Security and Privacy Issues for ML

SPIML

ML in Autonomous Systems and Mobile Robots: Security and Privacy Issues for ML

Abstract

In today’s rapidly evolving landscape of cyber-security threats and the widespread adoption of nano-scale devices, intelligent camera-based functionalities within smart cyber-physical systems (CPS) and the Internet-of-Things (IoT) encounter unprecedented challenges. These challenges stem from emerging attack vectors and security/privacy risks associated with the processing of image and video data. Beyond traditional concerns such as IP theft and data breaches, modern machine learning (ML) systems operating on visual data face significant adversarial and backdoor threats. Adversarial and backdoor attacks involve deliberate manipulations in images, exploiting vulnerabilities inherent in machine/deep learning models and learning mechanisms. These attacks can severely compromise system performance and decision-making processes. Addressing these evolving security and privacy threats necessitates continual advancements in defense and obfuscation strategies. These strategies play a crucial role in fortifying the resilience of intelligent systems deployed across diverse image and video processing applications, including computer vision. Through hands-on demonstrations and practical examples, attendees of the tutorial will gain insights into effectively defending against adversarial and backdoor attacks. These attacks target inherent vulnerabilities in ML models and learning mechanisms used for tasks such as depth estimation, object detection, and classification. Additionally, the tutorial will explore emerging threats specific to autonomous systems and mobile robots, offering strategies to safeguard these systems against evolving security and privacy risks.

Structure of the Event

In this tutorial, our goal is to create an interactive and stimulating learning environment that fosters deep understanding, active engagement, and positive learning outcomes for all participants. To achieve this, we will prioritize engagement and interaction throughout the tutorial. Interactive elements like group discussions, polls, and Q&A sessions will be seamlessly integrated to encourage active participation. Hands-on exercises and demonstrations will offer participants the chance to apply concepts in real-world scenarios, reinforcing comprehension through experiential learning. Our tutorial will follow a structured and progressive learning flow. Beginning with foundational concepts, we will gradually progress to more advanced topics. Concepts will be introduced incrementally, providing ample opportunities for reinforcement and review to ensure retention. We’ll employ a diverse range of instructional methods, including presentations, case studies, demonstrations, and group activities, to accommodate various learning preferences and styles. Multimedia elements such as videos, animations, and visual aids will be leveraged to enhance understanding and engagement. Furthermore, collaborative learning opportunities like group exercises and peer review sessions will be integrated to facilitate peer-to-peer knowledge sharing and collaboration, enriching the learning experience for all participants.

Schedule

Time Event
8:30 – 9:15 Prof. Dr. Muhammed Shafique: Deep Learning: Advancements & Security Challenges
9:15 – 9:45 Dr. Amira Guesmi:  Adversarial Attacks and Defenses
9:45 – 10:00 Dr. Amira Guesmi: Physical Adversarial Attacks 
10:00 – 10:30 Coffee Break
10:30 – 11:15 Dr. Muhammed Abdullah Hanif: Backdoor Attacks and Defenses
11:15 – 12:30 Dr. Amira Guesmi and Dr. Muhammad Abdullah Hanif: Hands-on Workshops and Demos
12:30 Lunch

Talk Description

Deep Learning: Advancements & Security Challenges
  • Role of machine/deep learning in recent technological advancements
  • Spectrum of real-world deep learning applications and their impact on global infrastructure
  • Overview of security & privacy issues in CPS and IoT
  • Security issues in deep learning (threats, impact, and challenges)
  • Overview of adversarial and backdoor attacks in machine learning
Adversarial Attacks and Defenses
  • Detailed overview of adversarial attacks
  • Evaluation metrics for accessing the robustness of models/systems against adversarial attacks
  • Types of attacks: white-box, black-box, digital and physical adversarial attacks
  • Methodologies for generating stealthy adversarial perturbations
  • Universal and transferable attacks
  • Defenses against adversarial attacks, for example, adversarial training, input preprocessing, and model regularization
Physical Adversarial Attacks
  • Overview of physical-world adversarial attacks and their implications
  • Different attacks on monocular depth estimation, object detection, etc
  • Discussion on strategies for defending against physical-world adversarial attacks
Backdoor Attacks and Defenses
  • Detailed overview of backdoor attacks
  • Evaluation metrics and benchmarks
  • Types of backdoor attacks
  • Methodologies for data poisoning attacks including sample-specific and clean-label attacks
  • Attacks on object detection, tracking and depth estimation models
  • Defenses against backdoor attacks, for example, trigger synthesis, latent separation, input preprocessing, proactive training, and fine-pruning
  • Novel attacks and defenses for transformer models
Hands-on Workshops and Demos
  • Detailed explanation and implementation of adversarial and backdoor attacks on neural networks for visual data
  • Discussion on common attack techniques (e.g., Fast Gradient Sign Method, PGD, Carlini & Wagner Attack, BadNets)
  • Case studies demonstrating the impact of adversarial and backdoor attacks on real-world systems

Intended audience

The targeted audience for our tutorial includes students, researchers, practitioners, and professionals interested in the intersection of machine learning (ML) with autonomous systems and mobile robots, particularly in the context of security and privacy issues. This includes individuals with backgrounds in image and vision processing, machine learning, cybersecurity, and robotics. 
Our tutorial holds significant appeal for a diverse audience due to several key factors. Firstly, we offer a comprehensive examination of the security and privacy challenges confronting ML-powered autonomous systems and mobile robots. Covering topics such as adversarial and backdoor attacks, privacy-preserving algorithms, and defenses across various image and video processing applications, our tutorial provides valuable insights into mitigating these critical threats. Secondly, with the increasing integration of ML into autonomous systems and mobile robots, addressing security and privacy concerns has become imperative. Our tutorial directly addresses these pressing issues, offering practical strategies and techniques to enhance the resilience of ML algorithms in real-world scenarios. Moreover, our commitment to fostering inclusivity and diversity ensures that participants from varied backgrounds, experiences, and perspectives are welcomed. By facilitating rich discussions and knowledge exchange among attendees with diverse expertise, we aim to promote a more comprehensive understanding of the challenges and solutions in this domain. Lastly, our tutorial offers practical insights gleaned from panel discussions, invited talks, and interactive sessions. These sessions provide actionable strategies that participants can readily apply in their research, development, and professional practice, thereby enhancing the practical relevance and applicability of the knowledge shared.