Research Project Title:
Understanding Security Threats to Machine-Learning-as-a-Service (MLaaS) Systems
abstract:Machine Learning as a Service (MLaaS) systems are becoming an increasingly popular way of utilizing and monetizing recent advances in machine learning. As a result, it is important to understand security threats such systems are subject to. This project focuses on two types of black box attacks: model stealing and adversarial attacks, in the context of MLaaS systems. Firstly, we will identify the capabilities and limitations of a black box attacker. Then we will devise and evaluate methods for securing our model against their attacks. These methods may involve relying on randomness that is unavailable to the attacker. Our goal is to find simpler and better methods to defend against black box attacks than currently known ones, because the latter target more powerful white-box attacks.
Through this superUROP, I would like to explore deep learning while applying machine learning and mathematics to real-life problems. I previously conducted research in applied machine learning and reinforcement learning. This SuperUROP would let me expand on that experience and tackle machine learning from a more theoretical angle, while allowing me to utilize principled reasoning skills learned in classes such as 18.100B and 6.046.