Robust MACHINE LEARNING
Algorithms and Systems for
DETECTION and MITIGATION of
Adversarial Attacks and Anomalies
PROCEEDINGS OF A WORKSHOP
Linda Casola and Dionna Ali, Rapporteurs
Intelligence Community Studies Board
Board on Mathematical Sciences and Analytics
Computer Science and Telecommunications Board
Division on Engineering and Physical Sciences
THE NATIONAL ACADEMIES PRESS
Washington, DC
www.nap.edu
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, NW Washington, DC 20001
This activity was supported by Contract 2014-14041100003-019 with the Office of the Director of National Intelligence. Any opinions, findings, conclusions, or recommendations expressed in this publication do not necessarily reflect the views of any organization or agency that provided support for the project.
International Standard Book Number-13: 978-0-309-49609-4
International Standard Book Number-10: 0-309-49609-8
Digital Object Identifier: https://doi.org/10.17226/25534
Additional copies of this publication are available for sale from the National Academies Press, 500 Fifth Street, NW, Keck 360, Washington, DC 20001; (800) 624-6242 or (202) 334-3313; http://www.nap.edu.
Copyright 2019 by the National Academy of Sciences. All rights reserved.
Printed in the United States of America
Suggested citation: National Academies of Sciences, Engineering, and Medicine. 2019. Robust Machine Learning Algorithms and Systems for Detection and Mitigation of Adversarial Attacks and Anomalies: Proceedings of a Workshop. Washington, DC: The National Academies Press. doi: https://doi.org/10.17226/25534.
The National Academy of Sciences was established in 1863 by an Act of Congress, signed by President Lincoln, as a private, nongovernmental institution to advise the nation on issues related to science and technology. Members are elected by their peers for outstanding contributions to research. Dr. Marcia McNutt is president.
The National Academy of Engineering was established in 1964 under the charter of the National Academy of Sciences to bring the practices of engineering to advising the nation. Members are elected by their peers for extraordinary contributions to engineering. Dr. John L. Anderson is president.
The National Academy of Medicine (formerly the Institute of Medicine) was established in 1970 under the charter of the National Academy of Sciences to advise the nation on medical and health issues. Members are elected by their peers for distinguished contributions to medicine and health. Dr. Victor J. Dzau is president.
The three Academies work together as the National Academies of Sciences, Engineering, and Medicine to provide independent, objective analysis and advice to the nation and conduct other activities to solve complex problems and inform public policy decisions. The National Academies also encourage education and research, recognize outstanding contributions to knowledge, and increase public understanding in matters of science, engineering, and medicine.
Learn more about the National Academies of Sciences, Engineering, and Medicine at www.nationalacademies.org.
Consensus Study Reports published by the National Academies of Sciences, Engineering, and Medicine document the evidence-based consensus on the study’s statement of task by an authoring committee of experts. Reports typically include findings, conclusions, and recommendations based on information gathered by the committee and the committee’s deliberations. Each report has been subjected to a rigorous and independent peer-review process and it represents the position of the National Academies on the statement of task.
Proceedings published by the National Academies of Sciences, Engineering, and Medicine chronicle the presentations and discussions at a workshop, symposium, or other event convened by the National Academies. The statements and opinions contained in proceedings are those of the participants and are not endorsed by other participants, the planning committee, or the National Academies.
For information about other products and activities of the National Academies, please visit www.nationalacademies.org/about/whatwedo.
PLANNING COMMITTEE ON ENSURING THE QUALITY OF MACHINE-GENERATED ANALYTIC PRODUCTS FROM MULTI-SOURCE DATA: A WORKSHOP
RAMA CHELLAPPA, University of Maryland, College Park, Chair
TODD BORKEY, Alion Science and Technology
JULIE BRILL, Microsoft Corporation
LISE GETOOR, University of California, Santa Cruz
ANTHONY HOOGS, Kitware, Inc.
ANITA JONES, NAE,1 University of Virginia
YUNYAO LI, IBM Corporation
JOYSULA RAO, IBM Corporation
SAMUEL VISNER, MITRE Corporation
Staff
GEORGE COYLE, Senior Program Officer, Workshop Director
CHRIS JONES, Financial Officer
MARGUERITE SCHNEIDER, Administrative Coordinator
DIONNA ALI, Research Associate
NATHANIEL DEBEVOISE, Senior Program Assistant
___________________
1 Member, National Academy of Engineering.
INTELLIGENCE COMMUNITY STUDIES BOARD
FREDERICK CHANG, NAE,1 Southern Methodist University, Co-Chair
ROBERT C. DYNES, NAS,2 University of California, San Diego, Co-Chair
JULIE BRILL, Microsoft Corporation
ROBERT A. BRODOWSKI, MITRE Corporation
TOMÁS DÍAZ DE LA RUBIA, Purdue University Discovery Park
ROBERT FEIN, McLean Hospital/Harvard Medical School
MIRIAM JOHN, Independent Consultant
ANITA JONES, NAE, University of Virginia
ROBERT H. LATIFF, R. Latiff Associates
RICHARD H. LEDGETT, JR., Institute for Defense Analyses
MARK LOWENTHAL, Johns Hopkins University
MICHAEL MARLETTA, NAS/NAM,3 University of California, Berkeley
L. ROGER MASON, JR., Peraton
JASON MATHENY, Georgetown University
CARMEN L. MIDDLETON, Consultant
ELIZABETH RINDSKOPF PARKER, State Bar of California (retired)
