Collaborative Research: CCRI: New: Medium: A Development and Experimental Environment for Privacy-preserving and Secure (DEEPSECURE) Machine Learning

合作研究：CCRI：新：媒介：隐私保护和安全（DEEPSECURE）机器学习的开发和实验环境

• 批准号: 2120279
• 负责人: Hongyi Wu
• 金额: $ 78万
• 依托单位: Old Dominion University Research Foundation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2022-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2120279&HistoricalAwards=false
• 关键词: Collaborative; Research; CCRI; New; Medium

While machine learning (ML) is embraced as an important tool for various science, engineering, medical, finance, and homeland security applications, it is becoming an increasingly attractive target for cybercriminals. DEEPSECURE is a first-of-its-kind development and experimental platform to support secure and privacy-preserving ML research. With its novel modular design integrated with fully customizable function blocks and sample modules, DEEPSECURE is a game-changing tool to effectively support research in this emerging field by enabling fast design, prototyping, evaluation, and re-innovation of trust-worthy ML applications. It enables a variety of compelling new research projects that focus on ML security and privacy, leading to breakthroughs to protect ML systems and accelerating their development and widening their adoption. It will contribute significantly to the protection of the future cyber and physical world and safeguard human society. DEEPSECURE receives strong community support from over 20 key stakeholders across the country. The project includes significant efforts for fostering and sustaining an ML security and privacy research community, including monthly virtual open forums to provide a regular update to and seek feedback from the community, quarterly advisory board meetings, annual symposiums, and a training workshop series. The project includes specific measures and plans for inspiring the participation of underrepresented groups and infusing diversity and inclusion in all DEEPSECURE events and activities. The project output includes an open-source and easy-to-use learning platform for curriculum development and workforce training. To support building a sustainable workforce development pipeline, the project team participates in the existing annual GenCyber summer camps for K-12 students and a Cyber Saturday series to introduce cybersecurity and AI career paths and educational resources to K-12 school counselors, teachers, students, and parents.Recent development in privacy-preserving and secure ML draws expertise from both ML and security/privacy to tackle the multi-faceted problem. However, the research community is facing fundamental challenges in this emerging area due to its interdisciplinary nature. On the one hand, although deep learning frameworks such as Pytorch and Tensorflow have been made widely available, a critical hurdle faced by ML researchers is the steep learning curve to effectively use security techniques and libraries to tackle ML security and privacy problems. On the other hand, while the security community has developed highly efficient cryptographic libraries, it remains nontrivial to integrate them into deep learning models to achieve a computation efficiency suited for practical applications. The overarching goal of the project is to close the gap by developing DEEPSECURE, which integrates a spectrum of essential functions and building blocks that are ready-to-use to flatten the learning curve for researchers coming from both ML and security/privacy communities. At the same time, DEEPSECURE is fully customizable and scalable, enabling deep and fundamental research toward privacy-preserving and secure ML. To meet the overarching goal, specific project objectives include: (1) acquiring a scalable and re-configurable compute environment based on the latest Dell, AMD, and Nvidia technologies to establish the DEEPSECURE hardware infrastructure across the campuses of Old Dominion University and University of Buffalo; (2) developing a new software platform to support DEEPSECURE SDE (Software Development Environment) and MEC (Multi-user Experimental Chamber). The platform is integrated with PyTorch to enable great usability for both beginners and advanced researchers and feature a scalable and customizable modular framework with seamlessly integrated libraries, function blocks, and sample modules; (3) promoting DEEPSECURE across the nation to ensure broad participation, collaboration, and sharing; (4) leveraging DEEPSECURE to foster a long-lasting, self-sustainable ML security and privacy research community that engages all stakeholders in a sustained and ongoing way; and last but not least, (5) educating and training diverse cybersecurity workforce to safeguard the future intelligent cyber systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

