CAREER: Towards Trustworthy Machine Learning via Learning Trustworthy Representations: An Information-Theoretic Framework

职业：通过学习可信表示实现可信机器学习：信息理论框架

• 批准号: 2339686
• 负责人: Binghui Wang
• 金额: $ 54.8万
• 依托单位: Illinois Institute of Technology
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-04-01 至 2029-03-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2339686&HistoricalAwards=false
• 关键词: CAREER; Towards; Trustworthy; Machine; Learning

The objective of this project is to enable machine learning (ML) to be trustworthy. ML, especially deep learning that uses deep neural networks, has made remarkable breakthroughs in various research domains and disciplines including computer vision, natural language processing, biology, and math, to name a few. However, in the past decade, extensive work has shown ML models are vulnerable to privacy and security attacks. For example, email spam filters can be compromised by data poisoning attacks, where attackers confuse ML models by feeding them bogus data, allowing adversaries to send malicious emails containing malware or other security threats without being noticed. Attackers can also make repeated requests to models, looking at the results in order to reconstruct the data used to build ML models; in health domains, for instance, successful data reconstruction attacks might expose private medical details about patients. Many defense methods have been proposed to mitigate these attacks, but they face several limitations: they often aren’t effective in real-world applications with strict confidentiality requirements, or unacceptably degrade the performance of the models. Further, most defenses are aimed at particular learning methods or attack types, making it hard to deal with multiple concurrent attacks, and generalizing poorly to different types of models and data. This project’s goal is to address these limitations by designing a trustworthy learning framework based on information theory. The outcomes of the project will advance the state-of-the-art trustworthy ML and information-theoretic approaches to privacy, while contributing to the growing national need for professionals in ML and cybersecurity.To do this, the team will design a practical, accurate, flexible, and generalizable information-theoretic trustworthy representation learning framework with robustness and privacy guarantees. The work will be structured around three thrusts. Thrust 1 will design novel information-theoretic representation learning methods against common privacy attacks, including membership inference, property inference, and data reconstruction attacks. Thrust 2 will design novel information-theoretic representation learning methods against common security attacks, including test-time evasion attacks, training-time poisoning attacks, and training- and test-time backdoor attacks. Thrust 3 will generalize Thrust 1 and Thrust 2 to handle diverse attack types (e.g., multiple privacy/security attacks or their combination), data types (e.g., spatial-temporal data, multimodal data), and learning types (e.g., federated learning, graph learning, self-supervised learning). The proposed framework will be evaluated on datasets and learning tasks from several domains, including computer vision, natural language processing, multimedia, and networking. The team will develop an open-source toolkit to make the techniques widely available to other researchers in academia, industry, and government. Outreach and educational activities, including summer camps, talks, lectures, tutorials, and workshops, will promote the participation of K-12, undergraduate, and graduate students, with a focus on providing opportunities for people from groups underrepresented in STEM.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是使机器学习（ML）变得值得信赖，特别是使用深度神经网络的深度学习，在计算机视觉、自然语言处理、生物学和数学等各个研究领域和学科中取得了显着的突破。然而，在过去的十年中，大量的研究表明机器学习模型容易受到隐私和安全攻击，例如，电子邮件垃圾邮件过滤器可能会受到数据中毒攻击的影响，攻击者通过向机器学习模型提供虚假信息来混淆它们。数据，允许攻击者还可以在不被注意的情况下发送包含恶意软件或其他安全威胁的恶意电子邮件，查看结果以重建用于构建健康领域机器学习模型的数据，例如成功的数据重建；人们提出了许多防御方法来减轻这些攻击，但它们面临一些局限性：它们通常在具有严格保密要求的现实应用中无效，或者会导致模型的性能下降，令人无法接受。此外，大多数防御都是针对特定的学习方法或攻击类型，使得处理多个并发攻击变得困难，并且对不同类型的模型和数据的泛化能力较差。该项目的目标是通过设计基于信息论的值得信赖的学习框架来解决这些限制。将推进最先进的、值得信赖的机器学习和信息论隐私方法，同时满足国家对机器学习和网络安全专业人员不断增长的需求。为此，该团队将设计一个实用、准确、灵活和广义信息论具有鲁棒性和隐私保证的值得信赖的表示学习框架。 Thrust 1 将设计新颖的信息理论表示学习方法来应对常见的隐私攻击，包括成员推理、属性推理和数据重建攻击。设计新颖的信息论表示学习方法来应对常见的安全攻击，包括测试时规避攻击、训练时中毒攻击以及训练和测试时后门攻击。Thrust 3 将推广 Thrust。 1 和 Thrust 2 来处理不同的攻击类型（例如，多重隐私/安全攻击或其组合）、数据类型（例如，时空数据、多模态数据）和学习类型（例如，联邦学习、图学习、自学习）所提出的框架将在多个领域的数据集和学习任务上进行评估，包括计算机视觉、自然语言处理、多媒体和网络。该团队将开发一个开源工具包，以使该技术得到广泛应用。向学术界、工业界和政府的其他研究人员提供的外展和教育活动，包括夏令营、讲座、讲座、教程和研讨会，将促进 K-12、本科生和研究生的参与，重点是提供该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。