*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: Understanding, Fortifying and Democratizing AI Security
Nilaksh Das
School of Computational Science & Engineering
College of Computing
Georgia Tech
Date: Wednesday, April 14, 2021
Time: 11am - 1pm ET (other time zones: shorturl.at/jqtP7)
Location (virtual): https://bluejeans.com/627016581
Committee
Dr. Duen Horng (Polo) Chau - Advisor, Associate Professor, School of Computational Science & Engineering, Georgia Tech
Dr. Wenke Lee - Professor, School of Computer Science, Georgia Tech
Dr. Xu Chu - Assistant Professor, School of Computer Science, Georgia Tech
Dr. Srijan Kumar - Assistant Professor, School of Computational Science & Engineering, Georgia Tech
Dr. Ponnurangam Kumaraguru ("PK") - Professor, Indraprastha Institute of Information Technology, Delhi, India
Dr. Oliver Brdiczka - Principal ML Scientist & Director, Adobe
Abstract
As we steadily move towards an AI-powered utopia that could only be imagined in lofty fiction in the recent past, a formidable threat is emerging that endangers the acute capitalization of AI in our everyday lives. Recent adversarial machine learning research has revealed that deep neural networks — the workhorse of modern AI applications — are extremely vulnerable to adversarial examples. These are malicious inputs crafted by an attacker that can completely confuse deep neural networks into making incorrect predictions! Therefore, for people to have complete confidence in using AI applications, there is not only an urgent need to develop strong, practical solutions to defend real-world AI cyber-systems; there is also an equally pressing necessity to enable people to interpret AI vulnerabilities and understand how and why adversarial attacks and defenses work. It is also critical that the technologies for AI security be brought to the masses, and AI security research be as accessible and as pervasive as AI itself. After all, AI impacts people from all walks of life.
This thesis aims to address these substantial challenges by developing new tools, techniques and paradigms that mitigate the threat of adversarial examples, enhance people’s understanding of AI vulnerabilities, and democratize AI security by making it accessible and available to everyone. Specifically, this thesis focuses on three complementary research thrusts:
(1) Practical Mitigation & Harnessing of Adversarial Examples across Modalities - developing fast, robust defenses (e.g., SHIELD, ADAGIO) which are generalizable across diverse AI tasks, and harnessing adversarial attacks for the benefit of society instead of causing harm (e.g., AdvAccAug)!
(2) Exposing AI Vulnerabilities through Visualization & Interpretable Representations - developing intuitive interpretation techniques for deciphering adversarial attacks (e.g., Bluff).
(3) Democratizing AI Security Research & Pedagogy with Scalable Interactive Experimentation - enabling researchers, practitioners and students to perform in-depth security testing of AI models through interactive experimentation (e.g., MLsploit).
Our work has made a significant impact to industry and society: our research has produced novel defenses that have been tech-transferred to industry (SHIELD); our interactive visualization systems have significantly expanded the intuitive understanding of AI vulnerabilities (Bluff); and our unified AI security framework and research tools, becoming available to thousands of students, is transforming AI education at scale (MLsploit).
