Collaborative Research: CCRI: New: Medium: A Development and Experimental Environment for Privacy-preserving and Secure (DEEPSECURE) Machine Learning

合作研究：CCRI：新：媒介：隐私保护和安全（DEEPSECURE）机器学习的开发和实验环境

• 批准号: 2120279
• 负责人: Hongyi Wu
• 金额: $ 78万
• 依托单位: Old Dominion University Research Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2022-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2120279&HistoricalAwards=false
• 关键词: Collaborative; Research; CCRI; New; Medium

While machine learning (ML) is embraced as an important tool for various science, engineering, medical, finance, and homeland security applications, it is becoming an increasingly attractive target for cybercriminals. DEEPSECURE is a first-of-its-kind development and experimental platform to support secure and privacy-preserving ML research. With its novel modular design integrated with fully customizable function blocks and sample modules, DEEPSECURE is a game-changing tool to effectively support research in this emerging field by enabling fast design, prototyping, evaluation, and re-innovation of trust-worthy ML applications. It enables a variety of compelling new research projects that focus on ML security and privacy, leading to breakthroughs to protect ML systems and accelerating their development and widening their adoption. It will contribute significantly to the protection of the future cyber and physical world and safeguard human society. DEEPSECURE receives strong community support from over 20 key stakeholders across the country. The project includes significant efforts for fostering and sustaining an ML security and privacy research community, including monthly virtual open forums to provide a regular update to and seek feedback from the community, quarterly advisory board meetings, annual symposiums, and a training workshop series. The project includes specific measures and plans for inspiring the participation of underrepresented groups and infusing diversity and inclusion in all DEEPSECURE events and activities. The project output includes an open-source and easy-to-use learning platform for curriculum development and workforce training. To support building a sustainable workforce development pipeline, the project team participates in the existing annual GenCyber summer camps for K-12 students and a Cyber Saturday series to introduce cybersecurity and AI career paths and educational resources to K-12 school counselors, teachers, students, and parents.Recent development in privacy-preserving and secure ML draws expertise from both ML and security/privacy to tackle the multi-faceted problem. However, the research community is facing fundamental challenges in this emerging area due to its interdisciplinary nature. On the one hand, although deep learning frameworks such as Pytorch and Tensorflow have been made widely available, a critical hurdle faced by ML researchers is the steep learning curve to effectively use security techniques and libraries to tackle ML security and privacy problems. On the other hand, while the security community has developed highly efficient cryptographic libraries, it remains nontrivial to integrate them into deep learning models to achieve a computation efficiency suited for practical applications. The overarching goal of the project is to close the gap by developing DEEPSECURE, which integrates a spectrum of essential functions and building blocks that are ready-to-use to flatten the learning curve for researchers coming from both ML and security/privacy communities. At the same time, DEEPSECURE is fully customizable and scalable, enabling deep and fundamental research toward privacy-preserving and secure ML. To meet the overarching goal, specific project objectives include: (1) acquiring a scalable and re-configurable compute environment based on the latest Dell, AMD, and Nvidia technologies to establish the DEEPSECURE hardware infrastructure across the campuses of Old Dominion University and University of Buffalo; (2) developing a new software platform to support DEEPSECURE SDE (Software Development Environment) and MEC (Multi-user Experimental Chamber). The platform is integrated with PyTorch to enable great usability for both beginners and advanced researchers and feature a scalable and customizable modular framework with seamlessly integrated libraries, function blocks, and sample modules; (3) promoting DEEPSECURE across the nation to ensure broad participation, collaboration, and sharing; (4) leveraging DEEPSECURE to foster a long-lasting, self-sustainable ML security and privacy research community that engages all stakeholders in a sustained and ongoing way; and last but not least, (5) educating and training diverse cybersecurity workforce to safeguard the future intelligent cyber systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

