Adversarial Machine Learning

A significant robustness gap exists between machine intelligence and human perception despite recent advances in deep learning. A critical challenge in deep learning is the vulnerability of deep learning networks to security attacks from malicious adversaries. Even innocuous perturbations to the training data can be used to manipulate the behaviour of the deep network in unintended ways. This book provides insights on the relation between adversarial deep learning and cyber attacks. The robustness of the adversarial deep learning networks have been surveyed to produce a taxonomy of adversarial examples characterizing the training of learning systems with game theoretical adversarial learning algorithms. The existing literature on recent research into game theoretical adversarial deep learning is summarized to explore the systems theoretic dependence between randomization in adversarial manipulations and generalizability in blackbox optimizations of the game theoretical adversarial deep learning. Another interesting study is that of defence mechanisms available for deep learning models deployed in real world environments. The learning theories in defence mechanisms study feature manipulations, misclassifications costs and distributional robustness in adversarial learning applications. Future research directions are proposed in adversarial deep learning applications specialized to the data analytics applicable in Cybersecurity solutions. Such research themes are applicable to resilient systems design in machine learning which is a critical component for trustworthy systems in cybersecurity and artificial intelligence, but one that is poorly understood and investigated by mainstream security research and industry community. The known invasive techniques and their countermeasures to develop future cybersecurity capabilities are also reviewed. They are useful for security evaluation of machine learning algorithms with the design-for-security paradigm of adversarial learning to complement the classical design-for-performance paradigm of machine learning. This book is relevant for Adversarial Machine Learning practitioners and Adversarial Artificial Intelligence researchers working in the design and application of Adversarial Deep Learning.