CIT Summer Series - Nael Abu-Ghazaleh - Security challenges and opportunities at the Intersection of Architecture and ML/AI
This is a weekly session of the CIT Summer Series, with Nael Abu-Ghazaleh presenting Security challenges and opportunities at the Intersection of Architecture and ML/AI :
Machine learning is an increasingly important computational workload as data-driven deep learning models are becoming increasingly important in a wide range of application spaces. Computer systems, from the architecture up, have been impacted by ML in two primary directions: (1) ML is an increasingly important computing workload, with new accelerators and systems targeted to support both training and inference at scale; and (2) ML supporting architecture decisions, with new machine learning based algorithms controlling systems to optimize their performance, reliability and robustness. In this talk, I will explore the intersection of security, ML and architecture, identifying both security challenges and opportunities. Machine learning systems are vulnerable to new attacks including adversarial attacks crafted to fool a classifier to the attacker’s advantage, membership inference attacks attempting to compromise the privacy of the training data, and model extraction attacks seeking to recover the hyperparameters of a (secret) model. Architecture can be a target of these attacks when supporting ML, but also provides an opportunity to develop defenses against them, which I will illustrate with three examples from our recent work. First, I show how ML based hardware malware detectors can be attacked with adversarial perturbations to the Malware and how we can develop detectors that resist these attacks. Second, I will also show an example of a microarchitectural side channel attacks that can be used to extract the secret parameters of a neural network and potential defenses against it. Finally, I will also discuss how architecture can be used to make ML more robust against adversarial and membership inference attacks using the idea of approximate computing. I will conclude with describing some other potential open problems.
Date and Time
Location
Hosts
Registration
- Date: 20 Jul 2023
- Time: 06:30 PM to 08:00 PM
- All times are (UTC-05:00) Central Time (US & Canada)
-
Add Event to Calendar
- Starts 12 June 2023 06:00 AM
- Ends 20 July 2023 04:00 PM
- All times are (UTC-05:00) Central Time (US & Canada)
- No Admission Charge
Speakers
Nael Abu-Ghazaleh
Security challenges and opportunities at the Intersection of Architecture and ML/AI
Machine learning is an increasingly important computational workload as data-driven deep learning models are becoming increasingly important in a wide range of application spaces. Computer systems, from the architecture up, have been impacted by ML in two primary directions: (1) ML is an increasingly important computing workload, with new accelerators and systems targeted to support both training and inference at scale; and (2) ML supporting architecture decisions, with new machine learning based algorithms controlling systems to optimize their performance, reliability and robustness. In this talk, I will explore the intersection of security, ML and architecture, identifying both security challenges and opportunities. Machine learning systems are vulnerable to new attacks including adversarial attacks crafted to fool a classifier to the attacker’s advantage, membership inference attacks attempting to compromise the privacy of the training data, and model extraction attacks seeking to recover the hyperparameters of a (secret) model. Architecture can be a target of these attacks when supporting ML, but also provides an opportunity to develop defenses against them, which I will illustrate with three examples from our recent work. First, I show how ML based hardware malware detectors can be attacked with adversarial perturbations to the Malware and how we can develop detectors that resist these attacks. Second, I will also show an example of a microarchitectural side channel attacks that can be used to extract the secret parameters of a neural network and potential defenses against it. Finally, I will also discuss how architecture can be used to make ML more robust against adversarial and membership inference attacks using the idea of approximate computing. I will conclude with describing some other potential open problems.
Biography:
Nael Abu-Ghazaleh is a Professor with joint appointment in the CSE and ECE departments at the University of California, Riverside, and the director of the Computer Engineering program. His research interests include architecture support for security, high performance computing architectures, and networking and distributed systems. His group’s research has lead to the discovery of a number of vulnerabilities in modern architectures and operating systems which have been reported to companies and impacted commercial products. He has published over 200 papers, several of which have been nominated or recognized with best paper awards. He is a Distinguished Member of the ACM.