Lecture 4 - Deep Neural Networks and Adversarial Examples


In this lecture we change perspective, from AI for cryptography to cryptography for AI. In particular, we start with a brief review of neural networks (NN) and their learning algorithms. Then, we move to the security problem of adversarial examples, which are carefully crafted inputs that force a deep NN into making a wrong classification. We look into the so-called one-pixel attack in more detail, where the adversarial example is created by modifying a single pixel of an image through an evolutionary algorithm.

Topics covered:

  • Intro to basic concepts of Machine Learning
  • Recap of Neural Networks
  • Adversarial Examples and their threat models
  • The one-pixel attack and differential evolution

Reading Material

Nice textbooks on Machine Learning, freely available online:

Lecture Recording