="sharedaddy sd-sharing-enabled"> <div class="robots-nocontent sd-block sd-social sd-social-icon sd-sharing"> <h3 id="share-this" class="rb-heading-index-23 sd-title">Share this:</h3> </div> </div> <p><span id="ezoic-pub-ad-placeholder-180" class="ezoic-adpicker-ad"></span><span class="ezoic-ad ezoic-at-0 large-mobile-banner-1 large-mobile-banner-1180 adtester-container adtester-container-180" data-ez-name="aiplusinfo_com-large-mobile-banner-1"><span class="ezoic-ad-disclosure">Advertisements</span><span id="div-gpt-ad-aiplusinfo_com-large-mobile-banner-1-0" ezaw="336" ezah="280" class="ezoic-ad"></span></span></p> </div> <div class="article-meta is-hidden"> <meta itemprop="mainEntityOfPage" content="http://informedbyai.com/2023/03/29/what-is-adversarial-machine-learning/"> <span class="vcard author"> <span class="fn" itemprop="author" itemscope content="admin" itemtype="http://schema.org/Person"> <meta itemprop="url" content="http://informedbyai.com/author/admin/"> <span itemprop="name">admin</span> </span> </span> <time class="updated" datetime="2023-03-29T14:45:18+00:00" content="2023-03-29T14:45:18+00:00" itemprop="dateModified">März 29, 2023</time> <time class="published" datetime="2023-03-29T14:45:18+00:00" content="2023-03-29T14:45:18+00:00" itemprop="datePublished">März 29, 2023</time> <span itemprop="image" itemscope itemtype="http://schema.org/ImageObject"> <meta itemprop="url" content="http://informedbyai.com/wp-content/uploads/2023/05/what-is-adversarial-machine-learning.png"> <meta itemprop="width" content="3249"> <meta itemprop="height" content="1928"> </span> <span itemprop="publisher" itemscope itemtype="http://schema.org/Organization"> <meta itemprop="name" content=""> <meta itemprop="url" content="http://informedbyai.com/"> <span itemprop="logo" itemscope itemtype="http://schema.org/ImageObject"> <meta itemprop="url" content="http://informedbyai.com/wp-content/uploads/2023/09/informedbyai-e1695635992859.png"> </span> </span> </div> </div> </div> <div class="e-shared-sec entry-sec"> <div class="e-shared-header h4"> <i class="rbi rbi-share" aria-hidden="true"></i><span>Share this Article</span> </div> <div class="rbbsl tooltips-n effect-fadeout is-bg"> <a class="share-action share-trigger icon-facebook" href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Finformedbyai.com%2F2023%2F03%2F29%2Fwhat-is-adversarial-machine-learning%2F" data-title="Facebook" rel="nofollow"><i class="rbi rbi-facebook" aria-hidden="true"></i><span>Facebook</span></a> <a class="share-action share-trigger icon-twitter" href="https://twitter.com/intent/tweet?text=What+is+Adversarial+Machine+Learning%3F&url=http%3A%2F%2Finformedbyai.com%2F2023%2F03%2F29%2Fwhat-is-adversarial-machine-learning%2F&via=" data-title="Twitter" rel="nofollow"> <i class="rbi rbi-twitter" aria-hidden="true"></i><span>Twitter</span></a> <a class="share-action icon-email" href="mailto:?subject=What%20is%20Adversarial%20Machine%20Learning?%20BODY=I%20found%20this%20article%20interesting%20and%20thought%20of%20sharing%20it%20with%20you.%20Check%20it%20out:%20http://informedbyai.com/2023/03/29/what-is-adversarial-machine-learning/" data-title="Email" rel="nofollow"> <i class="rbi rbi-email" aria-hidden="true"></i><span>Email</span></a> <a class="share-action live-tooltip icon-copy copy-trigger" href="#" data-copied="Copied!" data-link="http://informedbyai.com/2023/03/29/what-is-adversarial-machine-learning/" rel="nofollow" data-copy="Copy Link"><i class="rbi rbi-link-o" aria-hidden="true"></i><span>Copy Link</span></a> <a class="share-action icon-print" rel="nofollow" href="javascript:if(window.print)window.print()" data-title="Print"><i class="rbi rbi-print" aria-hidden="true"></i><span>Print</span></a> </div> </div> </div> <div class="comment-box-wrap entry-sec"> <div class="comment-box-header"> <span class="comment-box-title h3"><i class="rbi rbi-comment" aria-hidden="true"></i><span class="is-invisible">Leave a comment</span></span> <a