GGrantIndex
← Search

AF: RI: Small: Barriers in Adversarially Robust Learning

$400,000FY2019CSENSF

University Of Virginia Main Campus, Charlottesville VA

Investigators

Abstract

Learning algorithms are increasingly taking on roles that were previously held by humans. Examples include face recognition, malware detection, making decisions about loans or bail, etc. Learning algorithms, however, are usually sensitive to adversarial manipulations happening during training or decision time. Due to the sensitivity of the contexts in which these algorithms are used, it is crucial to understand the power and limitations of provably robust methods in such adversarial contexts. The goal of this project is to study adversarial robustness from a provable perspective and identify the barriers that might exist against it. The project will build connections to other areas such as computational complexity as well as cryptography. The project also involves mentoring PhD students. The findings will be incorporated into newly designed courses and will be disseminated via workshops, conferences, and journals. The project, more specifically, will focus on two parts that enable the main goals outlined above. The first part is to model adversarially robust learning formally to enable a provable approach. Indeed, Cryptography has benefited tremendously from such mathematically rigorous approach to security, and to reach similar results, adversarially robust learning needs a similar definitional approach that models subtle aspects of the attack such as: the computational complexity of the attacker, its precise knowledge, and the role of randomness. The second part of this project aims at identifying barriers that exist against provable robustness for adversarial learning. This project will study barriers against both information theoretic (a.k.a. statistic) as well as computational security. Information theoretic security models the adversary as an all powerful entity, while the more realistic model of computational security, which is widely used in Cryptography, models the attacker as a polynomial-time algorithm. Identifying these barriers is an essential part of designing optimally robust learning methods. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →