STO-Activities: (no title)
Activity title:
Defense against adversarial attacks on machine learning systems
Activity Reference:
IST-221
Panel:
IST
Security Classification:
NATO UNCLASSIFIED
Status:
Active
Activity type:
RTG
Start date:
2024-05-16T00:00:00Z
Actual End date:
2027-05-16T00:00:00Z
Keywords:
Accountability, Adversarial Attack, Artificial Intelligence, Autonomous Systems, Deep Learning, Machine Learning, Machine Learning Systems, Robustness, Trust
Background:
There are many activities, projects and programs that look at manipulation of machine learning systems (MLS) and how specific systems can be influenced by creative input. But there is too little activity in machine learning research to look at how we can create more robust systems and how such systems might require a fundamental change in design, training, testing, validation and/or product development phases.
The IST-169 RTG has been very active in pursuing its scientific objectives, in particular its first objective:
• To determine the state-of-the-art in robustness and accountability for machine learning systems (MLS) – especially deep learning systems with complex and large models which are virtually impossible to manage by humans.
In 2021, the IST-169 RTG collaborated closely with IST-190 (IWA) / “AI, ML and BD for Hybrid Military Operations” (AI4HMO) to generate a best-in-class state-of-the-art study on that objective. Meanwhile, the RTG has taken its own recommendations from that study a step further and put them into direct practice by way of a series of “demonstrators”. This has produced tangible results on the applicability and usefulness of various ML robustness metrics in the context of adversarial attack on ML-based decision support systems, documented in a follow-on paper recently accepted for presentation at ICSCIM 2023 in Skopje.
Further research is suggested in the areas of ML accountability (for the purpose of supporting xAI – explainable AI), and for defense against, and mitigation of, adversarial attack on ML within military decision support context. The element of “trust” in MLS still requires further, and deeper, investigation.
Objectives:
The scientific objectives of this TAP are aimed at practical implementation of methods to automatically detect, recognize, and repel adversarial attacks on ML within operational contexts. These methods aid to defend ML against attacks and also aid to mitigate the impact of such attacks.
Topics:
Specific topics to be covered by the RTG include the automated detection and quantification of inherent susceptibilities and adversarial attacks on ML, and techniques that could be used to repel and/or mitigate them.
Contact:
Open2Partners:
Title:
Created at 20/10/2023 10:00 by System Account
Last modified at 16/05/2024 21:00 by System Account
Go back to list
Home(NATO STO)