Visit ShanghaiTech University | 中文 | How to find us
HOME > News and Events > Seminars
Attack and Defense in Adversarial Machine Learning
Date: 2017/9/18             Browse: 82

Speaker:   Prof. Weilin Xu

Time:         Sept. 18, 15:00 – 16:00

Location:   Room 1A-200, SIST Building

Inviter:     Prof. Hao Chen


Machine learning has been widely used in many areas. However, the robustness of these methods against motivated adversaries in uncertain. In this talk, I will introduce some practical attacks against the typical machine learning systems and the defense techniques. First, I will demonstrate how to evade state-of-the-art PDF malware classifiers, including the one used in Gmail. The irrelevant features used in a classification model is the root cause of adversarial examples. Therefore, we developed a defense solution named Feature Squeezing that coalesces many similar samples into a single example, which had been implemented for computer vision models.

We also created a benchmarking and visualization toolbox named EvadeML-Zoo to help the researchers in this field.


Weilin Xu is a fifth year PhD student in the Computer Science department at the University of Virginia, co-advised by Prof. David Evans and Prof. Yanjun Qi. He received his bachelor degree in Computer Science and Technology from Beijing University of Posts and Telecommunications in 2012. Before joining UVa, he was an engineer at the Network and Information Security Lab at the Tsinghua University.


SIST-Seminar 17047