href="#" class="show-post-comment"><i class="rbi rbi-comment" aria-hidden="true"></i>Leave a comment </a> </div> <div class="comment-holder no-comment is-hidden"> <div id="comments" class="comments-area"> <div id="respond" class="comment-respond"> <h3 id="reply-title" class="comment-reply-title">Schreibe einen Kommentar <small><a rel="nofollow" id="cancel-comment-reply-link" href="/2023/03/29/what-is-adversarial-machine-learning/#respond" style="display:none;">Antworten abbrechen</a></small></h3><form action="http://informedbyai.com/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate><p class="comment-notes"><span id="email-notes">Deine E-Mail-Adresse wird nicht veröffentlicht.</span> <span class="required-field-message">Erforderliche Felder sind mit <span class="required">*</span> markiert</span></p><p class="comment-form-comment"><label for="comment">Kommentar <span class="required">*</span></label> <textarea placeholder="Leave a comment" id="comment" name="comment" cols="45" rows="8" maxlength="65525" required></textarea></p><p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input placeholder="Your name" id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required /></p> <p class="comment-form-email"><label for="email">E-Mail <span class="required">*</span></label> <input placeholder="Your email" id="email" name="email" type="email" value="" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email" required /></p> <p class="comment-form-url"><label for="url">Website</label> <input placeholder="Your Website" id="url" name="url" type="url" value="" size="30" maxlength="200" autocomplete="url" /></p> <p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes" /> <label for="wp-comment-cookies-consent">Meinen Namen, meine E-Mail-Adresse und meine Website in diesem Browser für die nächste Kommentierung speichern.</label></p> <p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Kommentar abschicken" /> <input type='hidden' name='comment_post_ID' value='3232' id='comment_post_ID' /> <input type='hidden' name='comment_parent' id='comment_parent' value='0' /> </p></form> </div> </div> </div> </div> </div> <div class="sidebar-wrap single-sidebar has-border"> <div class="sidebar-inner clearfix"> <div data-elementor-type="wp-post" data-elementor-id="2529" class="elementor elementor-2529"> <section class="elementor-section elementor-top-section elementor-element elementor-element-44efac5 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="44efac5" data-element_type="section"> <div class="elementor-container elementor-column-gap-no"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-455daa7" data-id="455daa7" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-3b28027 elementor-widget elementor-widget-foxiz-heading" data-id="3b28027" data-element_type="widget" data-widget_type="foxiz-heading.default"> <div class="elementor-widget-container"> <div id="uid_3b28027" class="block-h heading-layout-c10"><div class="heading-inner"><h3 class="heading-title"><span>Follow US</span></h3><div class="heading-tagline h6"><span class="heading-tagline-label">Find US on Social Medias</span></div></div></div> </div> </div> <div class="elementor-element elementor-element-5ec60e4 yes-colorful elementor-widget elementor-widget-foxiz-social-follower" data-id="5ec60e4" data-element_type="widget" data-widget_type="foxiz-social-follower.default"> <div class="elementor-widget-container"> <div class="socials-counter h6 is-style-15 is-gstyle-3 is-icon-color is-h-bg"> <div class="social-follower effect-fadeout"> <div class="follower-el fb-follower"> <a target="_blank" href="https://facebook.com/envato" class="facebook" aria-label="Facebook" rel="noopener nofollow"></a> <span class="follower-inner"> <span class="fnicon"><i class="rbi rbi-facebook" aria-hidden="true"></i></span> <span class="fnlabel">Facebook</span> <span class="text-count">Like</span> </span> </div> <div class="follower-el