RexLearn
Reliable and Explainable Adversarial Machine Learning
From the project website: Machine learning has become pervasive. From self-driving cars to smart devices, almost every consumer application now leverages such technologies to make sense of the vast amount of data collected from its users. In some vision tasks, recent deep-learning algorithms have even surpassed human performances. It has thus been extremely surprising to discover that such algorithms can be easily fooled by adversarial examples, i.e., imperceptible, adversarial perturbations to images, text and audio that mislead these systems into perceiving things that are not there. After this phenomenon has been largely echoed by the press, a large number of stakeholders have shown interest in understanding the risks associated to the misuses of machine learning, to develop proper mitigation strategies and incorporate them in their products. Despite such large interest, this challenging problem is still far from being solved.
In this project, we posed three main challenges that are hindering current progress towards the development of secure machine-learning technologies, and advocate the use of novel methodological approaches to tackle them.
These problems have been addressed by the development of appropriate scientific methodologies allowing a significant advancement of the state of the art. The first methodological advancement concerned the development of techniques for evaluating the robustness/safety of machine learning algorithms with respect to inputs disrupted to compromise their decisions, known as adversarial examples. The second has concerned the development of techniques for improving the robustness of algorithms against these inputs. The third scientific advance involved the development of techniques for improvement the interpretability of the decisions provided by these algorithms.
A large collection of datasets for the experimentation on use cases was performed, followed by the development and testing of prototype systems on applications of interest, which included image recognition and automatic detection of computer viruses.
