Provably Secure Machine Learning
Seminar | January 29 | 4-5 p.m. | 1011 Evans Hall
Jacob Steinhardt, Stanford University
Deployed machine learning systems create a new class of computer security vulnerabilities
where, rather than attacking the integrity of the software itself, malicious actors exploit the
statistical nature of the learning algorithms. For instance, attackers can add fake training data,
or strategically manipulate input covariates at test time.
Attempts so far to defend against these attacks have focused on empirical performance against
known sets of attacks. I will argue that this is a fundamentally inadequate paradigm for achieving
meaningful security guarantees, and that we instead need algorithms that are provably secure by
design, by being robust to worst-case perturbations of the train or test data. This will require
revisiting classical problems in robust optimization and statistics with an eye towards the security
requirements of modern machine learning systems. In particular, we will develop new theory for
robust statistics in high-dimensional settings, and for robust optimization of non-convex models.