We will study how to harden machine learning classifiers against adversarial attack. We will explore general mechanisms for making deep-learning classifiers more robust against attack, with a special focus on security for autonomous vehicles. Current schemes fail badly in the presence of an attacker who is trying to fool or manipulate the model, so there is a need for better defenses. We will study three specific approaches for defending machine learning: generative models, checking internal consistency, and making improvements to adversarial training.
