GGrantIndex
← Search

EAGER: Toward Attack-Resilient Statistical Inference

$250,000FY2022CSENSF

Oregon State University, Corvallis OR

Investigators

Abstract

Classical techniques and theories for statistical inference had been developed under the assumption that there is no adversarial attempt to manipulate the input data. Such a nature renders most existing statistical inference techniques unreliable and the associated theories irrelevant when they are deployed to an adversarial environment. This existing gap is a matter of great concern because many modern statistical inference tasks in mission-critical systems (e.g., the nation's power grids) and safety-critical systems (e.g., autonomous driving systems) are relying on sensor data that could be vulnerable to falsification by an adversary. For instance, an adversary can launch a spoofing attack to manipulate lidar or vision sensor data in an autonomous driving system such that the object detection algorithm will fail to detect certain obstacle in front of the car. Despite recent advances in robust statistical inference, there still is no general theory that characterizes optimal inference rules in the presence of data falsification or the fundamental limit of performing inference using falsified data. This project is aimed at addressing this gap by developing fundamental theory and optimal methods for robust inference in the presence of data falsification by an adversary. The project will advance the state-of-the-art in robust statistics, robust sensing, and security of machine learning. Furthermore, the project will contribute to the national security by generating the outcomes that can be applied to significantly improve resilience of safety-critical and mission-critical systems of the nation against data falsification attacks. The technical objectives of the project are to investigate fundamental limits of performing hypothesis testing and estimation in the presence of adversarial data falsification and to develop robust inference methods, supported by theoretical analyses, to mitigate the impact of data falsification. The developed theory and methods will be further extended to develop a novel framework to train an attack-resilient machine learning model. In pursuing these objectives, a game-theoretic formulation will be employed to rigorously model the complex interplay between the defender designing a robust inference method and the adversary optimizing the data falsification strategy against the defender's design of the inference method. Techniques from optimization, game theory, and probability theory will be leveraged to derive optimal robust inference methods for the game-theoretic formulation and analyze their properties. Furthermore, power system state estimation in the presence of falsified meter measurements will be considered as a case study, and a robust power system state estimator will be developed and evaluated in a rigorous game-theoretic setup. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →