University of Illinois Urbana-Champaign

Enhancing the robustness of machine learning models

Xu, Xiaojun

Permalink

https://hdl.handle.net/2142/121313

Description

Title
Enhancing the robustness of machine learning models
Author(s)
Xu, Xiaojun
Issue Date
2023-06-21
Director of Research (if dissertation) or Advisor (if thesis)
  • Gunter, Carl A.
  • Li, Bo
Doctoral Committee Chair(s)
  • Gunter, Carl A.
  • Li, Bo
Committee Member(s)
  • Borisov, Nikita
  • Zhang, Ce
Department of Study
Computer Science
Discipline
Computer Science
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Keyword(s)
Machine Learning Robustness
Abstract
Machine learning models have recently shown surprisingly good performance in real-world tasks. Therefore, there are growing concerns about whether machine learning models can be robust against different potential threats. In this thesis, we will explore the robustness of machine learning models against adversarial threats in three scenarios that have received relatively less attention from the community. Firstly, we will investigate backdoor attacks, which involve perturbing both the training and evaluation stages. As a countermeasure to such a stealthy and dangerous attack, we present a countermeasure by achieving a binary classification task on neural networks to mitigate this type of threat. Secondly, we will examine the robustness of graph data. We demonstrate the potential threat for discrete edge space manipulation to deceive graph neural networks and make desired actions with stealthy perturbations. We also offer a countermeasure to detect the maliciously injected edges on graph data with an ensemble of multiple models. Finally, we will discuss how model architecture design can provide a robustness guarantee. We present two Lipschitz-constrained models, one for convolution networks and another for Transformer networks. We show that such Lipschitz-constrained models can achieve good certified model robustness. Our work enhances machine learning robustness against various adversarial threats with effective countermeasures.
Graduation Semester
2023-08
Type of Resource
Thesis
Handle URL
https://hdl.handle.net/2142/121313
Copyright and License Information
Copyright 2023 Xiaojun Xu

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois