EAGER: Toward Attack-Resilient Statistical Inference

EAGER：迈向抗攻击统计推断

• 批准号: 2224150
• 负责人: Jinsub Kim
• 金额: $ 25万
• 依托单位: Oregon State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2025-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2224150&HistoricalAwards=false
• 关键词: EAGER; Toward; Attack; Resilient; Statistical

Classical techniques and theories for statistical inference had been developed under the assumption that there is no adversarial attempt to manipulate the input data. Such a nature renders most existing statistical inference techniques unreliable and the associated theories irrelevant when they are deployed to an adversarial environment. This existing gap is a matter of great concern because many modern statistical inference tasks in mission-critical systems (e.g., the nation's power grids) and safety-critical systems (e.g., autonomous driving systems) are relying on sensor data that could be vulnerable to falsification by an adversary. For instance, an adversary can launch a spoofing attack to manipulate lidar or vision sensor data in an autonomous driving system such that the object detection algorithm will fail to detect certain obstacle in front of the car. Despite recent advances in robust statistical inference, there still is no general theory that characterizes optimal inference rules in the presence of data falsification or the fundamental limit of performing inference using falsified data. This project is aimed at addressing this gap by developing fundamental theory and optimal methods for robust inference in the presence of data falsification by an adversary. The project will advance the state-of-the-art in robust statistics, robust sensing, and security of machine learning. Furthermore, the project will contribute to the national security by generating the outcomes that can be applied to significantly improve resilience of safety-critical and mission-critical systems of the nation against data falsification attacks. The technical objectives of the project are to investigate fundamental limits of performing hypothesis testing and estimation in the presence of adversarial data falsification and to develop robust inference methods, supported by theoretical analyses, to mitigate the impact of data falsification. The developed theory and methods will be further extended to develop a novel framework to train an attack-resilient machine learning model. In pursuing these objectives, a game-theoretic formulation will be employed to rigorously model the complex interplay between the defender designing a robust inference method and the adversary optimizing the data falsification strategy against the defender's design of the inference method. Techniques from optimization, game theory, and probability theory will be leveraged to derive optimal robust inference methods for the game-theoretic formulation and analyze their properties. Furthermore, power system state estimation in the presence of falsified meter measurements will be considered as a case study, and a robust power system state estimator will be developed and evaluated in a rigorous game-theoretic setup.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

统计推断的经典技术和理论是在没有对抗性尝试操纵输入数据的假设下发展起来的。这种性质使得大多数现有的统计推断技术变得不可靠，并且当将它们部署到对抗性环境时相关理论变得无关紧要。这种现有的差距是一个令人高度关注的问题，因为任务关键型系统（例如国家电网）和安全关键型系统（例如自动驾驶系统）中的许多现代统计推断任务都依赖于传感器数据，而这些数据可能容易被对手伪造。例如，对手可以发起欺骗攻击来操纵自动驾驶系统中的激光雷达或视觉传感器数据，从而使物体检测算法无法检测到汽车前方的某些障碍物。尽管最近在鲁棒统计推断方面取得了进展，但仍然没有普遍的理论来描述存在数据伪造的情况下的最佳推断规则或使用伪造数据进行推断的基本限制。该项目旨在通过开发基础理论和最佳方法来解决这一差距，以便在对手伪造数据的情况下进行稳健推理。该项目将推动机器学习的稳健统计、稳健传感和安全性方面的最先进水平。此外，该项目将通过产生可用于显着提高国家安全关键和任务关键系统抵御数据伪造攻击的弹性的成果，为国家安全做出贡献。该项目的技术目标是调查在存在对抗性数据伪造的情况下执行假设检验和估计的基本限制，并开发在理论分析支持下的稳健推理方法，以减轻数据伪造的影响。所开发的理论和方法将进一步扩展，以开发一种新颖的框架来训练抗攻击的机器学习模型。在实现这些目标的过程中，将采用博弈论公式来严格模拟设计稳健推理方法的防御者与针对防御者设计的推理方法优化数据伪造策略的对手之间复杂的相互作用。 将利用优化、博弈论和概率论的技术来推导博弈论公式的最佳鲁棒推理方法并分析其属性。此外，存在虚假仪表测量的电力系统状态估计将被视为案例研究，并且将在严格的博弈论设置中开发和评估强大的电力系统状态估计器。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Forensics for Adversarial Machine Learning Through Attack Mapping Identification

通过攻击映射识别进行对抗性机器学习取证

• DOI: 10.1109/icassp49357.2023.10095092
• 发表时间: 2023
• 期刊: and Signal Processing (ICASSP
• 作者: Yan, Allen;Kim, Jinsub;Raich, Raviv
• 通讯作者: Raich, Raviv