Designing Resilient Data Processing Systems for Adversarial Environments

Abstract

Machine Learning algorithms lie at the heart of autonomous systems. Unfortunately, learning algorithms not only have to deal with uncertainties in sensor readings, but also adversarial attacks on those readings. The Offeror will consider three kinds of attacks that could corrupt data sources (data poisoning attacks, evasion attacks and denial-of-service attacks) in building ML algorithms that would be resilient to these classes of attacks. The resulting algorithms will be tested in the context of ML algorithms for intrusion detection systems. The approach taken by the Offeror is based on game-theory, where for each class of attack an appropriate game will be defined and its equilibrium examined. In the case of evasion attacks, in which the attacker modifies malicious instances to be classified as benign, the Offeror will formalize resiliency to attacks involving polymorphism. Similarly, in the case of data-poisoning attack the approach is to develop formal threat models of data poisoning attacks, and associated learning approaches which are effective despite deliberately poisoned portion of the training data. Finally, the approach will consider denial-of-service attacks in which adversaries disable sensors and, consequently, relevant data becomes unavailable. The proposed research will investigate robust sensor selection methods in the context of such attacks. The solutions developed would allow the defender to increase the cost for the attacker aiming to disrupt decision-making in autonomous learning systems, while minimizing the effect of adversaries actions on learning algorithms and associated decisions.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 12, 2017

Source ID

W911NF1610069

Entities

Tags