Collaborative Research: CCRI: New: Medium: A Development and Experimental Environment for Privacy-preserving and Secure (DEEPSECURE) Machine Learning

合作研究：CCRI：新：媒介：隐私保护和安全（DEEPSECURE）机器学习的开发和实验环境

• 批准号: 2120279
• 负责人: Hongyi Wu
• 金额: $ 78万
• 依托单位: Old Dominion University Research Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2022-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2120279&HistoricalAwards=false
• 关键词: Collaborative; Research; CCRI; New; Medium

While machine learning (ML) is embraced as an important tool for various science, engineering, medical, finance, and homeland security applications, it is becoming an increasingly attractive target for cybercriminals. DEEPSECURE is a first-of-its-kind development and experimental platform to support secure and privacy-preserving ML research. With its novel modular design integrated with fully customizable function blocks and sample modules, DEEPSECURE is a game-changing tool to effectively support research in this emerging field by enabling fast design, prototyping, evaluation, and re-innovation of trust-worthy ML applications. It enables a variety of compelling new research projects that focus on ML security and privacy, leading to breakthroughs to protect ML systems and accelerating their development and widening their adoption. It will contribute significantly to the protection of the future cyber and physical world and safeguard human society. DEEPSECURE receives strong community support from over 20 key stakeholders across the country. The project includes significant efforts for fostering and sustaining an ML security and privacy research community, including monthly virtual open forums to provide a regular update to and seek feedback from the community, quarterly advisory board meetings, annual symposiums, and a training workshop series. The project includes specific measures and plans for inspiring the participation of underrepresented groups and infusing diversity and inclusion in all DEEPSECURE events and activities. The project output includes an open-source and easy-to-use learning platform for curriculum development and workforce training. To support building a sustainable workforce development pipeline, the project team participates in the existing annual GenCyber summer camps for K-12 students and a Cyber Saturday series to introduce cybersecurity and AI career paths and educational resources to K-12 school counselors, teachers, students, and parents.Recent development in privacy-preserving and secure ML draws expertise from both ML and security/privacy to tackle the multi-faceted problem. However, the research community is facing fundamental challenges in this emerging area due to its interdisciplinary nature. On the one hand, although deep learning frameworks such as Pytorch and Tensorflow have been made widely available, a critical hurdle faced by ML researchers is the steep learning curve to effectively use security techniques and libraries to tackle ML security and privacy problems. On the other hand, while the security community has developed highly efficient cryptographic libraries, it remains nontrivial to integrate them into deep learning models to achieve a computation efficiency suited for practical applications. The overarching goal of the project is to close the gap by developing DEEPSECURE, which integrates a spectrum of essential functions and building blocks that are ready-to-use to flatten the learning curve for researchers coming from both ML and security/privacy communities. At the same time, DEEPSECURE is fully customizable and scalable, enabling deep and fundamental research toward privacy-preserving and secure ML. To meet the overarching goal, specific project objectives include: (1) acquiring a scalable and re-configurable compute environment based on the latest Dell, AMD, and Nvidia technologies to establish the DEEPSECURE hardware infrastructure across the campuses of Old Dominion University and University of Buffalo; (2) developing a new software platform to support DEEPSECURE SDE (Software Development Environment) and MEC (Multi-user Experimental Chamber). The platform is integrated with PyTorch to enable great usability for both beginners and advanced researchers and feature a scalable and customizable modular framework with seamlessly integrated libraries, function blocks, and sample modules; (3) promoting DEEPSECURE across the nation to ensure broad participation, collaboration, and sharing; (4) leveraging DEEPSECURE to foster a long-lasting, self-sustainable ML security and privacy research community that engages all stakeholders in a sustained and ongoing way; and last but not least, (5) educating and training diverse cybersecurity workforce to safeguard the future intelligent cyber systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