尽管机器学习（ML）被作为各种科学，工程，医学，金融和国土安全应用的重要工具，但它正成为网络犯罪分子越来越有吸引力的目标。 DeepSecure是一种首要的开发和实验平台，可支持安全和隐私的ML研究。 DeepSecure凭借其与完全可自定义的功能块和样品模块集成的新型模块化设计，是一种改变游戏规则的工具，可通过启用快速设计，原型设计，评估和重新创新值得信任的ML应用程序来有效地支持此新兴领域的研究。它使各种引人注目的新研究项目着重于ML安全性和隐私，从而突破性地保护了ML系统并加速其开发并扩大了其采用。它将为保护未来的网络和物理世界以及保护人类社会的保护做出重大贡献。 DeepSecure获得了全国20多名主要利益相关者的大力社区支持。该项目包括促进和维持ML安全和隐私研究社区的重大努力，包括每月的虚拟开放论坛，以定期更新和寻求社区的反馈，季度咨询委员会会议，年度研讨会和培训研讨会系列。该项目包括启发代表性不足的群体参与的特定措施和计划，并将多样性和包容性注入所有深度安全事件和活动中。该项目输出包括一个用于课程开发和劳动力培训的开源且易于使用的学习平台。为了支持建立可持续的劳动力发展管道，项目团队参加了K-12学生的现有年度Gencyber夏令营和网络周六系列，以引入网络安全和AI职业道路和教育资源和父母。保护隐私和安全的ML的经济发展从ML和安全/隐私中汲取了专业知识，以解决多方面的问题。但是，由于其跨学科性质，研究界正在面临这个新兴领域的基本挑战。 一方面，尽管已经广泛使用了Pytorch和Tensorflow之类的深度学习框架，但ML研究人员面临的关键障碍是有效地使用安全技术和库来解决ML安全和隐私问题的陡峭学习曲线。另一方面，尽管安全界已经开发了高效的加密库，但将它们集成到深度学习模型中以实现适合实际应用的计算效率仍然不足。该项目的总体目标是通过开发深层安全来缩小差距，该障碍集成了一系列基本功能和构件，这些功能和构件可以使用，这些功能和构件可以为来自ML和安全/隐私社区的研究人员弄平学习曲线。同时，DeepSecure是完全可定制和可扩展的，为保护隐私和安全的ML提供了深入而基本的研究。为了满足总体目标，具体的项目目标包括：（1）基于最新的Dell，AMD和NVIDIA Technologies获得可扩展且可重新配置的计算环境，以在整个旧的Dominion大学和大学校园内建立深度范围的硬件基础设施水牛; （2）开发一个新的软件平台，以支持DeepSecure SDE（软件开发环境）和MEC（多用户实验室）。该平台与Pytorch集成在一起，可为初学者和高级研究人员提供出色的可用性，并具有可扩展和可自定义的模块化框架，并具有无缝集成的库，功能块和样本模块； （3）在全国范围内推广深度景观，以确保广泛的参与，合作和共享； （4）利用深度的安全来促进一个持久的，可自我维持的ML安全和隐私研究社区，以持续和持续的方式与所有利益相关者保持联系；最后但并非最不重要的一点是，（5）教育和培训多样化的网络安全劳动力以维护未来的智能网络系统。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛影响的评估来评估值得支持的。

项目成果

Hibernated Backdoor: A Mutual Information Empowered Backdoor Attack to Deep Neural Networks

• DOI: 10.1609/aaai.v36i9.21272
• 发表时间: 2022-06
• 作者: R. Ning;Jiang Li;Chunsheng Xin;Hongyi Wu;Chong Wang

TrojanFlow: A Neural Backdoor Attack to Deep Learning-based Network Traffic Classifiers

• DOI: 10.1109/infocom48880.2022.9796878
• 发表时间: 2022-05
• 期刊: IEEE INFOCOM 2022 - IEEE Conference on Computer Communications
• 作者: R. Ning;Chunsheng Xin;Hongyi Wu

CLEAR: Clean-up Sample-Targeted Backdoor in Neural Networks

• DOI: 10.1109/iccv48922.2021.01614
• 发表时间: 2021-10
• 期刊: 2021 IEEE/CVF International Conference on Computer Vision (ICCV)
• 作者: Liuwan Zhu;R. Ning;Chunsheng Xin;Chong Wang;Hongyi Wu

Camouflaged Poisoning Attack on Graph Neural Networks

• DOI: 10.1145/3512527.3531373
• 发表时间: 2022-06
• 期刊: Proceedings of the 2022 International Conference on Multimedia Retrieval
• 作者: Chao Jiang;Yingzhe He;Richard Chapman;Hongyi Wu

Hunter: HE-Friendly Structured Pruning for Efficient Privacy-Preserving Deep Learning

• DOI: 10.1145/3488932.3517401
• 发表时间: 2022-05
• 期刊: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security
• 作者: Yifei Cai;Qiao Zhang;R. Ning;Chunsheng Xin;Hongyi Wu