Securing Safety-Critical Machine Learning Algorithms - July 2021

PI(s), Co-PI(s), Researchers: Lujo Bauer, Matt Fredrikson (CMU), Mike Reiter (UNC)

HARD PROBLEM(S) ADDRESSED

This project addresses the following hard problems: developing security metrics and developing resilient architectures. Both problems are tackled in the context of deep neural networks, which are a particularly popular and performant type of machine learning algorithm. This project develops metrics that characterize the degree to which a neural-network-based classifier can be evaded through practically realizable, inconspicuous attacks. The project also develops architectures for neural networks that would make them robust to adversarial examples.

PUBLICATIONS

Keane Lucas, Mahmood Sharif, Lujo Bauer, Michael K. Reiter, Saurabh Shintre. Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes. In Proc. AsiaCCS, June 2021. To appear.

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

No new data

COMMUNITY ENGAGEMENTS (If applicable)

Invited talks by Bauer:

• "On the practical risks and benefits of AI to security," keynote, 5th Italian Conference on Cybersecurity (ITASEC'21). Apr. 8, 2021.
• "Beyond lp balls: Attacks on real-world uses of machine learning,'' Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems / CVPR workshop. Jun. 19, 2021.

EDUCATIONAL ADVANCES (If applicable)

N/A this quarter