虽然机器学习(ML)被视为各种科学、工程、医疗、金融和国土安全应用的重要工具，但它正成为网络犯罪分子越来越有吸引力的目标。DEEPSECURE是首个支持安全和隐私保护ML研究的同类开发和实验平台。DEEPSECURE的新型模块化设计与完全可定制的功能块和样本模块集成在一起，是一个改变游戏规则的工具，通过支持值得信赖的ML应用程序的快速设计、原型制作、评估和再创新，有效地支持这一新兴领域的研究。它促成了各种引人注目的、专注于ML安全和隐私的新研究项目，导致了保护ML系统的突破，并加速了它们的开发和扩大了它们的采用。它将为保护未来的网络和物理世界，维护人类社会做出重大贡献。DEEPSECURE得到了全国20多个主要利益相关者的大力社区支持。该项目包括促进和维持ML安全和隐私研究社区的重大努力，包括每月向社区提供定期更新并寻求社区反馈的虚拟公开论坛、季度咨询委员会会议、年度研讨会和一系列培训讲习班。该项目包括具体措施和计划，以鼓励代表性不足的群体参与，并在所有经社部的活动和活动中注入多样性和包容性。该项目的成果包括一个开放源码和易于使用的学习平台，用于课程开发和劳动力培训。为了支持建立可持续的劳动力发展渠道，项目团队参加了现有的K-12学生年度GenCyber夏令营和网络星期六系列活动，向K-12学校的辅导员、教师、学生和家长介绍网络安全和人工智能职业道路和教育资源。隐私保护和安全ML方面的最新发展吸取了ML和安全/隐私的专业知识来解决多方面的问题。然而，由于其跨学科性质，研究界在这一新兴领域面临着根本性的挑战。一方面，尽管像Pytorch和TensorFlow这样的深度学习框架已经被广泛使用，但ML研究人员面临的一个关键障碍是有效地使用安全技术和库来解决ML安全和隐私问题的陡峭学习曲线。另一方面，虽然安全社区已经开发了高效的密码库，但将它们集成到深度学习模型中以获得适合实际应用的计算效率仍然是不容易的。该项目的总体目标是通过开发DEEPSECURE来缩小差距，DEEPSECURE集成了一系列可随时使用的基本功能和构建块，使来自ML和安全/隐私社区的研究人员的学习曲线变得平坦。同时，DEEPSECURE是完全可定制和可扩展的，能够对隐私保护和安全的ML进行深入和基础的研究。为了实现总体目标，具体的项目目标包括：(1)获得基于最新戴尔、AMD和NVIDIA技术的可扩展和可重新配置的计算环境，以跨老道明大学和布法罗大学校园建立DEEPSECURE硬件基础设施；(2)开发新的软件平台，以支持DEEPSECURE SDE(软件开发环境)和MEC(多用户实验室)。该平台与PyTorch集成，为初学者和高级研究人员提供了极大的可用性，并具有一个可扩展和可定制的模块化框架，具有无缝集成库、功能块和样本模块；(3)在全国推广DEEPSECURE，以确保广泛参与、合作和共享；(4)利用DEEPSECURE培育一个长期、自我可持续的ML安全和隐私研究社区，以持续和持续的方式吸引所有利益相关者；最后但并非最不重要的一点是，(5)教育和培训不同的网络安全工作人员，以保护未来的智能网络系统。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Hibernated Backdoor: A Mutual Information Empowered Backdoor Attack to Deep Neural Networks

• DOI: 10.1609/aaai.v36i9.21272
• 发表时间: 2022-06
• 作者: R. Ning;Jiang Li;Chunsheng Xin;Hongyi Wu;Chong Wang

CLEAR: Clean-up Sample-Targeted Backdoor in Neural Networks

• DOI: 10.1109/iccv48922.2021.01614
• 发表时间: 2021-10
• 期刊: 2021 IEEE/CVF International Conference on Computer Vision (ICCV)
• 作者: Liuwan Zhu;R. Ning;Chunsheng Xin;Chong Wang;Hongyi Wu

TrojanFlow: A Neural Backdoor Attack to Deep Learning-based Network Traffic Classifiers

• DOI: 10.1109/infocom48880.2022.9796878
• 发表时间: 2022-05
• 期刊: IEEE INFOCOM 2022 - IEEE Conference on Computer Communications
• 作者: R. Ning;Chunsheng Xin;Hongyi Wu

Hunter: HE-Friendly Structured Pruning for Efficient Privacy-Preserving Deep Learning

• DOI: 10.1145/3488932.3517401
• 发表时间: 2022-05
• 期刊: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security
• 作者: Yifei Cai;Qiao Zhang;R. Ning;Chunsheng Xin;Hongyi Wu

Camouflaged Poisoning Attack on Graph Neural Networks

• DOI: 10.1145/3512527.3531373
• 发表时间: 2022-06
• 期刊: Proceedings of the 2022 International Conference on Multimedia Retrieval
• 作者: Chao Jiang;Yingzhe He;Richard Chapman;Hongyi Wu