虽然机器学习 (ML) 被视为各种科学、工程、医疗、金融和国土安全应用的重要工具，但它正成为网络犯罪分子越来越有吸引力的目标。 DEEPSECURE 是首个支持安全和隐私保护的机器学习研究的开发和实验平台。 DEEPSECURE 以其新颖的模块化设计与完全可定制的功能块和示例模块相集成，是一款改变游戏规则的工具，可通过实现值得信赖的 ML 应用程序的快速设计、原型设计、评估和再创新来有效支持这一新兴领域的研究。它支持各种引人注目的新研究项目，重点关注机器学习安全和隐私，从而在保护机器学习系统方面取得突破，加速其开发并扩大其采用。将为保护未来网络和物理世界、维护人类社会做出重大贡献。 DEEPSECURE 得到了全国 20 多个主要利益相关者的大力支持。该项目包括为培育和维持机器学习安全和隐私研究社区所做的重大努力，包括每月一次的虚拟开放论坛，定期向社区提供更新并寻求反馈，每季度的顾问委员会会议、年度研讨会和系列培训研讨会。该项目包括激励代表性不足群体参与并在所有 DEEPSECURE 事件和活动中注入多样性和包容性的具体措施和计划。该项目的成果包括一个用于课程开发和劳动力培训的开源且易于使用的学习平台。为了支持建立可持续的劳动力发展渠道，项目团队参加了现有的 K-12 学生年度 GenCyber​​ 夏令营和网络周六系列活动，向 K-12 学校辅导员、教师、学生介绍网络安全和人工智能职业道路和教育资源隐私保护和安全机器学习的最新发展汲取了机器学习和安全/隐私方面的专业知识来解决多方面的问题。然而，由于其跨学科性质，研究界在这一新兴领域面临着根本性挑战。 一方面，尽管 Pytorch 和 Tensorflow 等深度学习框架已被广泛使用，但机器学习研究人员面临的一个关键障碍是有效使用安全技术和库来解决机器学习安全和隐私问题的陡峭学习曲线。另一方面，虽然安全社区已经开发了高效的密码库，但将它们集成到深度学习模型中以实现适合实际应用的计算效率仍然很重要。该项目的总体目标是通过开发 DEEPSECURE 来缩小差距，DEEPSECURE 集成了一系列基本功能和构建块，可随时使用，以拉平来自 ML 和安全/隐私社区的研究人员的学习曲线。同时，DEEPSECURE 是完全可定制和可扩展的，支持对隐私保护和安全 ML 进行深入和基础的研究。为实现总体目标，具体项目目标包括：(1) 获取基于最新的 Dell、AMD 和 Nvidia 技术的可扩展和可重新配置的计算环境，以在奥道明大学和奥多米尼恩大学校园内建立 DEEPSECURE 硬件基础设施。水牛; （2）开发新的软件平台，支持DEEPSECURE SDE（软件开发环境）和MEC（多用户实验室）。该平台与 PyTorch 集成，为初学者和高级研究人员提供了良好的可用性，并具有可扩展和可定制的模块化框架，具有无缝集成的库、功能块和示例模块； (3) 在全国范围内推广DEEPSECURE，确保广泛参与、协作和共享； (4) 利用 DEEPSECURE 培育一个持久、自我可持续的机器学习安全和隐私研究社区，以持续和持续的方式吸引所有利益相关者；最后但并非最不重要的一点是，(5) 教育和培训多样化的网络安全人员，以保护未来的智能网络系统。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Hunter: HE-Friendly Structured Pruning for Efficient Privacy-Preserving Deep Learning

Hunter：HE友好的结构化剪枝，用于有效保护隐私的深度学习

• DOI: 10.1145/3488932.3517401
• 发表时间: 2022-05
• 期刊: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security
• 作者: Cai, Yifei;Zhang, Qiao;Ning, Rui;Xin, Chunsheng;Wu, Hongyi
• 通讯作者: Wu, Hongyi

Camouflaged Poisoning Attack on Graph Neural Networks

图神经网络的伪装中毒攻击

• DOI: 10.1145/3512527.3531373
• 发表时间: 2022-06-27
• 期刊: Proceedings of the 2022 International Conference on Multimedia Retrieval
• 作者: Chao Jiang;Yingzhe He;Richard Chapman;Hongyi Wu
• 通讯作者: Hongyi Wu

TrojanFlow: A Neural Backdoor Attack to Deep Learning-based Network Traffic Classifiers

TrojanFlow：针对基于深度学习的网络流量分类器的神经后门攻击

• DOI: 10.1109/infocom48880.2022.9796878
• 发表时间: 2022-05
• 期刊: IEEE INFOCOM 2022 - IEEE Conference on Computer Communications
• 作者: Ning, Rui;Xin, Chunsheng;Wu, Hongyi
• 通讯作者: Wu, Hongyi

CLEAR: Clean-up Sample-Targeted Backdoor in Neural Networks

CLEAR：清理神经网络中针对样本的后门

• DOI: 10.1109/iccv48922.2021.01614
• 发表时间: 2021-01
• 期刊: 2021 IEEE/CVF International Conference on Computer Vision (ICCV
• 作者: Zhu, Liuwan;Ning, Rui;Xin, Chunsheng;Wang, Chonggang;Wu, Hongyi
• 通讯作者: Wu, Hongyi

Hibernated Backdoor: A Mutual Information Empowered Backdoor Attack to Deep Neural Networks

休眠后门：对深度神经网络的互信息授权后门攻击

• DOI: 10.1609/aaai.v36i9.21272
• 发表时间: 2022-06
• 期刊: Proceedings of the AAAI Conference on Artificial Intelligence
• 作者: Ning, Rui;Li, Jiang;Xin, Chunsheng;Wu, Hongyi;Wang, Chonggang
• 通讯作者: Wang, Chonggang