Safe Deep Learning and Unsupervised Thwarting of Adversarial Attacks

Abstract

Ensuring security and safety of next generation artificial intelligence (AI) models is a standing challenge. This proposal suggests a multi-pronged approach to ensuring safety of the emerging DL models and protecting them against attacks. Two open questions regarding the adversarial attacks on DL are investigated: (i) Why are deep learning models vulnerable to adversarial samples? and (ii) How can we characterize and thwart the underlying space to provide unsupervised model assurance as well as defense against the adversaries? We build upon our recent exciting preliminary results in which we have a series of density estimators to identify the Ôadversarial subspacesÕ. Intellectual Merit: Our hypothesis is that the vulnerability of DL models to adversarial samples is due to the rarely explored sub-spaces in each feature map. In particular, the rare subspaces are caused by the limited availability of labeled data and/or inefficiency of regularization algorithms. Several earlier works suggested supervised training of the original model with the added adversarial samples. However, learning the multi-dimensional space of the potential adversaries with limited data has at least three challenges. One, there are several rarely sampled unexplored sub-spaces, and modeling such a complex space may not impractical. Two, the bounded data available may create additional rarely explored sub- spaces. Three, the robustness-accuracy trade-off will lead to lowering the performance of the original model. Instead, our novel methodology performs unsupervised characterization of explored sub-spaces based on the training data. To maintain accuracy, we suggest a new defense based on Parallel Checkpointing Learners (PCL) which keeps the victim model intact, and trains separate defender modules. The proposal simultaneously advances the state-of-the-art in theory and practice of adversarial DL. Broader Impact: This project will enable effective, scalable, practical and fundamental solutions for design and optimization of Safe Deep Learning models that directly translate to protection of a myriads of modern sensitive tasks that rely on DL. The research program is interdisciplinary and integrates knowledge not only across the fields of machine learning and security but also optimization and hardware implementation. The resulting SW and HW tools will contribute to a lively and interactive education in machine learning and security and will be relevant to a broad set of developers outside academia. The PIs have a track record for mentoring women and continue to play a major role in engaging graduate women in ECE as well as outreaching to younger generations of women and minority students. It is understood that any developmental items and specially designed parts, components, accessories and attachments fabricated under any Department of Defense award resulting from this proposal are being developed for both civil and military applications.

Document Details

Document Type

DoD Grant Award

Publication Date

Mar 24, 2020

Source ID

W911NF1910317

Entities

Tags