Certifiably trustworthy deep learning systems at scale

Li, Linyi

Permalink

https://hdl.handle.net/2142/121953 Copy

Description

Title

Certifiably trustworthy deep learning systems at scale

Author(s)

Li, Linyi

Issue Date

2023-10-10

Director of Research (if dissertation) or Advisor (if thesis)

Li, Bo

Doctoral Committee Chair(s)

• Li, Bo
• Xie, Tao

Committee Member(s)

• Gunter, Carl A.
• Kolter, J. Zico

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• deep learning
• certification
• verification
• trustworthy machine learning
• machine learning security

Abstract

Great advances in deep learning (DL) have led to state-of-the-art performance on a wide range of challenging tasks. However, along with the rapid deployment of DL systems, several trustworthy threats arise, such as weak robustness against stealthy noise perturbations and natural transformations, bias across different subgroups, and lack of numerical reliability. These trustworthy threats have raised great concerns, especially when deploying DL systems in safety-critical scenarios such as autonomous driving and facial recognition for safeguarding. To defend against these common trustworthy threats, this thesis systematically proposes or enhances certification approaches and certified training approaches for DL systems, especially for large-scale DL systems. A certification approach can guarantee some properties of the DL system under some trustworthiness properties. For instance, the robustness certification approach can guarantee the worst-case test accuracy when the attacker imposes any input perturbations or transformations within some bounded range. A certified training approach can improve the DL system’s guaranteed trustworthiness under a certain property by training the DL model, e.g., improving the guaranteed test accuracy above. This thesis begins with a systematic taxonomy of certification and certified training approaches. Then for several critical trustworthiness properties, this thesis proposes the corresponding certification and certified training approaches that lead to state-of-the-art tightness and scalability. These approaches are motivated by a few core principles, including dual problem analysis for randomized smoothing, general cutting planes for bound propagation, stratified sampling, subpopulation decomposition, and abstract interpretation. The effectiveness of the proposed approaches is supported by both theoretical analyses and empirical evaluations. The thesis is concluded with a discussion of limitations, challenges, and future directions towards achieving fully certifiable, reliable, and scalable machine learning. In summary, this thesis enables certification of various trustworthy properties for DL systems up to millions of parameters, representing a major step in certified deep learning, an important research topic in machine learning, computer security, and software engineering.

Graduation Semester

2023-12

Type of Resource

Thesis

Copyright and License Information

Copyright 2023 Linyi Li

Owning Collections