Abstract: Various embodiments are provided for securing machine learning models by one or more processors in a computing system. One or more hardened machine learning models that are secured against adversarial attacks are provided by applying one or more of a plurality of combinations of selected preprocessing operations from one or more machine learning models, a data set used for hardening the one or more machine learning models, a list of preprocessors, and a selected number of learners.

Abstract: One or more hardened machine learning models are secured against adversarial attacks by adding adversarial protection to one or more previously trained machine learning models. To generate the hardened machine learning models, the previously trained machine learning models are retrained and extended using preprocessing layers or using additional network layers which test model performance on benign or adversarial samples. A rollback strategy is additionally implemented to retain intermediate model states during the retraining to provide recovery if a training collapse is detected.

Abstract: Embodiments for providing adversarial protection to computing display devices by a processor. Security defenses may be provided on one or more image display devices against automated media analysis by using adversarial noise, an adversarial patch, or a combination thereof.

Abstract: A method for protecting a machine learning model includes: generating a first adversarial example by modifying an original input using an attack tactic, wherein the model accurately classifies the original input but does not accurately classify at least the first adversarial example; training a defender to protect the model from the first adversarial example by updating a strategy of the defender based on predictive results from classifying the first adversarial example; updating the attack tactic based on the predictive results from classifying the first adversarial example; generating a second adversarial example by modifying the original input using the updated attack tactic, wherein the trained defender does not protect the model from the second adversarial example; and training the defender to protect the model from the second adversarial example by updating the at least one strategy of the defender based on results obtained from classifying the second adversarial example.

Abstract: Various embodiments are provided for securing trained machine learning models by one or more processors in a computing system. One or more hardened machine learning models are secured against adversarial attacks by adding adversarial protection to one or more trained machine learning model.

Abstract: Embodiments for providing adversarial protection to computing display devices by a processor. Security defenses may be provided on one or more image display devices against automated media analysis by using adversarial noise, an adversarial patch, or a combination thereof.

Abstract: Various embodiments are provided for securing machine learning models by one or more processors in a computing system. One or more hardened machine learning models that are secured against adversarial attacks are provided by applying one or more of a plurality of combinations of selected preprocessing operations from one or more machine learning models, a data set used for hardening the one or more machine learning models, a list of preprocessors, and a selected number of learners.

Abstract: Embodiments for providing adversarial protection of speech in audio signals by a processor. Security defenses on one or more audio devices may be provide against automated audio analysis of audio signals by using adversarial noise.

Abstract: A method for protecting a machine learning model includes: generating a first adversarial example by modifying an original input using an attack tactic, wherein the model accurately classifies the original input but does not accurately classify at least the first adversarial example; training a defender to protect the model from the first adversarial example by updating a strategy of the defender based on predictive results from classifying the first adversarial example; updating the attack tactic based on the predictive results from classifying the first adversarial example; generating a second adversarial example by modifying the original input using the updated attack tactic, wherein the trained defender does not protect the model from the second adversarial example; and training the defender to protect the model from the second adversarial example by updating the at least one strategy of the defender based on results obtained from classifying the second adversarial example.