twitter-follower"> <a target="_blank" href="https://twitter.com/envato" class="twitter" aria-label="Twitter" rel="noopener nofollow"></a> <span class="follower-inner"> <span class="fnicon"><i class="rbi rbi-twitter" aria-hidden="true"></i></span> <span class="fnlabel">Twitter</span> <span class="text-count">Follow</span> </span> </div> <div class="follower-el youtube-follower"> <a target="_blank" href="envato" class="youtube" aria-label="Youtube" rel="noopener nofollow"></a> <span class="follower-inner"> <span class="fnicon"><i class="rbi rbi-youtube" aria-hidden="true"></i></span> <span class="fnlabel">Youtube</span> <span class="text-count">Subscribe</span> </span> </div> <div class="follower-el telegram-follower"> <a target="_blank" href="envato" class="telegram" aria-label="Telegram" rel="noopener nofollow"></a> <span class="follower-inner"> <span class="fnicon"><i class="rbi rbi-telegram" aria-hidden="true"></i></span> <span class="fnlabel">Telegram</span> <span class="text-count">Follow</span> </span> </div> </div> </div> </div> </div> <div class="elementor-element elementor-element-6cf1c97 elementor-widget elementor-widget-foxiz-newsletter-3" data-id="6cf1c97" data-element_type="widget" data-widget_type="foxiz-newsletter-3.default"> <div class="elementor-widget-container"> <div class="newsletter-sb newsletter-style is-box-dark"><div class="newsletter-sb-inner"><div class="newsletter-sb-featured"><img loading="lazy" data-mode="default" src="http://informedbyai.com/wp-content/uploads/2022/07/newsletter.png" alt="newsletter featured" width="240" height="240"><img loading="lazy" data-mode="dark" src="http://informedbyai.com/wp-content/uploads/2022/07/newsletter-light.png" alt="newsletter featured" width="240" height="240"></div><h3 class="newsletter-title">Subscribe Newsletter</h3><p class="newsletter-description">Subscribe to our newsletter to get our newest articles instantly!</p><div class="newsletter-sb-form">[mc4wp_form]</div></div></div> </div> </div> <div class="elementor-element elementor-element-b393b77 elementor-widget elementor-widget-foxiz-heading" data-id="b393b77" data-element_type="widget" data-widget_type="foxiz-heading.default"> <div class="elementor-widget-container"> <div id="uid_b393b77" class="block-h heading-layout-10"><div class="heading-inner"><h3 class="heading-title"><span>Popular News</span></h3></div></div> </div> </div> <div class="elementor-element elementor-element-615f4da elementor-widget elementor-widget-foxiz-list-small-2" data-id="615f4da" data-element_type="widget" data-widget_type="foxiz-list-small-2.default"> <div class="elementor-widget-container"> <div id="uid_615f4da" class="block-wrap block-small block-list block-list-small-2 rb-columns rb-col-1 is-feat-left"><div class="block-inner"> <div class="p-wrap p-small p-list-small-2" data-pid="5864"> <div class="feat-holder"> <div class="p-featured ratio-v1"> <a class="p-flink" href="http://informedbyai.com/2023/10/03/researchers-tested-ai-watermarks-and-broke-all-of-them/" title="Researchers Tested AI Watermarks—and Broke All of Them"> <img width="150" height="150" src="http://informedbyai.com/wp-content/uploads/2023/10/researchers-tested-ai-watermarks-and-broke-all-of-them-150x150.jpg" class="featured-img wp-post-image" alt="" decoding="async" loading="lazy" /> </a> </div> </div> <div class="p-content"> <h5 class="entry-title counter-el"> <a class="p-url" href="http://informedbyai.com/2023/10/03/researchers-tested-ai-watermarks-and-broke-all-of-them/" rel="bookmark">Researchers Tested AI Watermarks—and Broke All of Them</a></h5> <div class="p-meta"> <div class="meta-inner is-meta"> <span class="meta-el meta-date"> <time class="date published" datetime="2023-10-03T10:00:00+00:00">Oktober 3, 2023</time> </span> </div> </div> </div> </div> <div class="p-wrap p-small p-list-small-2" data-pid="6162"> <div class="feat-holder"> <div class="p-featured ratio-v1"> <a class="p-flink" href="http://informedbyai.com/2024/01/08/the-battle-for-biometric-privacy/" title="The