SaTC: CORE: Frontier: Collaborative: End-to-End Trustworthiness of Machine-Learning Systems

SaTC：核心：前沿：协作：机器学习系统的端到端可信度

• 批准号: 1804603
• 负责人: David Evans
• 金额: $ 92.61万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1804603&HistoricalAwards=false
• 关键词: SaTC; CORE; Frontier; Collaborative; End

This frontier project establishes the Center for Trustworthy Machine Learning (CTML), a large-scale, multi-institution, multi-disciplinary effort whose goal is to develop scientific understanding of the risks inherent to machine learning, and to develop the tools, metrics, and methods to manage and mitigate them. The center is led by a cross-disciplinary team developing unified theory, algorithms and empirical methods within complex and ever-evolving ML approaches, application domains, and environments. The science and arsenal of defensive techniques emerging within the center will provide the basis for building future systems in a more trustworthy and secure manner, as well as fostering a long term community of research within this essential domain of technology. The center has a number of outreach efforts, including a massive open online course (MOOC) on this topic, an annual conference, and broad-based educational initiatives. The investigators continue their ongoing efforts at broadening participation in computing via a joint summer school on trustworthy ML aimed at underrepresented groups, and by engaging in activities for high school students across the country via a sequence of webinars advertised through the She++ network and other organizations.The center focuses on three interconnected and parallel investigative directions that represent the different classes of attacks attacking ML systems: inference attacks, training attacks, and abuses of ML. The first direction explores inference time security, namely methods to defend a trained model from adversarial inputs. This effort emphasizes developing formally grounded measurements of robustness against adversarial examples (defenses), as well as understanding the limits and costs of attacks. The second research direction aims to develop rigorously grounded measures of robustness to attacks that corrupt the training data and new training methods that are robust to adversarial manipulation. The final direction tackles the general security implications of sophisticated ML algorithms including the potential abuses of generative ML models, such as models that generate (fake) content, as well as data mechanisms to prevent the theft of a machine learning model by an adversary who interacts with the model.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这个边界项目建立了值得信赖的机器学习中心（CTML），这是一个大规模，多机构，多学科的努力，其目标是对机器学习固有的风险发展科学理解，并开发工具，指标和方法来管理和缓解它们。 该中心由一个跨学科团队领导，在复杂且不断发展的ML方法，应用领域和环境中开发统一理论，算法和经验方法。中心内出现的防御技术的科学和武器库将为以更可信赖和安全的方式构建未来系统，并在这一基本技术领域内建立长期的研究社区。该中心有许多外展工作，包括有关此主题的大规模开放在线课程（MOOC），年度会议和基于广泛的教育计划。调查人员继续进行持续的努力，以通过一所信任的ML旨在扩大夏季学校的参与计算，旨在旨在代表性不足的群体，并通过通过SHE ++网络和其他组织进行的一系列网络研讨会为全国各地的高中生进行活动，该中心侧重于三个互联和平行的攻击攻击攻击的攻击，攻击攻击的攻击性ML攻击，攻击攻击的攻击效果： ML。 第一个方向探讨了推理时间安全性，即捍卫训练有素的模型免受对抗输入的方法。这项努力强调了针对对抗性例子（防御）的鲁棒性正式衡量，并了解攻击的限制和成本。第二个研究方向旨在制定严格扎根的鲁棒性衡量标准，以破坏训练数据和对对抗性操纵的新训练方法的攻击。 最终方向解决了复杂的ML算法的一般安全含义，包括生成ML模型的潜在滥用，例如产生（假）内容的模型，以及防止与该模型互动的对手盗窃机器学习模型的数据机制，这反映了NSF的法定任务和经过评估的范围，这是通过评估的范围来进行的。

项目成果

Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness

• 发表时间: 2019-05
• 作者: Saeed Mahloujifar;Xiao Zhang;Mohammad Mahmoody;David Evans

Understanding the Intrinsic Robustness of Image Distributions using Conditional Generative Models

• 发表时间: 2020-03
• 作者: Xiao Zhang;Jinghui Chen;Quanquan Gu;David Evans

Improved Estimation of Concentration Under ℓp-Norm Distance Metrics Using Half Spaces

使用半空间改进 β-范数距离度量下的浓度估计

• 发表时间: 2021
• 期刊: International Conference on Learning Representations (ICLR
• 作者: Prescott, Jack;Zhang, Xiao;Evans, David
• 通讯作者: Evans, David

Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries

• 发表时间: 2019-08
• 期刊: ArXiv
• 作者: Fnu Suya;Jianfeng Chi;David Evans;Yuan Tian

Learning Adversarially Robust Representations via Worst-Case Mutual Information Maximization

• 发表时间: 2020-02
• 期刊: ArXiv
• 作者: Sicheng Zhu;Xiao Zhang;David E. Evans