ATD:Understanding Adversarial Examples in Neural Network: Theory and Algorithms

ATD：理解神经网络中的对抗性例子：理论和算法

• 批准号: 2318926
• 负责人: Teng Zhang
• 金额: $ 24万
• 依托单位: The University of Central Florida Board of Trustees
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-09-01 至 2026-08-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2318926&HistoricalAwards=false
• 关键词: ATD; Understanding; Adversarial; Examples; Neural

While neural network-based models have shown exceptional power and versatility, their robustness against adversarial examples, which are inputs deliberately designed to mislead the model, has become a major area of concern. Adversarial training is currently the most widely used method to improve the robustness of neural networks against adversarial perturbations, but this approach has been found to have limitations, such as overfitting. In addition, the understanding of both attacks and adversarial training is still limited. In light of these challenges, this research aims to develop a theoretical analysis that sheds light on the robustness of neural network-based methods and the properties of adversarial training. This understanding is essential to the design of effective attack strategies and defense mechanisms for various machine learning models. This research has the potential to have a significant impact on a wide range of fields, such as cybersecurity, computer vision, natural language processing, healthcare, and financial services, where machine learning models play a crucial role. The proposed project aims to contribute to the development of robust neural network-based models and algorithms through novel theoretical studies. Unlike existing works that primarily focus on the generalization error of the neural network algorithms, this project will focus on the robustness and stability. The research will leverage a range of mathematical and computational techniques, including statistical learning theory, random matrix theory, reproducing kernel Hilbert space, and optimization. The investigation of robustness will lead to the development of novel algorithms that are less vulnerable to adversarial attacks and can be implemented with greater security and stabilityThis award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

尽管基于神经网络的模型表现出了非凡的能力和通用性，但它们对敌意例子的稳健性已经成为一个主要的令人担忧的领域。对抗性训练是目前使用最广泛的方法来提高神经网络对对抗性扰动的稳健性，但这种方法被发现有一定的局限性，如过拟合。此外，对进攻和对抗性训练的理解仍然有限。鉴于这些挑战，本研究旨在开发一种理论分析，以揭示基于神经网络的方法的稳健性和对抗性训练的特性。这对于为各种机器学习模型设计有效的攻击策略和防御机制是至关重要的。这项研究有可能对网络安全、计算机视觉、自然语言处理、医疗保健和金融服务等广泛领域产生重大影响，在这些领域，机器学习模型发挥着关键作用。拟议的项目旨在通过新的理论研究来促进基于神经网络的健壮模型和算法的发展。与现有工作主要关注神经网络算法的泛化误差不同，本课题将重点研究神经网络算法的健壮性和稳定性。这项研究将利用一系列数学和计算技术，包括统计学习理论、随机矩阵理论、再生核希尔伯特空间和优化。对健壮性的调查将导致开发新的算法，这些算法不太容易受到对手攻击，并且可以以更高的安全性和稳定性实施。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。