CAREER: Towards Trustworthy Machine Learning via Learning Trustworthy Representations: An Information-Theoretic Framework

职业：通过学习可信表示实现可信机器学习：信息理论框架

• 批准号: 2339686
• 负责人: Binghui Wang
• 金额: $ 54.8万
• 依托单位: Illinois Institute of Technology
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-04-01 至 2029-03-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2339686&HistoricalAwards=false
• 关键词: CAREER; Towards; Trustworthy; Machine; Learning

The objective of this project is to enable machine learning (ML) to be trustworthy. ML, especially deep learning that uses deep neural networks, has made remarkable breakthroughs in various research domains and disciplines including computer vision, natural language processing, biology, and math, to name a few. However, in the past decade, extensive work has shown ML models are vulnerable to privacy and security attacks. For example, email spam filters can be compromised by data poisoning attacks, where attackers confuse ML models by feeding them bogus data, allowing adversaries to send malicious emails containing malware or other security threats without being noticed. Attackers can also make repeated requests to models, looking at the results in order to reconstruct the data used to build ML models; in health domains, for instance, successful data reconstruction attacks might expose private medical details about patients. Many defense methods have been proposed to mitigate these attacks, but they face several limitations: they often aren’t effective in real-world applications with strict confidentiality requirements, or unacceptably degrade the performance of the models. Further, most defenses are aimed at particular learning methods or attack types, making it hard to deal with multiple concurrent attacks, and generalizing poorly to different types of models and data. This project’s goal is to address these limitations by designing a trustworthy learning framework based on information theory. The outcomes of the project will advance the state-of-the-art trustworthy ML and information-theoretic approaches to privacy, while contributing to the growing national need for professionals in ML and cybersecurity.To do this, the team will design a practical, accurate, flexible, and generalizable information-theoretic trustworthy representation learning framework with robustness and privacy guarantees. The work will be structured around three thrusts. Thrust 1 will design novel information-theoretic representation learning methods against common privacy attacks, including membership inference, property inference, and data reconstruction attacks. Thrust 2 will design novel information-theoretic representation learning methods against common security attacks, including test-time evasion attacks, training-time poisoning attacks, and training- and test-time backdoor attacks. Thrust 3 will generalize Thrust 1 and Thrust 2 to handle diverse attack types (e.g., multiple privacy/security attacks or their combination), data types (e.g., spatial-temporal data, multimodal data), and learning types (e.g., federated learning, graph learning, self-supervised learning). The proposed framework will be evaluated on datasets and learning tasks from several domains, including computer vision, natural language processing, multimedia, and networking. The team will develop an open-source toolkit to make the techniques widely available to other researchers in academia, industry, and government. Outreach and educational activities, including summer camps, talks, lectures, tutorials, and workshops, will promote the participation of K-12, undergraduate, and graduate students, with a focus on providing opportunities for people from groups underrepresented in STEM.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是使机器学习（ML）变得值得信赖。机器学习，尤其是使用深度神经网络的深度学习，已经在各个研究领域和学科取得了显著的突破，包括计算机视觉、自然语言处理、生物学和数学等。然而，在过去的十年中，大量的工作表明ML模型容易受到隐私和安全攻击。例如，电子邮件垃圾邮件过滤器可能会受到数据中毒攻击的危害，攻击者通过向ML模型提供虚假数据来混淆ML模型，从而允许对手发送包含恶意软件或其他安全威胁的恶意电子邮件而不被注意到。攻击者还可以对模型进行重复请求，查看结果以重建用于构建ML模型的数据;例如，在健康领域，成功的数据重建攻击可能会暴露患者的私人医疗细节。已经提出了许多防御方法来减轻这些攻击，但它们面临着一些限制：它们通常在具有严格保密要求的实际应用中无效，或者无法接受地降低模型的性能。此外，大多数防御针对特定的学习方法或攻击类型，难以处理多个并发攻击，并且难以推广到不同类型的模型和数据。这个项目的目标是通过设计一个基于信息论的值得信赖的学习框架来解决这些限制。该项目的成果将推动最先进的可信机器学习和信息理论隐私方法的发展，同时为国家对机器学习和网络安全专业人员日益增长的需求做出贡献。为此，该团队将设计一个实用，准确，灵活和可推广的信息理论可信表示学习框架，具有鲁棒性和隐私保障。这项工作将围绕三个重点展开。Thrust 1将设计新的信息理论表示学习方法来对抗常见的隐私攻击，包括成员推断，属性推断和数据重构攻击。Thrust 2将设计新的信息理论表示学习方法来对抗常见的安全攻击，包括测试时逃避攻击、训练时中毒攻击以及训练和测试时后门攻击。推力3将推广推力1和推力2，以处理不同的攻击类型（例如，多个隐私/安全攻击或它们的组合），数据类型（例如，时空数据，多模式数据），和学习类型（例如，联邦学习、图学习、自监督学习）。拟议的框架将在多个领域的数据集和学习任务上进行评估，包括计算机视觉、自然语言处理、多媒体和网络。该团队将开发一个开源工具包，使学术界、工业界和政府的其他研究人员能够广泛使用这些技术。通过夏令营、讲座、讲座、辅导和研讨会等推广和教育活动，促进K-12、本科生和研究生的参与，重点是为STEM中代表性不足的群体提供机会。该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的影响力审查标准进行评估，被认为值得支持。