EAGER: Toward Attack-Resilient Statistical Inference

EAGER：迈向抗攻击统计推断

• 批准号: 2224150
• 负责人: Jinsub Kim
• 金额: $ 25万
• 依托单位: Oregon State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2025-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2224150&HistoricalAwards=false
• 关键词: EAGER; Toward; Attack; Resilient; Statistical

Classical techniques and theories for statistical inference had been developed under the assumption that there is no adversarial attempt to manipulate the input data. Such a nature renders most existing statistical inference techniques unreliable and the associated theories irrelevant when they are deployed to an adversarial environment. This existing gap is a matter of great concern because many modern statistical inference tasks in mission-critical systems (e.g., the nation's power grids) and safety-critical systems (e.g., autonomous driving systems) are relying on sensor data that could be vulnerable to falsification by an adversary. For instance, an adversary can launch a spoofing attack to manipulate lidar or vision sensor data in an autonomous driving system such that the object detection algorithm will fail to detect certain obstacle in front of the car. Despite recent advances in robust statistical inference, there still is no general theory that characterizes optimal inference rules in the presence of data falsification or the fundamental limit of performing inference using falsified data. This project is aimed at addressing this gap by developing fundamental theory and optimal methods for robust inference in the presence of data falsification by an adversary. The project will advance the state-of-the-art in robust statistics, robust sensing, and security of machine learning. Furthermore, the project will contribute to the national security by generating the outcomes that can be applied to significantly improve resilience of safety-critical and mission-critical systems of the nation against data falsification attacks. The technical objectives of the project are to investigate fundamental limits of performing hypothesis testing and estimation in the presence of adversarial data falsification and to develop robust inference methods, supported by theoretical analyses, to mitigate the impact of data falsification. The developed theory and methods will be further extended to develop a novel framework to train an attack-resilient machine learning model. In pursuing these objectives, a game-theoretic formulation will be employed to rigorously model the complex interplay between the defender designing a robust inference method and the adversary optimizing the data falsification strategy against the defender's design of the inference method. Techniques from optimization, game theory, and probability theory will be leveraged to derive optimal robust inference methods for the game-theoretic formulation and analyze their properties. Furthermore, power system state estimation in the presence of falsified meter measurements will be considered as a case study, and a robust power system state estimator will be developed and evaluated in a rigorous game-theoretic setup.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

统计推断的经典技术和理论是在假设不存在操纵输入数据的敌对企图的情况下发展起来的。这种性质使得大多数现有的统计推断技术不可靠，并且当它们被部署到对抗性环境中时，相关的理论无关紧要。这种现有的差距是一个非常令人关注的问题，因为许多关键任务系统中的现代统计推断任务（例如，国家电网）和安全关键系统（例如，自动驾驶系统）依赖于可能容易被对手伪造的传感器数据。例如，对手可以发起欺骗攻击，以操纵自动驾驶系统中的激光雷达或视觉传感器数据，使得物体检测算法无法检测到汽车前方的某些障碍物。尽管最近在稳健的统计推断方面取得了进展，但仍然没有一般的理论来表征存在数据伪造或使用伪造数据进行推断的基本限制的情况下的最佳推断规则。该项目旨在通过开发基础理论和最佳方法来解决这一差距，以便在对手伪造数据的情况下进行稳健的推理。该项目将推进鲁棒统计、鲁棒传感和机器学习安全性方面的最新技术。此外，该项目将通过产生可用于显著提高国家安全关键和任务关键系统抵御数据伪造攻击的能力的成果，为国家安全做出贡献。该项目的技术目标是调查在存在对抗性数据伪造的情况下进行假设检验和估计的基本限制，并在理论分析的支持下开发强大的推理方法，以减轻数据伪造的影响。开发的理论和方法将进一步扩展到开发一个新的框架来训练攻击弹性机器学习模型。在追求这些目标时，将采用博弈论公式来严格模拟防御者设计强大的推理方法和对手优化数据伪造策略对防御者设计的推理方法之间的复杂相互作用。 从优化，博弈论和概率论的技术将被利用，以获得最佳的稳健的推理方法的博弈理论制定和分析其属性。此外，电力系统状态估计在伪造的电表测量的存在将被视为一个案例研究，一个强大的电力系统状态估计器将被开发和评估在一个严格的博弈论设置。这个奖项反映了NSF的法定使命，并已被认为是值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估的支持。

项目成果

Forensics for Adversarial Machine Learning Through Attack Mapping Identification

通过攻击映射识别进行对抗性机器学习取证

• DOI: 10.1109/icassp49357.2023.10095092
• 发表时间: 2023
• 期刊: and Signal Processing (ICASSP
• 作者: Yan, Allen;Kim, Jinsub;Raich, Raviv
• 通讯作者: Raich, Raviv