Battle for Biometric Privacy"> <img width="150" height="150" src="http://informedbyai.com/wp-content/uploads/2024/01/the-battle-for-biometric-privacy-150x150.jpg" class="featured-img wp-post-image" alt="" decoding="async" loading="lazy" /> </a> </div> </div> <div class="p-content"> <h5 class="entry-title counter-el"> <a class="p-url" href="http://informedbyai.com/2024/01/08/the-battle-for-biometric-privacy/" rel="bookmark">The Battle for Biometric Privacy</a></h5> <div class="p-meta"> <div class="meta-inner is-meta"> <span class="meta-el meta-date"> <time class="date published" datetime="2024-01-08T12:00:00+00:00">Januar 8, 2024</time> </span> </div> </div> </div> </div> <div class="p-wrap p-small p-list-small-2" data-pid="6545"> <div class="feat-holder"> <div class="p-featured ratio-v1"> <a class="p-flink" href="http://informedbyai.com/2024/05/08/openai-is-exploring-how-to-responsibly-generate-ai-porn/" title="OpenAI Is ‘Exploring’ How to Responsibly Generate AI Porn"> <img width="150" height="150" src="http://informedbyai.com/wp-content/uploads/2024/05/openai-is-exploring-how-to-responsibly-generate-ai-porn-150x150.jpg" class="featured-img wp-post-image" alt="" decoding="async" loading="lazy" /> </a> </div> </div> <div class="p-content"> <h5 class="entry-title counter-el"> <a class="p-url" href="http://informedbyai.com/2024/05/08/openai-is-exploring-how-to-responsibly-generate-ai-porn/" rel="bookmark">OpenAI Is ‘Exploring’ How to Responsibly Generate AI Porn</a></h5> <div class="p-meta"> <div class="meta-inner is-meta"> <span class="meta-el meta-date"> <time class="date published" datetime="2024-05-08T19:13:20+00:00">Mai 8, 2024</time> </span> </div> </div> </div> </div> <div class="p-wrap p-small p-list-small-2" data-pid="5610"> <div class="feat-holder"> <div class="p-featured ratio-v1"> <a class="p-flink" href="http://informedbyai.com/2023/09/22/smarter-ai-assistants-could-make-it-harder-to-stay-human/" title="Smarter AI Assistants Could Make It Harder to Stay Human"> <img width="150" height="150" src="http://informedbyai.com/wp-content/uploads/2023/09/smarter-ai-assistants-could-make-it-harder-to-stay-human-150x150.jpg" class="featured-img wp-post-image" alt="" decoding="async" loading="lazy" /> </a> </div> </div> <div class="p-content"> <h5 class="entry-title counter-el"> <a class="p-url" href="http://informedbyai.com/2023/09/22/smarter-ai-assistants-could-make-it-harder-to-stay-human/" rel="bookmark">Smarter AI Assistants Could Make It Harder to Stay Human</a></h5> <div class="p-meta"> <div class="meta-inner is-meta"> <span class="meta-el meta-date"> <time class="date published" datetime="2023-09-22T13:00:00+00:00">September 22, 2023</time> </span> </div> </div> </div> </div> </div></div> </div> </div> </div> </div> </div> </section> </div> </div> </div> </div> </article> </div> </div> </div> <footer class="footer-wrap rb-section footer-etemplate"> <div data-elementor-type="wp-post" data-elementor-id="2238" class="elementor elementor-2238"> <section class="elementor-section elementor-top-section elementor-element elementor-element-2bc57ce elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="2bc57ce" data-element_type="section"> <div class="elementor-container elementor-column-gap-no"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0fabc98" data-id="0fabc98" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-278840c elementor-widget-divider--separator-type-pattern elementor-widget-divider--view-line elementor-widget elementor-widget-divider" data-id="278840c" data-element_type="widget" data-widget_type="divider.default"> <div class="elementor-widget-container"> <div class="elementor-divider" style="--divider-pattern-url: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' preserveAspectRatio='none' overflow='visible' height='100%' viewBox='0 0 20 16' fill='none' stroke='black' stroke-width='1' stroke-linecap='square' stroke-miterlimit='10'%3E%3Cg transform='translate(-12.000000, 0)'%3E%3Cpath d='M28,0L10,18'/%3E%3Cpath d='M18,0L0,18'/%3E%3Cpath d='M48,0L30,18'/%3E%3Cpath d='M38,0L20,18'/%3E%3C/g%3E%3C/svg%3E");"> <span class="elementor-divider-separator"> </span> </div> </div> </div> <section class="elementor-section elementor-inner-section elementor-element elementor-element-28a229a elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="28a229a" data-element_type="section"> <div class="elementor-container elementor-column-gap-custom"> <div class="elementor-column elementor-col-25 elementor-inner-column elementor-element elementor-element-e6a5bed" data-id="e6a5bed" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-555b9a8 elementor-hidden-tablet elementor-widget elementor-widget-foxiz-logo" data-id="555b9a8" data-element_type="widget" data-widget_type="foxiz-logo.default"> <div class="elementor-widget-container"> <div class="the-logo"> <a href="http://informedbyai.com/"> <img loading="eager" decoding="async" width="500" height="90" src="http://informedbyai.com/wp-content/uploads/2023/09/informedbyai-e1695635992859.png" alt=""> </a> </div> </div> </div> </div> </div> <div class="elementor-column elementor-col-25 elementor-inner-column elementor-element elementor-element-e69917d" data-id="e69917d" data-element_type="column"> <div class="elementor-widget-wrap"> </div> </div> <div class="elementor-column elementor-col-25 elementor-inner-column elementor-element elementor-element-41dfa06" data-id="41dfa06" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-bba04f3 elementor-widget elementor-widget-heading" data-id="bba04f3" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <style>/*! elementor - v3.16.0 - 20-09-2023 */ .elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}</style><h4 class="elementor-heading-title elementor-size-default">Quick Links</h4> </div> </div> <div class="elementor-element elementor-element-d3be50b elementor-widget elementor-widget-foxiz-sidebar-menu" data-id="d3be50b" data-element_type="widget" data-widget_type="foxiz-sidebar-menu.default"> <div class="elementor-widget-container"> <ul id="menu-footer-2" class="sidebar-menu"><li id="menu-item-2846" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2846"><a href="/"><span>Home</span></a></li> <li id="menu-item-2845" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-2845"><a href="http://informedbyai.com/category/ai-news/"><span>AI News</span></a></li> <li id="menu-item-2843" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2843"><a href="http://informedbyai.com/my-bookmarks/"><span>My Bookmarks</span></a></li> <li id="menu-item-2844" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-privacy-policy menu-item-2844"><a rel="privacy-policy" href="http://informedbyai.com/privacy-policy/"><span>Privacy Policy</span></a></li> <li id="menu-item-2842" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2842"><a href="http://informedbyai.com/contact/"><span>Contact</span></a></li> </ul> </div> </div> </div> </div> <div class="elementor-column elementor-col-25 elementor-inner-column elementor-element elementor-element-a577db1" data-id="a577db1" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-ae211fe yes-colorful elementor-widget elementor-widget-foxiz-social-follower" data-id="ae211fe" data-element_type="widget" data-widget_type="foxiz-social-follower.default"> <div class="elementor-widget-container"> <div class="socials-counter h6 is-style-12 is-gstyle-3 is-gcol-1 is-icon-color is-h-bg"> <div class="social-follower effect-fadeout"> <div class="follower-el fb-follower"> <a target="_blank" href="https://facebook.com//" class="facebook" aria-label="Facebook" rel="noopener nofollow"></a> <span class="follower-inner"> <span class="fnicon"><i class="rbi rbi-facebook" aria-hidden="true"></i></span> <span class="fnlabel">Facebook</span> <span class="text-count">Like</span> </span> </div> <div class="follower-el twitter-follower"> <a target="_blank" href="https://twitter.com//" class="twitter" aria-label="Twitter" rel="noopener nofollow"></a> <span class="follower-inner"> <span class="fnicon"><i class="rbi rbi-twitter" aria-hidden="true"></i></span> <span class="fnlabel">Twitter</span> <span class="text-count">Follow</span> </span> </div> </div> </div> </div> </div> </div> </div> </div> </section> <div class="elementor-element elementor-element-bed8430 elementor-widget-divider--separator-type-pattern elementor-widget-divider--view-line elementor-widget elementor-widget-divider" data-id="bed8430" data-element_type="widget" data-widget_type="divider.default"> <div class="elementor-widget-container"> <div class="elementor-divider" style="--divider-pattern-url: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' preserveAspectRatio='none' overflow='visible' height='100%' viewBox='0 0 20 16' fill='none' stroke='black' stroke-width='1' stroke-linecap='square' stroke-miterlimit='10'%3E%3Cg transform='translate(-12.000000, 0)'%3E%3Cpath d='M28,0L10,18'/%3E%3Cpath d='M18,0L0,18'/%3E%3Cpath d='M48,0L30,18'/%3E%3Cpath d='M38,0L20,18'/%3E%3C/g%3E%3C/svg%3E");"> <span class="elementor-divider-separator"> </span> </div> </div> </div> <section class="elementor-section elementor-inner-section elementor-element elementor-element-a1d5d36 elementor-section-full_width elementor-section-content-middle elementor-reverse-tablet elementor-reverse-mobile elementor-section-height-default elementor-section-height-default" data-id="a1d5d36" data-element_type="section"> <div class="elementor-container elementor-column-gap-custom"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-521a664" data-id="521a664" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-3a123ed elementor-widget elementor-widget-text-editor" data-id="3a123ed" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <style>/*! elementor - v3.16.0 - 20-09-2023 */ .elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}</style> <p>© All Rights Reserved.</p> </div> </div> </div> </div> </div> </section> </div> </div> </div> </section> </div> <div class="footer-inner footer-has-bg"></div></footer> </div> <script> (function () { const darkModeID = 'RubyDarkMode'; let currentMode = null; if (navigator.cookieEnabled) { currentMode = localStorage.getItem(darkModeID); } if (!currentMode && window.matchMedia && navigator.cookieEnabled) { if (window.matchMedia('(prefers-color-scheme: dark)').matches) { currentMode = 'dark'; localStorage.setItem(darkModeID, 'dark'); } else { currentMode = 'default'; localStorage.setItem(darkModeID, 'default'); } } if ('dark' === currentMode) { document.body.setAttribute('data-theme', 'dark'); let darkIcons = document.querySelectorAll('.mode-icon-dark'); if (darkIcons.length) { for (let i = 0; i < darkIcons.length; i++) { darkIcons[i].classList.add('activated'); } } } else { document.body.setAttribute('data-theme', 'default'); let defaultIcons = document.querySelectorAll('.mode-icon-default'); if (defaultIcons.length) { for (let i = 0; i < defaultIcons.length; i++) { defaultIcons[i].classList.add('activated'); } } } })(); </script> <script> (function () { if (navigator.cookieEnabled) { const readingSize = sessionStorage.getItem('rubyResizerStep'); if (readingSize) { const body = document.querySelector('body'); if (readingSize === '2') { body.classList.add('medium-entry-size'); } else if (readingSize === '3') { body.classList.add('big-entry-size'); } } } })(); </script> <script type="text/template" id="bookmark-toggle-template"> <i class="rbi rbi-bookmark" aria-hidden="true" data-title="Save it"></i> <i class="bookmarked-icon rbi rbi-bookmark-fill" aria-hidden="true" data-title="Undo Save"></i> </script> <script type="text/template" id="bookmark-ask-login-template"> <a class="login-toggle" data-title="Sign In to Save" href="http://informedbyai.com/wp-login.php?redirect_to=http%3A%2F%2Finformedbyai.com%2F2023%2F03%2F29%2Fwhat-is-adversarial-machine-learning"><i