This year (2018), I'm interested in projects that
explore limits of adversarial machine learning
- Image classifiers like Google Images use machine learning. The drudgery of machine learning is much reduced by using tools like TensorFlow.
- But machine learning techniques are vulnerable to manipulation by an attacker.
For example, using a few lines of Python/TensorFlow, one can calculate
the noise needed to turn an image classified as “panda” to one
classified as “gibbon”.
- In another example, judicious positioning of stickers on a STOP
sign can make it get classified as a "50 MPH" sign, possibly
disrupting self-driving cars.
- A project might explore how robust these attacks are. Do they
survive rotations, flips, jpeg encodings, further random noise, etc?
- Can we alter the machine learning algo to avoid attacks like these? Can we improve the attacks so they work even with the altered code?