Collaborative Research: SHF: Medium: Approximate Computing for Machine Learning Security: Foundations and Accelerator Design

协作研究：SHF：媒介：机器学习安全的近似计算：基础和加速器设计

• 批准号: 2212426
• 负责人: Nael Abu-Ghazaleh
• 金额: $ 80万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-08-01 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2212426&HistoricalAwards=false
• 关键词: Collaborative; Research; SHF; Medium; Approximate

Deep Neural Networks (DNNs) are achieving state-of-the-art performance on a large and expanding number of application domains. However, one of the threats to their wide-scale deployment is vulnerability to adversarial machine learning attacks, where an adversary injects small perturbations to the input data that cause the DNN to misclassify, with potentially dangerous outcomes (for example, mistaking a stop sign for a speed limit sign). In this project, the researchers will explore how building DNNs with approximate computing elements improves their robustness to these adversarial attacks. Approximate computing is a technique to build computing elements that are simpler (and therefore higher performing and more sustainable) but do not compute the exact result of an operation. The investigators will explore how to select approximate computing elements and use them in building sustainable DNN accelerators that balance performance, accuracy, and security.The proposal's expected contributions include developing new insights into the relationship between approximation and robustness of DNNs. The project will explore what types of approximation techniques result in effective DNNs that balance accuracy, performance, sustainability, and protection against adversarial attacks and develop optimization frameworks that can find optimal operating points along these dimensions. It will also explore how to build new approximate computing elements specifically targeted toward this application. The project will use these findings to build sustainable, performant, and accurate DNN accelerators. The project will also explore other approximate computing-based techniques to protect against other types of attacks threatening the security and privacy of DNNs, as well as for different deep neural network learning structures. The project is expected to have significant impacts on security, sustainability, and accuracy of machine learning models. The research team will share all of the byproducts of the research with the research community. The project will train graduate and undergraduate students. The investigators will develop new educational material for use in machine learning, computer architecture, and computer security classes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

深度神经网络（DNN）正在大量且不断扩展的应用领域中实现最先进的性能。 然而，其大规模部署的威胁之一是对抗性机器学习攻击的脆弱性，其中对手向输入数据注入小的扰动，导致DNN错误分类，并产生潜在的危险结果（例如，将停车标志误认为限速标志）。 在这个项目中，研究人员将探索如何构建具有近似计算元素的DNN，以提高它们对这些对抗性攻击的鲁棒性。 近似计算是一种构建更简单（因此性能更高且更可持续）但不计算操作的确切结果的计算元素的技术。 研究人员将探索如何选择近似计算元素，并将其用于构建可持续的DNN加速器，以平衡性能，准确性和安全性。该提案的预期贡献包括对DNN的近似和鲁棒性之间的关系提出新的见解。 该项目将探索什么类型的近似技术可以产生有效的DNN，从而平衡准确性，性能，可持续性和对抗性攻击的保护，并开发可以沿着这些维度找到最佳操作点的优化框架。 它还将探讨如何构建专门针对此应用程序的新的近似计算元素。 该项目将利用这些发现来构建可持续，高性能和准确的DNN加速器。 该项目还将探索其他基于近似计算的技术，以防止威胁DNN安全和隐私的其他类型的攻击，以及不同的深度神经网络学习结构。 该项目预计将对机器学习模型的安全性、可持续性和准确性产生重大影响。 研究团队将与研究社区分享研究的所有副产品。 该项目将培训研究生和本科生。 该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Provable Pathways: Learning Multiple Tasks over Multiple Paths

• DOI: 10.48550/arxiv.2303.04338
• 发表时间: 2023-03
• 期刊: ArXiv
• 作者: Yingcong Li;Samet Oymak

A Score-Based Deterministic Diffusion Algorithm with Smooth Scores for General Distributions

一种基于分数的一般分布平滑分数确定性扩散算法

• 发表时间: 2024
• 期刊: AAAI Association for the Advancement of Artificial Intelligence
• 作者: Elamvazhuthi, Karthik;Zhang, Xuechen;Jacobs, Matthew;Oymak, Samet;Pasqualetti, Fabio
• 通讯作者: Pasqualetti, Fabio

Max-Margin Token Selection in Attention Mechanism

• DOI: 10.48550/arxiv.2306.13596
• 发表时间: 2023-06
• 期刊: ArXiv
• 作者: Davoud Ataee Tarzanagh;Yingcong Li;Xuechen Zhang;Samet Oymak

Class-attribute Priors: Adapting Optimization to Heterogeneity and Fairness Objective

• DOI: 10.48550/arxiv.2401.14343
• 发表时间: 2024-01
• 作者: Xuechen Zhang;Mingchen Li;Jiasi Chen;Christos Thrampoulidis;Samet Oymak

On The Fairness of Multitask Representation Learning

论多任务表征学习的公平性

• DOI: 10.1109/icassp49357.2023.10095627
• 发表时间: 2023
• 期刊: Proceedings of the IEEE International Conference on Acoustics Speech and Signal Processing
• 作者: Li, Yingcong;Oymak, Samet
• 通讯作者: Oymak, Samet