| |
 Certifying Trustworthy Machine Learning: From Defenses to Attacks Speaker (s):
Yuan Hong
Associate Professor,
School of Computing
University of Connecticut
| Date: Time: Venue: | | 14 January 2025, Tuesday 10:30am – 12:00pm School of Computing &
Information Systems 2 (SCIS 2)
Level 4, Meeting Room 4-1
Singapore Management University
90 Stamford Road,
Singapore 178903 Please register by 13 January 2025. We look forward to seeing you at this research seminar. 
|
|
About the Talk In the past decade, adversarial attacks and defenses have been extensively studied to expose vulnerabilities and develop countermeasures for enhancing the robustness of machine learning models. This talk will present our recent advances in certifying both defenses and attacks, with a focus on moving from empirical approaches to provable guarantees. First, we will introduce Text-CRS, the first generalized certified robustness framework for language models against a wide range of word-level adversarial operations, including synonym substitution, word reordering, insertion, and deletion. By leveraging randomized smoothing in both permutation and embedding spaces, Text-CRS improves certified accuracy and robustness. Second, we will shift focus to the attack side by introducing certifiable black-box adversarial attacks. While certified defenses have been well studied, this is the first attack framework that provides provable guarantees for the attack success probability (ASP). It reveals critical weaknesses in machine learning models, even those protected by state-of-the-art defenses. Our attack framework constructs a continuous space of adversarial examples with lower-bounded (high) ASP. Finally, we will discuss the certification in other areas of trustworthy machine learning. About the Speaker Yuan Hong is an Associate Professor and Collins Aerospace Endowed Professor in the School of Computing at the University of Connecticut (UConn), where he directs the Data Security and Privacy (DataSec) Laboratory. His research spans security, privacy, and trustworthy machine learning, with a focus on areas such as differential privacy, secure computation, applied cryptography, adversarial attacks and provable defenses in machine learning, computer vision, (large) language models, and cyber-physical systems. His research works are prolifically published in top-tier conferences in Security (e.g., S&P, CCS, USENIX Security, NDSS) and Data Science (e.g., SIGMOD, VLDB, NeurIPS, CVPR, ECCV, EMNLP, KDD, AAAI), as well as in top interdisciplinary journals. He is a recipient of the NSF CAREER Award (2021), Cisco Research Award (2022, 2023), CCS Distinguished Paper Award (2024), and the finalist of the Meta Research Award (2021). He regularly serves on the technical program committee (PC) or as a Senior PC member for top security and data science conferences and is an Associate Editor for IEEE Transactions on Dependable and Secure Computing (TDSC) and Computers & Security. |
