权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

AF: Small: Robust and Secure Learning

AF：小型：稳健且安全的学习

基本信息

批准号：
1813049
负责人：
Gregory Valiant
金额：
$ 50万
依托单位：
Stanford University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2018
资助国家：
美国
起止时间：
2018-10-01 至 2023-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1813049&HistoricalAwards=false
关键词：
AF Small Robust Secure Learning

项目摘要

Machine learning (ML) systems play an increasingly central role in society--from ubiquitous speech recognition systems, to navigation systems, product recommendation systems, and deployed learning systems across manufacturing, industry, and healthcare. The near future, with complex computer vision systems, self-driving cars, and ML driven medical care and patient monitoring, promises a nearly pervasive presence of ML systems in our society. Despite promising performance in idealized settings, current ML systems are often brittle--they are sensitive to slight changes in the input data, and often have weaknesses that can be easily exploited by a malicious adversary. Resolving these current shortcomings is a necessary step in ensuring the stability, safety, and security of a society that relies heavily on machine learning. The central goal of this project is to develop learning algorithms that are robust, and secure. These go beyond the traditional goal of developing learning algorithms that achieve high accuracy, and address the broad need for reliability and safety in critical deployed systems. As an extension of the research component of the project, the investigator will continue education and outreach efforts. These include disseminating the research publications and code produced by this project, continuing to develop new courses and teaching materials on data-centric algorithms, machine learning, and related topics, and organizing a semi-annual forum for the exchange of ideas between industry and academia. The research core of this project addresses the lack of robustness of current learning and optimization algorithms. This lack of robustness takes the following two distinct forms. First, current algorithms are sensitive to changes in even a very small portion of the data-set on which they are trained. Second, even when trained on legitimate data, the learned models are often susceptible to "adversarial examples" in the sense that for the vast majority of data points--even data points in the training set--a small adversarial perturbation of the data point in question will result in the model outputting a completely different label. The presence of these two types of fragility in current learning systems raises the possibility of vulnerabilities to two new sorts of security threats: 1) the threat that a portion of the training data is either extremely biased and unreliable, or worse--that it has been generated by an adversary whose goal is to mislead the machine learning system, and 2) the threat that deployed machine learning systems can be tricked via minute but carefully generated adversarial modifications in their test points--modifications that are essentially invisible to humans. The project seeks to address these two critical weaknesses of current systems, by : 1) developing new algorithms that are robust to the presence of significant fractions of arbitrary -- including adversarial -- data, which can be applied to a number of fundamental estimation, machine learning, and optimization tasks, and 2) developing a rigorous understanding of why certain training algorithms yield models that are inherently vulnerable to adversarial examples, and develop tools for reducing this vulnerability. Additionally, this project investigates the computational, and information theoretic aspects of robust and secure learning, including developing an understanding of any potential trade-offs, for example between the amount of training data and computation time, and robustness or security of the resulting trained model.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

机器学习（ML）系统在社会中发挥着越来越重要的作用-从无处不在的语音识别系统到导航系统，产品推荐系统以及跨制造业，工业和医疗保健的部署学习系统。在不久的将来，随着复杂的计算机视觉系统、自动驾驶汽车、机器学习驱动的医疗保健和患者监测，机器学习系统将在我们的社会中几乎无处不在。尽管在理想化的环境中表现良好，但当前的机器学习系统往往很脆弱--它们对输入数据的微小变化很敏感，而且往往存在很容易被恶意对手利用的弱点。解决当前的这些缺点是确保严重依赖机器学习的社会的稳定，安全和安全的必要步骤。该项目的中心目标是开发健壮和安全的学习算法。这些超越了传统的目标，即开发实现高准确性的学习算法，并解决了关键部署系统对可靠性和安全性的广泛需求。作为该项目研究部分的延伸，调查员将继续开展教育和外联工作。这些措施包括传播该项目产生的研究出版物和代码，继续开发以数据为中心的算法，机器学习和相关主题的新课程和教材，并组织半年度论坛，以交流工业界和学术界的想法。该项目的研究核心是解决当前学习和优化算法缺乏鲁棒性的问题。这种鲁棒性的缺乏表现为以下两种不同的形式。首先，当前的算法对它们所训练的数据集的即使是非常小的部分的变化都很敏感。其次，即使在合法数据上进行训练，学习的模型通常也容易受到“对抗性示例”的影响，因为对于绝大多数数据点，甚至是训练集中的数据点，对数据点的微小对抗性扰动将导致模型输出完全不同的标签。当前学习系统中存在这两种类型的脆弱性，增加了两种新的安全威胁的可能性：1）一部分训练数据要么是极端有偏见和不可靠的，要么更糟--它是由目标是误导机器学习系统的对手生成的，2）部署的机器学习系统的威胁可以通过在测试点中进行微小但精心生成的对抗性修改来欺骗-这些修改基本上是人类不可见的。该项目力求通过以下方式解决当前系统的这两个关键弱点：1）开发新的算法，这些算法对任意（包括对抗性）数据的显著部分的存在具有鲁棒性，这些算法可以应用于许多基本估计、机器学习和优化任务，2）严格理解为什么某些训练算法产生的模型天生容易受到对抗性示例的影响，并开发减少这种脆弱性的工具。此外，该项目还研究了鲁棒和安全学习的计算和信息理论方面，包括了解任何潜在的权衡，例如训练数据量和计算时间之间的权衡，该奖项反映了NSF的法定使命，并被认为值得通过使用基金会的智力价值和更广泛的影响审查标准。