Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models

协作研究：SaTC：核心：小型：迈向安全可信的树模型

• 批准号: 2247620
• 负责人: Yingjie Lao
• 金额: $ 26万
• 依托单位: Clemson University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-06-15 至 2024-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247620&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Tree models are an important type of machine learning algorithm used in various applications such as finance, healthcare, and traffic management. They are particularly advantageous due to their simplicity and interpretability, making them well-suited for decision-making tasks, compared to complex neural networks that can be difficult to understand. However, despite their benefits, tree models are not immune to security and privacy concerns. Malicious actors can tamper with tree models or steal intellectual property, posing threats to the integrity and confidentiality of machine learning systems. Further, although there are studies of similar attacks on neural networks, differences between how neural networks and tree models work may affect how well those existing findings apply to tree models. Together, these issues mean there are a number of open questions around enhancing the security and trustworthiness of tree models. This project aims to develop novel strategies to address these questions and develop more robust and trustworthy AI-based systems, and develop both tools and educational opportunities through the work to make the findings widely available and impactful. Specifically, this project addresses the need for robust model authentication, watermarking for intellectual property tracing, machine unlearning for data privacy, and defense against backdoor attacks for tree models. The technical aims are organized around four tasks: a) Pursuing model identification by embedding unique signatures to generate differently embedded models; b) Developing novel methodologies of robust watermarking for tree models, for the purpose of tracing intellectual property; c) Designing novel algorithms for machine unlearning in tree models by exploiting tree reconstruction, residual-stable split, and combination of tree techniques; and d) Investigating the implications of backdoor attacks against tree models by leveraging the insights from the above tasks on tweaking tree models without significantly impacting the accuracy. These research efforts will contribute to the advancement of tree model security and trustworthiness, ensuring that these models can be reliably deployed in real-world applications while mitigating the risk of malicious attacks, unauthorized access, and privacy breaches.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

树型是一种重要类型的机器学习算法，用于各种应用，例如金融，医疗保健和交通管理。与可能难以理解的复杂神经网络相比，由于它们的简单性和解释性，它们特别有利，因此非常适合决策任务。但是，尽管有好处，但树模型并不能不受安全和隐私问题的影响。恶意演员可以篡改树型或窃取知识产权，对机器学习系统的完整性和机密性构成威胁。此外，尽管有对神经网络的类似攻击的研究，但神经网络和树模型的工作方式之间的差异可能会影响这些现有发现对树模型的应用程度。这些问题在一起，意味着在增强树模型的安全性和可信度方面存在许多开放问题。该项目旨在制定新的策略来解决这些问题，并开发更强大和可信赖的基于AI的系统，并通过工作开发工具和教育机会，以使发现广泛可用和影响力。具体而言，该项目解决了对鲁棒模型身份验证的需求，知识产权追踪的水印，用于数据隐私的机器学习以及针对树型的后门攻击的防御。技术目标是围绕四个任务组织的：a）通过嵌入独特的签名来生成不同嵌入模型的独特签名来追求模型识别； b）开发针对树型的强大水印的新颖方法，以追踪知识产权； c）通过利用树木重建，残留稳定的拆分和树技术的组合来设计在树模型中进行机器学习的新颖算法； d）通过利用上述任务对调整树模型的洞察力，不影响准确性，研究后门攻击对树模型的含义。这些研究工作将有助于树型模型安全性和可信赖性的发展，确保这些模型可以可靠地部署在现实世界应用程序中，同时减轻恶意攻击的风险，未经授权的访问权限和隐私漏洞。该奖项反映了NSF的法定任务，并通过评估范围来反映出支持者的知识群体，并众所周知，其知识范围众所周知。