class="rbi rbi-bookmark" aria-hidden="true"></i></a> </script> <script type="text/template" id="follow-ask-login-template"> <a class="login-toggle" data-title="Sign In to Follow" href="http://informedbyai.com/wp-login.php?redirect_to=http%3A%2F%2Finformedbyai.com%2F2023%2F03%2F29%2Fwhat-is-adversarial-machine-learning"><i class="follow-icon rbi rbi-plus" aria-hidden="true"></i></a> </script> <script type="text/template" id="follow-toggle-template"> <i class="follow-icon rbi rbi-plus" data-title="Follow"></i> <i class="followed-icon rbi rbi-bookmark-fill" data-title="Unfollow"></i> </script> <aside id="bookmark-notification" class="bookmark-notification"></aside> <script type="text/template" id="bookmark-notification-template"> <div class="bookmark-notification-inner {{classes}}"> <div class="bookmark-featured">{{image}}</div> <div class="bookmark-inner"> <span class="bookmark-title h5">{{title}}</span><span class="bookmark-desc">{{description}}</span> </div> </div> </script> <script type="text/template" id="follow-notification-template"> <div class="follow-info bookmark-notification-inner {{classes}}"> <span class="follow-desc"><span>{{description}}</span><strong>{{name}}</strong></span> </div> </script> <div id="rb-user-popup-form" class="rb-user-popup-form mfp-animation mfp-hide"> <div class="logo-popup-outer"> <div class="logo-popup"> <div class="login-popup-header"> <div class="logo-popup-logo"> <img loading="lazy" decoding="async" src="https://foxiz.themeruby.com/lifehack/wp-content/uploads/sites/4/2022/07/logo.png" alt="" height="240" width="240"> </div> <span class="logo-popup-heading h3">Welcome Back!</span> <p class="logo-popup-description is-meta">Sign in to your account</p> </div> <div class="user-form"><form name="popup-form" id="popup-form" action="http://informedbyai.com/wp-login.php" method="post"><p class="login-username"> <label for="user_login">Benutzername oder E-Mail-Adresse</label> <input type="text" name="log" id="user_login" autocomplete="username" class="input" value="" size="20" /> </p><p class="login-password"> <label for="user_pass">Passwort</label> <input type="password" name="pwd" id="user_pass" autocomplete="current-password" spellcheck="false" class="input" value="" size="20" /> </p><p class="login-remember"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" /> Angemeldet bleiben</label></p><p class="login-submit"> <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary" value="Anmelden" /> <input type="hidden" name="redirect_to" value="http://informedbyai.com/2023/03/29/what-is-adversarial-machine-learning" /> </p></form></div> <div class="user-form-footer is-meta"> <a href="http://informedbyai.com/wp-login.php?action=lostpassword">Lost your password?</a> </div> </div> </div> </div> <link rel='stylesheet' id='elementor-post-2529-css' href='http://informedbyai.com/wp-content/uploads/elementor/css/post-2529.css?ver=1695657612' media='all' /> <script id='foxiz-core-js-extra'> var foxizCoreParams = {"ajaxurl":"http:\/\/informedbyai.com\/wp-admin\/admin-ajax.php","darkModeID":"RubyDarkMode","cookieDomain":"","cookiePath":"\/"}; </script> <script src='http://informedbyai.com/wp-content/plugins/foxiz-core/assets/core.js?ver=1.9.1' id='foxiz-core-js'></script> <script src='http://informedbyai.com/wp-includes/js/comment-reply.min.js?ver=6.3.1' id='comment-reply-js'></script> <script src='http://informedbyai.com/wp-content/themes/foxiz/assets/js/jquery.waypoints.min.js?ver=3.1.1' id='jquery-waypoints-js'></script> <script src='http://informedbyai.com/wp-content/themes/foxiz/assets/js/rbswiper.min.js?ver=6.5.8' id='rbswiper-js'></script> <script src='http://informedbyai.com/wp-content/themes/foxiz/assets/js/jquery.mp.min.js?ver=1.1.0' id='jquery-magnific-popup-js'></script> <script src='http://informedbyai.com/wp-content/themes/foxiz/assets/js/jquery.tipsy.min.js?ver=1.0' id='rb-tipsy-js'></script> <script