Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models

协作研究：SaTC：核心：小型：迈向安全可信的树模型

• 批准号: 2247619
• 负责人: Weijie Zhao
• 金额: $ 29万
• 依托单位: Rochester Institute of Tech
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-06-15 至 2026-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247619&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Tree models are an important type of machine learning algorithm used in various applications such as finance, healthcare, and traffic management. They are particularly advantageous due to their simplicity and interpretability, making them well-suited for decision-making tasks, compared to complex neural networks that can be difficult to understand. However, despite their benefits, tree models are not immune to security and privacy concerns. Malicious actors can tamper with tree models or steal intellectual property, posing threats to the integrity and confidentiality of machine learning systems. Further, although there are studies of similar attacks on neural networks, differences between how neural networks and tree models work may affect how well those existing findings apply to tree models. Together, these issues mean there are a number of open questions around enhancing the security and trustworthiness of tree models. This project aims to develop novel strategies to address these questions and develop more robust and trustworthy AI-based systems, and develop both tools and educational opportunities through the work to make the findings widely available and impactful. Specifically, this project addresses the need for robust model authentication, watermarking for intellectual property tracing, machine unlearning for data privacy, and defense against backdoor attacks for tree models. The technical aims are organized around four tasks: a) Pursuing model identification by embedding unique signatures to generate differently embedded models; b) Developing novel methodologies of robust watermarking for tree models, for the purpose of tracing intellectual property; c) Designing novel algorithms for machine unlearning in tree models by exploiting tree reconstruction, residual-stable split, and combination of tree techniques; and d) Investigating the implications of backdoor attacks against tree models by leveraging the insights from the above tasks on tweaking tree models without significantly impacting the accuracy. These research efforts will contribute to the advancement of tree model security and trustworthiness, ensuring that these models can be reliably deployed in real-world applications while mitigating the risk of malicious attacks, unauthorized access, and privacy breaches.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

树模型是一种重要的机器学习算法，用于金融、医疗保健和交通管理等各种应用。与难以理解的复杂神经网络相比，它们由于简单性和可解释性而特别具有优势，使其非常适合决策任务。然而，尽管树模型有很多好处，但它也不能免受安全和隐私问题的影响。恶意行为者可以篡改树模型或窃取知识产权，对机器学习系统的完整性和机密性构成威胁。此外，尽管有针对神经网络的类似攻击的研究，但神经网络和树模型工作方式之间的差异可能会影响这些现有研究结果适用于树模型的效果。总之，这些问题意味着围绕增强树模型的安全性和可信度存在许多悬而未决的问题。该项目旨在制定新颖的策略来解决这些问题，开发更强大、更值得信赖的基于人工智能的系统，并通过工作开发工具和教育机会，使研究结果广泛传播并产生影响。具体来说，该项目解决了对稳健模型身份验证、知识产权追踪水印、数据隐私机器学习以及防御树模型后门攻击的需求。技术目标围绕四个任务进行组织：a）通过嵌入唯一签名来生成不同的嵌入模型来实现模型识别； b) 为树模型开发鲁棒水印的新方法，以追踪知识产权； c) 通过利用树重建、残差稳定分裂和树技术的组合，设计用于树模型中的机器取消学习的新颖算法； d) 利用上述任务的见解，在不显着影响准确性的情况下调整树模型，调查后门攻击对树模型的影响。这些研究工作将有助于提高树模型的安全性和可信度，确保这些模型能够可靠地部署在现实世界的应用中，同时降低恶意攻击、未经授权的访问和隐私泄露的风险。该奖项反映了 NSF 的法定使命和通过使用基金会的智力价值和更广泛的影响审查标准进行评估，该项目被认为值得支持。