Machine Learning 101: The Integrity of Image (Mis)Classification?

Professor Ron Rivest observed the close relationship between cryptography and machine learning at the ASIACRYPT conference back in 1991. Cross-fertilization of common notions, such as integrity, privacy, confidentiality and authenticity, have only grown in the following three decades as these fields have become more central to our everyday lives.

This blog post is the first in a series related to machine learning, and highlights a realistic weakness in the integrity of image classification systems. As a running example, the post will demonstrate how images that are correctly recognized as containing a stop signal are minimally perturbed into derived images which are then incorrectly classified into another category. Consider the impact of self-driving cars that incorrectly recognize stop signals, or the potential consequences of client-side media scanning incorrectly flagging problematic content.

This is an executable blog post that you can run yourself by loading the Gist .ipynb file into any Jupyter-based notebook system, or you can just continue browsing it below.

Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.