CAREER: DeepTrust: Enabling Robust Machine Learning with Exogenous Information

职业：DeepTrust：利用外源信息实现稳健的机器学习

• 批准号: 2046726
• 负责人: Bo Li
• 金额: $ 50万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-06-01 至 2026-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2046726&HistoricalAwards=false
• 关键词: CAREER; DeepTrust; Enabling; Robust; Machine

Great advances in machine learning have led to state-of-the-art performance on a wide range of tasks, such as image classification, machine translation, and robotics. However, recent studies have shown that when machine learning models are exposed to adversarial attacks, they can be fooled, evaded, and misled in ways that would have profound security implications: image recognition, natural language processing, and audio recognition systems have all been attacked recently. As machine learning techniques are incorporated into safety-critical systems, from financial systems to self-driving cars to medical diagnosis, it is vitally important to develop trustworthy and robust learning approaches for massive production and deployment of safety-critical machine learning applications. Although there have been exciting progresses in the area of robust learning, there is still a long way to go considering sophisticated real-world adversaries. Thus, in this project the investigator aims to gain fundamental understandings about adversarial properties and constraints, and develop machine learning systems with robustness guarantees for different real-world applications.One limitation of existing learning methods is inherent in the fact that most existing methods have been treating machine learning as a “pure data-driven technique” that solely depends on a given training-set, without interacting with their rich exogenous information that is not fully modeled by the data itself. This project aims to design novel techniques to incorporate exogenous information in machine learning systems. In particular, this project includes three aims, each of which addresses a unique challenge of understanding and integrating exogenous information to design robust machine learning systems: (1) the team of researchers will first focus on understanding of intrinsic information such as model viability and leverage it to design certifiably robust machine learning models/ensembles, (2) then the researchers will focus on the extrinsic information such as domain knowledge to design certifiably robust machine learning pipelines, (3) finally the researchers will apply the proposed techniques to two safety-critical applications, adversarial multimedia data detection and robust autonomous vehicles, to demonstrate the practicality of the proposed research.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

机器学习的巨大进步已经在图像分类、机器翻译和机器人等各种任务上取得了最先进的性能，然而，最近的研究表明，当机器学习模型受到对抗性攻击时。 ，他们可能会被愚弄、逃避和误导，从而产生深远的安全影响：随着机器学习技术被纳入金融等安全关键系统，图像识别、自然语言处理和音频识别系统最近都受到了攻击。从系统到自动驾驶汽车到医疗尽管在鲁棒学习领域已经取得了令人兴奋的进展，但考虑到仍然有很长的路要走，开发可靠且鲁棒的学习方法来大规模生产和部署安全关键的机器学习应用程序至关重要。因此，在这个项目中，研究者的目标是获得对对抗属性和约束的基本理解，并开发具有鲁棒性保证的机器学习系统，以适应不同的现实世界应用。现有学习方法的一个局限性是事实固有的。大多数现有方法都在处理机器学习作为一种“纯数据驱动技术”，仅依赖于给定的训练集，而不与数据本身未完全建模的丰富外源信息进行交互。该项目旨在设计新颖的技术，将外源信息纳入机器学习中。特别是，该项目包括三个目标，每个目标都解决了理解和整合外源信息以设计强大的机器学习系统的独特挑战：（1）研究团队将首先关注对模型可行性等内在信息的理解。并利用它来设计可证明稳健的机器学习模型/集成，(2) 然后研究人员将重点关注领域知识等外在信息，以设计可证明稳健的机器学习管道，(3) 最后研究人员将所提出的技术应用于两个安全关键应用，即对抗性多媒体数据检测该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。