Securing Safety-Critical Machine Learning Algorithms - April 2019

PI(s), Co-PI(s), Researchers: Lujo Bauer, Matt Fredrikson (CMU), Mike Reiter (UNC)

HARD PROBLEM(S) ADDRESSED

This project addresses the following hard problems: developing security metrics and developing resilient architectures. Both problems are tackled in the context of deep neural networks, which are a particularly popular and performant type of machine learning algorithm. This project develops metrics that characterize the degree to which a neural-network-based classifier can be evaded through practically realizable, inconspicuous attacks. The project also develops architectures for neural networks that would make them robust to adversarial examples.

PUBLICATIONS

N/A this quarter

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

N/A this quarter

COMMUNITY ENGAGEMENTS (If applicable)

Bauer presented at the Aspen Institute's IARPA Emerging Threats Seminar in Washington DC on topics covered by this award.

EDUCATIONAL ADVANCES (If applicable)

Fredrikson has worked with his PhD student, who has been supported by the project, on developing a course module in which students apply the attribution framework (developed as part of this project) to convolutional networks. Future plans include extending this module to have students leverage the framework for detecting and explaining adversarial examples.