Semantic Adversarial Machine Learning (SAML)
ML is everywhere: Fueled by massive amounts of data, models produced by machine-learning (ML) algorithms, especially deep neural networks, are being used in diverse domains where trustworthiness is a concern, including automotive systems, finance, health care, natural language processing, and malware detection. Of particular concern is the use of ML algorithms in cyberphysical systems (CPS), such as self-driving cars and aviation, where an adversary can cause serious consequences.
Adversarial ML (AML) deals with generating adversarial examples to ML
algorithms (e.g modifying a stop sign slightly so that it is classified as a
yield sign). For a general description of AML see here
Semantic Adversarial Machine Learning: However, existing approaches to generating adversarial examples and devising robust ML algorithms mostly ignore the semantics and context of the overall system containing the ML component. For example, in an autonomous vehicle using deep learning for perception, not every adversarial example for the neural network might lead to a harmful consequence. Moreover, one may want to prioritize the search for adversarial examples towards those that significantly modify the desired semantics of the overall system. Along the same lines, existing algorithms for constructing robust ML algorithms ignore the specification of the overall
system.
In my recent paper with co-authors (Tommaso Dreossi and Sanjit Seshia from
Berkeley) we argue that the semantics and specification of the overall system has a crucial role to play in this line of research. We present preliminary research results that support this claim.
Interested in reading? See https://arxiv.org/abs/1804.07045
Note: Have feedback. I would love to hear it. Please email at jha@cs.wisc.edu
Comments