Home > Seminars > CSE Seminar Series: Philip Kegelmeyer - Counter-Adversarial Machine Learning

CSE Seminar Series: Philip Kegelmeyer - Counter-Adversarial Machine Learning

Start:

11/10/2015 at 3:30PM

End:

11/10/2015 at 5:00PM

Location:

131 DeBartolo

Host:

College of Engineering close button
headerbottom

Kevin Bowyer

Kevin Bowyer

VIEW FULL PROFILE Email: kwb@nd.edu
Phone: 574-631-9978
Website: http://www.nd.edu/~kwb
Office: 321 Stinson-Remick Hall

Affiliations

Biometrics, data mining, computer vision, pattern recognition, applications to medical imaging, ethics and computing, computer science education.
Click for more information about Kevin
574-631-9978
Add to calendar:
iCal vCal

Machine learning is a powerful, well appreciated data analysis method. Its power stems from its ability to automatically and objectively consider historical precedent, to examine "groundtruth" data on which measurements were made and to which labels were assigned, and then to build a predictive model that will label future, unknown data.

What is less well appreciated is that is possible to dramatically undermine the utility of machine learning models by tampering with the supposedly accurate *labels* in the training data. That is, if some of the groundtruth is actually lying, the resulting model may seem incorrectly, to be uselessly inaccurate. Or, worse, it may seem an
accurate model when trained, but be crafted to fail miserably in practice. Though such tampering may at first seem unlikely, there are indeed historical (and sometimes amusing) examples. Which is to be expected: there are often targets of classification who would prefer to be misclassified.

We have invented, implemented, and characterized (qualitatively and quantitatively) many such label tampering attacks. We show, on one hand, how standard cross-validation performance assessment is not only not useless, but actually deceptive, in the context of adversarial tampering. On the other hand, we present Ensembles of Outlier Measures (EOM), a method for detecting *and remediating* tampered data. EOM has the counterintuitive property of sometimes being able to "repair" labels without needing to be certain as to exactly which labels were altered. Further, EOM is surprisingly general, and is effective in defending against attacks on *unsupervised* machine learning as well in very different data supporting a very different application.

Seminar Speaker:

Philip Kegelmeyer

Philip Kegelmeyer (E.E. Ph.D, Stanford) is a Senior Scientist at Sandia National Laboratories in Livermore, CA. His current interests are machine learning and graph algorithms, especially as applied to ugly, obdurate, real-world data which is, perhaps deliberately actively resistant to analysis.

At present he leads a research effort in "Counter Adversarial Data Analytics". The core idea is to take an vulnerability assessment approach to quantitatively assessing, and perhaps countering, the result of an adversary knowing and adapting to exactly whatever specific data analysis method might be in use.

Dr. Kegelmeyer has twenty years experience inventing, tinkering with, quantitatively improving, and now, subverting supervised machine learning algorithms (particularly ensemble methods), including investigations into how to accurately and statistically significantly compare such algorithms. His work has resulted in over seventy refereed publications, two patents, and commercial software licenses.