Securing Safety-Critical Machine Learning Algorithms - July 2020

PI(s), Co-PI(s), Researchers: Lujo Bauer, Matt Fredrikson (CMU), Mike Reiter (UNC)

HARD PROBLEM(S) ADDRESSED

This project addresses the following hard problems: developing security metrics and developing resilient architectures. Both problems are tackled in the context of deep neural networks, which are a particularly popular and performant type of machine learning algorithm. This project develops metrics that characterize the degree to which a neural-network-based classifier can be evaded through practically realizable, inconspicuous attacks. The project also develops architectures for neural networks that would make them robust to adversarial examples.

PUBLICATIONS

C. Bender, Y. Li, Y. Shi, M. K. Reiter, and J. Oliva. Defense through diverse directions. In Proceedings of the 37th International Conference on Machine Learning, July 2020.

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

Bauer and Reiter and their students' research focused on revising and extending previous results on n-ML (which provides robustness to evasion attacks via ensembles of topologically diversified classifiers) and attacks on malware detection (see January report). Reiter also collaborated on a defense against adversarial examples leveraging Bayesian neural networks.

COMMUNITY ENGAGEMENTS (If applicable)

N/A this quarter

EDUCATIONAL ADVANCES (If applicable)

N/A this quarter