权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

CIF: Small: Adversarially Robust Statistical Inference

CIF：小：对抗性稳健的统计推断

基本信息

批准号：
1908258
负责人：
Lifeng Lai
金额：
$ 50万
依托单位：
University of California-Davis
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2019
资助国家：
美国
起止时间：
2019-10-01 至 2023-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1908258&HistoricalAwards=false
关键词：
CIF Small Adversarially Robust Statistical

项目摘要

With machine learning and statistical inference algorithms increasingly used in safety-critical and security-related applications, there arises a pressing need to study the robustness of these algorithms in adversarial environments. The large existing body of work on robust statistical inference mainly addresses issues such as outliers or model uncertainties. However, in many recent data analytical applications (including safety-critical applications), one faces situations which are more severe than those addressed thus far. One such scenario occurs when an adversary can observe the whole data stream, and then devise its attack vector to modify all entries in the data set so as to inflict maximum inference errors. The existence of such powerful adversaries calls for new models and methodologies to carry out adversary-robust inference. The successful development of these models and methodologies will expand scenarios where machine learning algorithms can be safely applied, and thus expand the application of machine learning into safety-critical domains. This project will support educational activities to attract members from underrepresented groups into research. In this project, the investigator will address robust inference in the presence of powerful adversaries. In particular, after the data points are generated, the adversary can observe the whole dataset, and then modify all data points with the hope of inflicting maximum inference errors. This project aims to answer the following questions: 1) What is the attacker's optimal attack strategy in choosing the attack vectors?; 2) What are the possible impacts of these attacks?; and 3) How should inference algorithms be designed to minimize the impact of an attack? These questions will be addressed through two related thrusts. In Thrust 1, the fundamental limits of adversarially-robust inference algorithms will be characterized; this include characterizing the optimal attack strategy and its impacts on the inference performance. The investigator will then seek to identify inference algorithms that minimize the corresponding impact. In Thrust 2, the adversarial robustness of practical inference algorithms will be studied. In practice, many inference problems are formulated as optimization problems, which are then solved using various optimization algorithms. The implementation of these optimization algorithms are often distributed in nature, and this introduces several new threats that will be addressed in this thrust.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着机器学习和统计推理算法越来越多地用于安全关键和安全相关的应用，迫切需要研究这些算法在对抗环境中的鲁棒性。现有的大量关于稳健统计推断的工作主要解决离群值或模型不确定性等问题。然而，在许多最近的数据分析应用（包括安全关键应用）中，人们面临的情况比迄今为止解决的情况更严重。当对手可以观察整个数据流，然后设计其攻击向量来修改数据集中的所有条目以造成最大的推断错误时，就会发生这样的情况。这种强大的对手的存在需要新的模型和方法来进行对抗性强的推理。这些模型和方法的成功开发将扩展机器学习算法可以安全应用的场景，从而将机器学习的应用扩展到安全关键领域。该项目将支持教育活动，以吸引代表性不足群体的成员参与研究。在该项目中，研究人员将解决存在强大对手的情况下的稳健推理问题。特别是，在生成数据点之后，对手可以观察整个数据集，然后修改所有数据点，希望造成最大的推理错误。本项目旨在回答以下问题：1）攻击者在选择攻击向量时的最优攻击策略是什么？2)这些袭击可能造成什么影响？以及3）应该如何设计推理算法以最小化攻击的影响？这些问题将通过两个相关的重点来解决。在Thrust 1中，将描述对抗性鲁棒推理算法的基本限制;这包括描述最佳攻击策略及其对推理性能的影响。然后，研究人员将寻求确定推理算法，以尽量减少相应的影响。在Thrust 2中，将研究实际推理算法的对抗鲁棒性。在实践中，许多推理问题被公式化为优化问题，然后使用各种优化算法来解决。这些优化算法的实现通常分布在自然界中，这引入了几个新的威胁，将在此推力中解决。这个奖项反映了NSF的法定使命，并已被认为是值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估的支持。