src='http://informedbyai.com/wp-content/themes/foxiz/assets/js/jquery.ui.totop.min.js?ver=v1.2' id='jquery-uitotop-js'></script> <script src='http://informedbyai.com/wp-content/themes/foxiz/assets/js/personalized.js?ver=1.9.1' id='foxiz-personalize-js'></script> <script id='foxiz-global-js-extra'> var foxizParams = {"twitterName":"","highlightShares":"1","highlightShareFacebook":"1","highlightShareTwitter":"1","highlightShareReddit":"1","sliderSpeed":"5000","sliderEffect":"slide","sliderFMode":"1"}; </script> <script src='http://informedbyai.com/wp-content/themes/foxiz/assets/js/global.js?ver=1.9.1' id='foxiz-global-js'></script> <script src='http://informedbyai.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.16.4' id='elementor-webpack-runtime-js'></script> <script src='http://informedbyai.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.16.4' id='elementor-frontend-modules-js'></script> <script src='http://informedbyai.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2' id='elementor-waypoints-js'></script> <script src='http://informedbyai.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2' id='jquery-ui-core-js'></script> <script id="elementor-frontend-js-before"> var elementorFrontendConfig = {"environmentMode":{"edit":false,"wpPreview":false,"isScriptDebug":false},"i18n":{"shareOnFacebook":"Share on Facebook","shareOnTwitter":"Share on Twitter","pinIt":"Pin it","download":"Download","downloadImage":"Download image","fullscreen":"Fullscreen","zoom":"Zoom","share":"Share","playVideo":"Play Video","previous":"Previous","next":"Next","close":"Close","a11yCarouselWrapperAriaLabel":"Carousel | Horizontal scrolling: Arrow Left & Right","a11yCarouselPrevSlideMessage":"Previous slide","a11yCarouselNextSlideMessage":"Next slide","a11yCarouselFirstSlideMessage":"This is the first slide","a11yCarouselLastSlideMessage":"This is the last slide","a11yCarouselPaginationBulletMessage":"Go to slide"},"is_rtl":false,"breakpoints":{"xs":0,"sm":480,"md":768,"lg":1025,"xl":1440,"xxl":1600},"responsive":{"breakpoints":{"mobile":{"label":"Mobile Portrait","value":767,"default_value":767,"direction":"max","is_enabled":true},"mobile_extra":{"label":"Mobile Landscape","value":880,"default_value":880,"direction":"max","is_enabled":false},"tablet":{"label":"Tablet Portrait","value":1024,"default_value":1024,"direction":"max","is_enabled":true},"tablet_extra":{"label":"Tablet Landscape","value":1200,"default_value":1200,"direction":"max","is_enabled":false},"laptop":{"label":"Laptop","value":1366,"default_value":1366,"direction":"max","is_enabled":false},"widescreen":{"label":"Widescreen","value":2400,"default_value":2400,"direction":"min","is_enabled":false}}},"version":"3.16.4","is_static":false,"experimentalFeatures":{"e_dom_optimization":true,"e_optimized_assets_loading":true,"e_optimized_css_loading":true,"additional_custom_breakpoints":true,"e_swiper_latest":true,"landing-pages":true},"urls":{"assets":"http:\/\/informedbyai.com\/wp-content\/plugins\/elementor\/assets\/"},"swiperClass":"swiper","settings":{"page":[],"editorPreferences":[]},"kit":{"active_breakpoints":["viewport_mobile","viewport_tablet"],"global_image_lightbox":"yes","lightbox_enable_counter":"yes","lightbox_enable_fullscreen":"yes","lightbox_enable_zoom":"yes","lightbox_enable_share":"yes","lightbox_title_src":"title","lightbox_description_src":"description"},"post":{"id":3232,"title":"What%20is%20Adversarial%20Machine%20Learning%3F","excerpt":"","featuredImage":"http:\/\/informedbyai.com\/wp-content\/uploads\/2023\/05\/what-is-adversarial-machine-learning-1024x608.png"}}; </script> <script src='http://informedbyai.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.16.4' id='elementor-frontend-js'></script> <script>!function(){window.advanced_ads_ready_queue=window.advanced_ads_ready_queue||[],advanced_ads_ready_queue.push=window.advanced_ads_ready;for(var d=0,a=advanced_ads_ready_queue.length;d<a;d++)advanced_ads_ready(advanced_ads_ready_queue[d])}();</script></body> </html>