Call for Participation
We look forward to your participation in the 2nd SIG-SEC International Symposium on AI Safety and Security!
In recent years, numerous AI-based products and services have permeated society, with AI-driven decision-making increasingly exerting influence over human lives and various industries. As AI-driven autonomous decision-making gradually displaces human involvement, the necessity to consider AI security as a design principle has grown significantly. This symposium aims to explore and advance AI safety and security research, encompassing malfunction, attacks, defenses, tracking, and analysis, in pursuit of innovative ideas and solutions.
Organizer
Co-organizer
Supported by
Sponsored by
JSAI SIG-SEC
(Japan Society of Artificial Intelligence, AI Safety and Security Special Interest Group)
AWS (AI Security Workshop Committee)
Japan Datacom, Institute of Information Security
DNV Business Assurance Japan
Date
Venue
Registration URL
Registration Fee
Jan 17h (Fri), 2025
Institute of Information Security (IISEC)
2-14-1 Tsuruyacho, Kanagawa-ku, Yokohama 221-0835, Japan
https://www.iisec.ac.jp/english/access/
(5 min walk from JR Yokohama Station)
https://www.ai-gakkai.or.jp/sig-system/sigusers/add/sec/int_sigsec2025
Free
Program
| 10:00-10:05 | Opening |
| 10:05-10:45 | Invite Talk: Can You Recover a Deep Neural Network From Its Answers? Adi Shamir, Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks. Such networks are typically made available as “black boxes” with which the public can interact. Thus, it is essential to determine the difficulty of extracting all the parameters of such neural networks when given access only to their inputs and outputs. In this talk I will use cryptographic ideas and techniques to show that for ReLU-based DNN’s, this can be done in polynomial time (as a function of the number of neurons). This attack was practically demonstrated by applying it successfully to extract all the ~1 million parameters of a deep network for classifying CIFAR10 images. |
| 10:45-10:50 | Break |
| 10:50-11:10 | Theoretical foundation of a defence method against adversarial examples based on Dimpled Manifold Model Hiroaki Maeshima, Akira Otsuka(Institute of Information Security) |
| 11:10-11:30 | Model Extraction Attack against Color Image Classification DNN by Querying Fractal Images Kota Yoshida, Hiroto Kawazu (Ritsumeikan University) |
| 11:30-11:50 | Parameter Matching Attack: Enhancing Practical Applicability of Availability Attacks Zhe Yu (RIKEN AIP), Jun Sakuma (Institute of Science Tokyo/RIKEN AIP) |
| 11:50 | Closing |