Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models

协作研究：SaTC：核心：小型：迈向安全可信的树模型

• 批准号: 2247619
• 负责人: Weijie Zhao
• 金额: $ 29万
• 依托单位: Rochester Institute of Tech
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-06-15 至 2026-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247619&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Tree models are an important type of machine learning algorithm used in various applications such as finance, healthcare, and traffic management. They are particularly advantageous due to their simplicity and interpretability, making them well-suited for decision-making tasks, compared to complex neural networks that can be difficult to understand. However, despite their benefits, tree models are not immune to security and privacy concerns. Malicious actors can tamper with tree models or steal intellectual property, posing threats to the integrity and confidentiality of machine learning systems. Further, although there are studies of similar attacks on neural networks, differences between how neural networks and tree models work may affect how well those existing findings apply to tree models. Together, these issues mean there are a number of open questions around enhancing the security and trustworthiness of tree models. This project aims to develop novel strategies to address these questions and develop more robust and trustworthy AI-based systems, and develop both tools and educational opportunities through the work to make the findings widely available and impactful. Specifically, this project addresses the need for robust model authentication, watermarking for intellectual property tracing, machine unlearning for data privacy, and defense against backdoor attacks for tree models. The technical aims are organized around four tasks: a) Pursuing model identification by embedding unique signatures to generate differently embedded models; b) Developing novel methodologies of robust watermarking for tree models, for the purpose of tracing intellectual property; c) Designing novel algorithms for machine unlearning in tree models by exploiting tree reconstruction, residual-stable split, and combination of tree techniques; and d) Investigating the implications of backdoor attacks against tree models by leveraging the insights from the above tasks on tweaking tree models without significantly impacting the accuracy. These research efforts will contribute to the advancement of tree model security and trustworthiness, ensuring that these models can be reliably deployed in real-world applications while mitigating the risk of malicious attacks, unauthorized access, and privacy breaches.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

树模型是一种重要的机器学习算法，用于金融、医疗保健和交通管理等各种应用。与难以理解的复杂神经网络相比，它们的简单性和可解释性特别有利，使它们非常适合决策任务。然而，尽管有这些好处，树模型也不能免受安全和隐私问题的影响。恶意行为者可以篡改树模型或窃取知识产权，对机器学习系统的完整性和机密性构成威胁。此外，尽管有对神经网络的类似攻击的研究，但神经网络和树模型工作方式之间的差异可能会影响这些现有发现适用于树模型的程度。总之，这些问题意味着围绕增强树模型的安全性和可信度还有许多悬而未决的问题。该项目旨在开发新的策略来解决这些问题，并开发更强大和更值得信赖的基于人工智能的系统，并通过工作开发工具和教育机会，使研究结果广泛可用并具有影响力。具体而言，该项目解决了对鲁棒模型认证、用于知识产权跟踪的水印、用于数据隐私的机器学习以及针对树模型的后门攻击的防御的需求。技术目标围绕四个任务组织：a）通过嵌入唯一签名以生成不同嵌入模型来追求模型识别; B）开发用于树模型的鲁棒水印的新方法，用于追踪知识产权的目的; c）通过利用树重构、剩余稳定分裂和树技术的组合来设计用于树模型中的机器学习的新算法;以及d）通过利用来自上述任务的关于调整树模型的见解而不显著影响准确性来调查后门攻击对树模型的影响。这些研究工作将有助于提高树模型的安全性和可信度，确保这些模型可以可靠地部署在现实世界的应用程序中，同时降低恶意攻击，未经授权的访问和隐私泄露的风险。该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。