WILLIAM H. PRESS, NAS, University of Texas, Austin
DAVID A. RELMAN, NAM, Stanford University
SAMUEL VISNER, MITRE Corporation
Staff
ALAN SHAW, Director
CARYN LESLIE, Senior Program Officer
CHRIS JONES, Financial Manager
MARGUERITE SCHNEIDER, Administrative Coordinator
DIONNA ALI, Research Associate
NATHANIEL DEBEVOISE, Senior Program Assistant
___________________
1 Member, National Academy of Engineering.
2 Member, National Academy of Sciences.
3 Member, National Academy of Medicine.
BOARD ON MATHEMATICAL SCIENCES AND ANALYTICS
MARK L. GREEN, University of California, Los Angeles, Chair
JOHN R. BIRGE, NAE,1 University of Chicago
HÉLÈNE BARCELO, Mathematical Sciences Research Institute
RUSSEL E. CAFLISCH, NAS,2 New York University
W. PETER CHERRY, NAE, Independent Consultant
DAVID S.C. CHU, Institute for Defense Analyses
RONALD R. COIFMAN, NAS, Yale University
JAMES (JIM) H. CURRY, University of Colorado, Boulder
SHAWNDRA HILL, Microsoft Research
LYDIA KAVRAKI, NAM,3 Rice University
TAMARA KOLDA, Sandia National Laboratories
RACHEL KUSKE, Georgia Institute of Technology
JOSEPH A. LANGSAM, University of Maryland, College Park
DAVID MAIER, Portland State University
LOIS CURFMAN MCINNES, Argonne National Laboratory
JILL PIPHER, Brown University
ELIZABETH A. THOMPSON, NAS, University of Washington
CLAIRE TOMLIN, NAE, University of California, Berkeley
LANCE WALLER, Emory University
KAREN E. WILLCOX, University of Texas, Austin
DAVID YAO, NAE, Columbia University
Staff
MICHELLE K. SCHWALBE, Director
TYLER KLOEFKORN, Program Officer
LINDA CASOLA, Associate Program Officer
ADRIANNA HARGROVE, Financial Manager
SELAM ARAIA, Program Assistant
___________________
1 Member, National Academy of Engineering.
2 Member, National Academy of Sciences.
3 Member, National Academy of Medicine.
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD
FARNAM JAHANIAN, Carnegie Mellon University, Chair
LUIZ ANDRÉ BARROSO, Google, Inc.
STEVEN M. BELLOVIN, NAE,1 Columbia University
ROBERT F. BRAMMER, Brammer Technology, LLC
DAVID CULLER, NAE, University of California, Berkeley
EDWARD FRANK, NAE, Cloud Parity, Inc.
LAURA HAAS, NAE, University of Massachusetts, Amherst
MARK HOROWITZ, NAE, Stanford University
ERIC HORVITZ, NAE, Microsoft Corporation
VIJAY KUMAR, NAE, University of Pennsylvania
BETH MYNATT, Georgia Institute of Technology
CRAIG PARTRIDGE, Colorado State University
DANIELA RUS, NAE, Massachusetts Institute of Technology
FRED B. SCHNEIDER, NAE, Cornell University
MARGO SELTZER, University of British Columbia
MOSHE VARDI, NAS2/NAE, Rice University
Staff
JON EISENBERG, Senior Director
LYNETTE I. MILLETT, Director, Forum on Cyber Resilience
RENEE HAWKINS, Financial and Administrative Manager
SHENAE BRADLEY, Administrative Assistant
KATIRIA ORTIZ, Associate Program Officer
___________________
1 Member, National Academy of Engineering.
2 Member, National Academy of Sciences.
Acknowledgments
This Proceedings of a Workshop was reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise. The purpose of this independent review is to provide candid and critical comments that will assist the National Academies of Sciences, Engineering, and Medicine in making each published proceedings as sound as possible and to ensure that it meets the institutional standards for quality, objectivity, evidence, and responsiveness to the charge. The review comments and draft manuscript remain confidential to protect the integrity of the process.
We thank the following individuals for their review of this proceedings:
Terrance Boult, University of Colorado, Colorado Springs,
Dianne Chong, NAE,1 Boeing Research and Technology (retired),
Anita Jones, NAE,2 University of Virginia, and
Yunyao Li, IBM Corporation.
Although the reviewers listed above provided many constructive comments and suggestions, they were not asked to endorse the content of the proceedings nor did they see the final draft before its release. The review of this proceedings was overseen by Ellen W. Clayton, NAM,3 Vanderbilt University Medical Center. She was responsible for making certain that an independent examination of this proceedings was carried out in accordance with standards of the National Academies and that all review comments were carefully considered. We also wish to thank Michelle Schwalbe, National Academies, for her guidance in the drafting of this manuscript. Responsibility for the final content rests entirely with the rapporteurs and the National Academies.
___________________
1 Member, National Academy of Engineering.
2 Member, National Academy of Engineering.
3 Member, National Academy of Medicine.
This page intentionally left blank.
Contents
Sponsor Remarks and Expectations of the Workshop
On Computational Thinking, Inferential Thinking, and Data Science
Machine Learning on Perception: Hype vs. Hope
4 DETECTION AND MITIGATION OF ADVERSARIAL ATTACKS AND ANOMALIES
Using AI for Security and Securing AI
Circumventing Defenses to Adversarial Examples
5 ENABLERS OF MACHINE LEARNING ALGORITHMS AND SYSTEMS
Impact of Neuroscience on Data Science for Perception
6 RECENT TRENDS IN MACHINE LEARNING, PARTS 1 AND 2
On Open Set and Adversarial Issues in Machine Learning
Generative Adversarial Networks (GANs) for Domain Adaptation and Security Against Attacks
Recent Advances in Optimization for Machine Learning
Forecasting Using Machine Learning
Toward Trustworthy Machine Learning