权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

CIF: Small: Adversarially Robust Statistical Inference

CIF：小：对抗性稳健的统计推断

基本信息

批准号：
1908258
负责人：
Lifeng Lai
金额：
$ 50万
依托单位：
University of California-Davis
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2019
资助国家：
美国
起止时间：
2019-10-01 至 2023-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1908258&HistoricalAwards=false
关键词：
CIF Small Adversarially Robust Statistical

项目摘要

With machine learning and statistical inference algorithms increasingly used in safety-critical and security-related applications, there arises a pressing need to study the robustness of these algorithms in adversarial environments. The large existing body of work on robust statistical inference mainly addresses issues such as outliers or model uncertainties. However, in many recent data analytical applications (including safety-critical applications), one faces situations which are more severe than those addressed thus far. One such scenario occurs when an adversary can observe the whole data stream, and then devise its attack vector to modify all entries in the data set so as to inflict maximum inference errors. The existence of such powerful adversaries calls for new models and methodologies to carry out adversary-robust inference. The successful development of these models and methodologies will expand scenarios where machine learning algorithms can be safely applied, and thus expand the application of machine learning into safety-critical domains. This project will support educational activities to attract members from underrepresented groups into research. In this project, the investigator will address robust inference in the presence of powerful adversaries. In particular, after the data points are generated, the adversary can observe the whole dataset, and then modify all data points with the hope of inflicting maximum inference errors. This project aims to answer the following questions: 1) What is the attacker's optimal attack strategy in choosing the attack vectors?; 2) What are the possible impacts of these attacks?; and 3) How should inference algorithms be designed to minimize the impact of an attack? These questions will be addressed through two related thrusts. In Thrust 1, the fundamental limits of adversarially-robust inference algorithms will be characterized; this include characterizing the optimal attack strategy and its impacts on the inference performance. The investigator will then seek to identify inference algorithms that minimize the corresponding impact. In Thrust 2, the adversarial robustness of practical inference algorithms will be studied. In practice, many inference problems are formulated as optimization problems, which are then solved using various optimization algorithms. The implementation of these optimization algorithms are often distributed in nature, and this introduces several new threats that will be addressed in this thrust.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着机器学习和统计推理算法越来越多地用于安全关键和安全相关的应用，迫切需要研究这些算法在对抗环境中的鲁棒性。现有大量关于稳健统计推断的工作主要解决异常值或模型不确定性等问题。然而，在许多最近的数据分析应用程序（包括安全关键型应用程序）中，人们面临的情况比迄今为止所解决的情况更为严重。当攻击者可以观察整个数据流，然后设计其攻击向量来修改数据集中的所有条目，从而造成最大的推理错误时，就会出现这样的场景。如此强大的对手的存在需要新的模型和方法来进行对手鲁棒性推断。这些模型和方法的成功开发将扩展机器学习算法可以安全应用的场景，从而将机器学习的应用扩展到安全关键领域。该项目将支持教育活动，以吸引代表性不足群体的成员参与研究。在这个项目中，研究者将在强大的对手面前解决健壮的推理问题。特别是，在生成数据点之后，攻击者可以观察整个数据集，然后修改所有数据点，以期造成最大的推理错误。本课题旨在回答以下问题：1)攻击者在选择攻击向量时的最优攻击策略是什么？2)这些攻击可能产生的影响是什么？3)如何设计推理算法以最小化攻击的影响？这些问题将通过两个相关的重点加以解决。在推力1中，将描述对抗鲁棒推理算法的基本限制；这包括表征最优攻击策略及其对推理性能的影响。然后，研究者将寻求识别推理算法，以尽量减少相应的影响。在推力2中，将研究实际推理算法的对抗鲁棒性。在实践中，许多推理问题被表述为优化问题，然后使用各种优化算法来求解。这些优化算法的实现通常是分布式的，这就引入了一些新的威胁，这些威胁将在本文中得到解决。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。