Reporter:Dr. Yimin Chen
Reporting location: School Management Building304Room
Report time:2023Year1month5Sunday afternoon14:00-16:00
Report title: Defending AI Models from Adversarial Attacks through Detection in Data Space
Personal introduction:Dr. ChenNowUniversity of Massachusetts LowellAssistant Professor, School of Computer and Information Science.2018Year AwardArizona State UniversityPh.D.。The current main research direction is machine learning security and privacy,Attack types includeadversarial example attack,backdoor attack,poisoning attack,membership inference attacketc.,The application scenario involves federated learning、Contrast learning、Large language model and autonomous driving model。Focus on providing effective and reliable defense systems for machine learning models in practical applications。Many of his research results were published in the Security Conference (IEEE Security and Privacy/ACM CCS/ NDSS)He Computer Network Summit (IEEE MobiCOM/INFOCOM)。
Abstract: With the wide application of artificial seabet mobile intelligence models in different fields,Model security and robustness are becoming increasingly important。Current attacks against artificial intelligence models include the model training phasepoisoning attack、backdoor attackand the model deployment phaseadversarial example attack、membership inference attackWait.LLMandAIGCIs greatly expanding the application scenarios of artificial intelligence,The rising model complexity also makes the model have more potential vulnerabilities。In this context,A defense seabet casino review system with controllable costs and a certain degree of versatility is more important。In this report,We will introduce the team’s two works on the general artificial intelligence model defense mechanism,ieMANDAandFLARE。We will focus on how to detect potential attack samples by comparing the different behaviors of samples in data space and representation space,Thus enabling the corresponding defense system to be implemented at a controllable cost,Achieve high detection accuracy for attack methods designed based on different mechanisms。