University of Illinois Urbana-Champaign

Trustworthy machine learning throughout model’s life cycle

Li, Huichen

Content Files
LI-DISSERTATION-2023.pdf

Permalink

https://hdl.handle.net/2142/120254

Description

Title
Trustworthy machine learning throughout model’s life cycle
Author(s)
Li, Huichen
Issue Date
2023-04-14
Director of Research (if dissertation) or Advisor (if thesis)
Li, Bo
Doctoral Committee Chair(s)
Li, Bo
Committee Member(s)
  • Gunter, Carl A.
  • Tong, Hanghang
  • Urtasun, Raquel
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Keyword(s)
  • Machine Learning
  • Trustworthy
  • Robustness
  • Adversarial Attack and Defense
  • Backdoor Attack Detection
  • Watermark
  • Whitebox Attack
  • Blackbox Attack
Abstract
Machine learning techniques have been used across a wide variety of applications, including security-sensitive domains. Despite their superior performance, they are vulnerable throughout the life cycle including stages of data collection, training, deployment, and inference. During my Ph.D. studies, I have been working on exploring the trustworthiness of machine learning models, including both attack and defense techniques. The backdoor attack poses potential security risks for machine learning models. In Chapter 3, feature sensitivity analysis with smoothing techniques can identify instances with backdoor triggers from a dataset. On the other hand, in Chapter 4, defenders can adapt the idea of backdoor triggers to create “watermarks” in trained models and leverage this property to protect the intellectual property against model extraction attacks. In Chapter 5, I study the robustness of Visual Question Answering (VQA) systems. With white-box access, it is easy for attackers to craft adversarial examples on all the VQA system variants inspected. I further improve the VQA robustness from the perspectives of causality, consistency regularization, and adversarial training. Chapter 6 and Chapter 7 show that keeping a model black box does not guarantee its safety. By querying the model and getting the hard predictions (e.g., class labels instead of logits), an adversary is able to efficiently craft high-quality adversarial examples against an image classifier.
Graduation Semester
2023-05
Type of Resource
Thesis
Handle URL
https://hdl.handle.net/2142/120254
Copyright and License Information
Copyright 2023 Huichen Li

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois