权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

Collaborative Research: CIF: Medium: Understanding Robustness via Parsimonious Structures.

合作研究：CIF：中：通过简约结构了解鲁棒性。

基本信息

批准号：
2212458
负责人：
Soheil Feizi
金额：
$ 30万
依托单位：
University of Maryland, College Park
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2022
资助国家：
美国
起止时间：
2022-10-01 至 2025-09-30
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2212458&HistoricalAwards=false
关键词：
Collaborative Research CIF Medium Understanding

项目摘要

Modern machine learning methods, and in particular deep networks have led to significant advances in several areas of science and engineering, including computer vision, speech and language processing, robotics, and beyond. At the same time, deep networks have been shown to be extremely sensitive to small adversarial perturbations to their inputs or training set. Because of this, models based on deep networks can exhibit significant vulnerabilities to imperceptible attacks. Recent work has proposed many ad-hoc methods for defending deep networks against such adversarial attacks, which have been subsequently broken by stronger attacks. While stronger and provably correct defenses continue to be developed, a mathematical framework for understanding why deep networks can be fooled into making wrong predictions and how to design and train networks with guarantees of robustness remains elusive. This project aims to answer the following questions: Is it possible to detect when a network has been attacked or when a dataset has been poisoned and reconstruct the original uncorrupted data? If yes, under what conditions on the distribution of the data and the network architecture? If not, how can network architectures and learning algorithms be designed that yield provably robust networks? This project has the following research goals (1) derive conditions on the input data and the attack type under which one can determine the attack type and reconstruct the original signal; (2) study the fundamental limits of robustness guarantees against poisoning attacks, especially in the asymptotic regime where the adversary can poison a constant fraction of the training samples; (3) study the robustness of non-linear predictors that exploit sparsity and local stability of the computed representations allowing for provable guarantees for robustness; (4) study the role of symmetry as a form of parsimony and show that it increases the adversarial robustness.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现代机器学习方法，特别是深度网络，在科学和工程的几个领域取得了重大进展，包括计算机视觉、语音和语言处理、机器人技术等。与此同时，深度网络已经被证明对输入或训练集的小对抗性扰动非常敏感。正因为如此，基于深度网络的模型可能会对不可感知的攻击表现出显著的脆弱性。最近的工作提出了许多特别的方法来保护深度网络免受这种对抗性攻击，这些攻击随后被更强的攻击所破坏。虽然更强大和可证明正确的防御措施仍在开发中，但理解为什么深度网络会被愚弄而做出错误预测以及如何设计和训练具有鲁棒性保证的网络的数学框架仍然难以捉摸。该项目旨在回答以下问题：是否有可能检测到网络何时受到攻击或数据集何时中毒并重建原始未损坏的数据？如果是，在什么条件下分配数据和网络架构？如果没有，那么如何设计网络架构和学习算法来产生可证明的鲁棒网络呢？本项目的研究目标如下：（1）推导出输入数据和攻击类型的条件，在此条件下，可以确定攻击类型并重建原始信号;（2）研究对抗中毒攻击的鲁棒性保证的基本限制，特别是在攻击者可以中毒一常数部分训练样本的渐近状态下;（3）研究利用计算表示的稀疏性和局部稳定性的非线性预测器的鲁棒性，允许鲁棒性的可证明保证;（四）研究对称性作为一种简约形式的作用，并表明它增加了对抗鲁棒性。该奖项反映了NSF的法定使命，并已被视为通过使用基金会的知识价值和更广泛的影响审查标准进行评估，