The joint emergenCITY-MAKI Distinguished Lecture Series presents 3 DLS Impulse Lectures during the emergenCITY Week.
The third lecture is presented by Prof. Cristina Nita-Rotaru, Northeastern University, Boston
Manipulating Machine Learning: Attacks and Countermeasures
As more applications with large societal impact rely on machine learning for automated decisions, several concerns have emerged about potential vulnerabilities introduced by machine learning algorithms. Sophisticated attackers have strong incentives to manipulate the results and models generated by machine learning algorithms to achieve their objectives. Attacks against machine learning models can take place at both training and testing time.
In this talk I will first present our work on attacks at testing time, also known as evasion attacks, against classification and regression models for self-driving car applications, specifically steering angle prediction. I will then show attacks at training time, also known as poisoning attacks, where attackers inject a small number of corrupted points in the training data with the goal to change the accuracy of the trained model. I will describe our proposed approach to constructing a defense algorithm called TRIM, which provides high robustness and resilience against a large class of poisoning attacks. I will conclude by pointing out ongoing challenges in ensuring security and privacy in recent applications of machine learning such as federated learning.
This work is based on the following two articles:
- Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. Matthew Jagielski, Alina Oprea, Battista Biggio, Chang Liu, Cristina Nita-Rotaru, and Bo Li. In Proceedings of the IEEE Symposium on Security and Privacy, 2018.
- Are Self-Driving Cars Secure? Evasion Attacks against Deep Neural Networks for Steering Angle Prediction. Alesia Chernikova, Alina Oprea, Cristina Nita-Rotaru and Baekgyu Kim. IEEE Workshop on the Internet of Safe Things, Co-located with IEEE Security and Privacy 2019.
Cristina Nita-Rotaru is a Professor of Computer Science in the Khoury College of Computer Sciences at Northeastern University (since 2015) where she leads the Network and Distributed Systems Security Laboratory (NDS2). Prior to joining Northeastern she was a faculty in the Department of Computer Science at Purdue University (2003 - 2015). She served as Associate Dean of Faculty at Northeastern University (2017 - 2020) and as an Assistant Director for CERIAS at Purdue University (2011 - 2013).
Her research lies at the intersection of security, distributed systems, and computer networks. The overarching goal of her work is designing and building secure and resilient distributed systems and network protocols, with assurance that deployed implementations provide their security, resilience, and performance goals. Her work received several best paper awards in IEEE SafeThings 2019, NDSS 2018, ISSRE 2017, DSN 2015 as well as two IETF/IRTF Applied Networking Research Prize in 2018 and 2016. She is a recipient of the NSF Career Award in 2006.