SaTC: CORE: Frontier: Collaborative: End-to-End Trustworthiness of Machine-Learning Systems

SaTC：核心：前沿：协作：机器学习系统的端到端可信度

• 批准号: 1804603
• 负责人: David Evans
• 金额: $ 92.61万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1804603&HistoricalAwards=false
• 关键词: SaTC; CORE; Frontier; Collaborative; End

This frontier project establishes the Center for Trustworthy Machine Learning (CTML), a large-scale, multi-institution, multi-disciplinary effort whose goal is to develop scientific understanding of the risks inherent to machine learning, and to develop the tools, metrics, and methods to manage and mitigate them. The center is led by a cross-disciplinary team developing unified theory, algorithms and empirical methods within complex and ever-evolving ML approaches, application domains, and environments. The science and arsenal of defensive techniques emerging within the center will provide the basis for building future systems in a more trustworthy and secure manner, as well as fostering a long term community of research within this essential domain of technology. The center has a number of outreach efforts, including a massive open online course (MOOC) on this topic, an annual conference, and broad-based educational initiatives. The investigators continue their ongoing efforts at broadening participation in computing via a joint summer school on trustworthy ML aimed at underrepresented groups, and by engaging in activities for high school students across the country via a sequence of webinars advertised through the She++ network and other organizations.The center focuses on three interconnected and parallel investigative directions that represent the different classes of attacks attacking ML systems: inference attacks, training attacks, and abuses of ML. The first direction explores inference time security, namely methods to defend a trained model from adversarial inputs. This effort emphasizes developing formally grounded measurements of robustness against adversarial examples (defenses), as well as understanding the limits and costs of attacks. The second research direction aims to develop rigorously grounded measures of robustness to attacks that corrupt the training data and new training methods that are robust to adversarial manipulation. The final direction tackles the general security implications of sophisticated ML algorithms including the potential abuses of generative ML models, such as models that generate (fake) content, as well as data mechanisms to prevent the theft of a machine learning model by an adversary who interacts with the model.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这个边界项目建立了值得信赖的机器学习中心（CTML），这是一个大规模，多机构，多学科的努力，其目标是对机器学习固有的风险发展科学理解，并开发工具，指标，指标，指标，指标以及管理和减轻它们的方法。 该中心由一个跨学科团队领导，在复杂且不断发展的ML方法，应用领域和环境中开发统一理论，算法和经验方法。中心内出现的防御技术的科学和武器库将为以更可信赖和安全的方式构建未来系统，并在这一基本技术领域内建立长期的研究社区。该中心有许多外展工作，包括有关此主题的大规模开放在线课程（MOOC），年度会议和基于广泛的教育计划。调查人员继续持续的努力，通过一所旨在可信赖的ML的暑期学校扩大计算的参与，旨在通过SHE ++网络和其他组织通过广告宣传全国的高中生进行活动。该中心着重于三个互连和并行的调查方向，这些指示代表了攻击ML系统的不同类别的攻击类别：推理攻击，训练攻击和ML的滥用。 第一个方向探讨了推理时间安全性，即捍卫训练有素的模型免受对抗输入的方法。这项努力强调了针对对抗性例子（防御）的鲁棒性正式衡量，并了解攻击的限制和成本。第二个研究方向旨在制定严格扎根的鲁棒性衡量标准，以破坏训练数据和对对抗性操纵的新训练方法的攻击。 最终方向可以解决复杂的ML算法的一般安全含义，包括生成ML模型的潜在滥用，例如生成（假）内容的模型以及数据机制，以防止互动的对手盗窃机器学习模型该奖项反映了NSF的法定任务，并通过使用基金会的知识分子优点和更广泛的影响审查标准来评估值得支持。

项目成果

Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness

• 发表时间: 2019-05
• 作者: Saeed Mahloujifar;Xiao Zhang;Mohammad Mahmoody;David Evans

Understanding the Intrinsic Robustness of Image Distributions using Conditional Generative Models

• 发表时间: 2020-03
• 作者: Xiao Zhang;Jinghui Chen;Quanquan Gu;David Evans

Improved Estimation of Concentration Under ℓp-Norm Distance Metrics Using Half Spaces

使用半空间改进 β-范数距离度量下的浓度估计

• 发表时间: 2021
• 期刊: International Conference on Learning Representations (ICLR
• 作者: Prescott, Jack;Zhang, Xiao;Evans, David
• 通讯作者: Evans, David

Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries

• 发表时间: 2019-08
• 期刊: ArXiv
• 作者: Fnu Suya;Jianfeng Chi;David Evans;Yuan Tian

Learning Adversarially Robust Representations via Worst-Case Mutual Information Maximization

• 发表时间: 2020-02
• 期刊: ArXiv
• 作者: Sicheng Zhu;Xiao Zhang;David E. Evans