Robustness and Stability for Data Analysis in Security

Abstract

The unprecedented ability to generate and analyze massive data sets has brought concerns of privacy and robustness to the limelight. The proposed research lies at the nexus of these two con cerns. While these two concerns are seemingly unrelated, the proposed project will study both under the unifying theme of stability theory, a vibrant area in computational learning. The prior work has demonstrated that this approach can be fruitful: (i) It has demonstrated that differential privacy (DP), the de-facto standard in data privacy research, is in fact a stability notion. Extending techniques developed in stable learning theory, the PIÕs work has developed algorithms that significantly improves the state-of-the-art private regression algorithm. This new view of stability has also enabled identification of mismatches between what DP provides and what people intuitively think of as privacy. (ii) Existing work has also investigated the hypothesis that the existence of adversarial perturbation implies that a learning algorithm is unstable. Building upon this hypothesis, the PI has developed a theoretical argument explaining why stopping early in a training process might yield more robust models. In the PIÕs recent work, this argument has helped explain why distillation, a model compression technique, can alleviate the issue of brittleness of deep learning to adversarial perturbations. The proposed future work continues to build upon the intriguing relationships between stable learning theory and both privacy and robustness in data analysis.

Document Details

Document Type

DoD Grant Award

Publication Date

Oct 16, 2018

Source ID

W911NF1710405

Entities

Tags