Model evasion attacks are the most studied type of attack that uses adversarial examples, which are maliciously crafted inputs generated by adding small perturbation to the original input in order to force an ML model into generating wrong predictions. Different frameworks using ML in their core, such as deep reinforcement learning, are also vulnerable to adversarial examples during inference. Many different defense strategies have been proposed to detect or mitigate model evasion attacks, or to make ML models more robust to adversarial examples. The arms race still continues today, and model evasion attacks continue to be a critical security threat to ML-based systems.

Conference paper publications

• Buse G. A. Tekgul, Shelly Wang, Samuel Marchal, N. Asokan. Real-time Adversarial Perturbations against Deep Reinforcement Learning Policies: Attacks and Defenses. ESORICS 2022. arXiv preprint
• Mika Juuti, Buse G. A. Tekgul, N. Asokan: Making targeted black-box evasion attacks effective and efficient. AISec 2019. arXiv preprint

Talks

• Real-time Adversarial Perturbations against Deep Reinforcement Learning Policies: Attacks and Defenses. ESORICS talk [pdf]
• Making targeted black-box evasion attacks effective and efficient: AISec talk [pdf]

Demos & Posters

• Secure Systems Demo Day 2019: Making Targeted Evasion Attacks Effective and Efficient (May 29, Aalto University, Finland), poster

Source code

• GitHub source code for AD3 (Defense against adversarial perturbations in deep reinforcement learning)