{"607546":{"#nid":"607546","#data":{"type":"news","title":"CSE Researchers Assess Adversarial Attacks on Networks","body":[{"value":"\u003Cp\u003EDeep learning models, a form of machine learning (ML), are used in decision making for many daily tasks, such as fraud detection,\u0026nbsp;\u003Ca href=\u0022https:\/\/www.cse.gatech.edu\/news\/603063\/deep-learning-can-now-help-prevent-heart-failure\u0022\u003Ediagnosing early signs of heart failure\u003C\/a\u003E, and identifying road signs for self-driving cars.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EHowever, due to deep learning models\u0026rsquo; predictive nature, they are vulnerable to attack. Adversaries could successfully trick a\u0026nbsp;model by modifying the combinatorial structure of the data it receives from graph-structures, otherwise known as networks.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EA team of\u0026nbsp;researchers from Georgia Tech, Ant Financial, and Tsinghua University\u0026nbsp;\u003Ca href=\u0022https:\/\/arxiv.org\/pdf\/1806.02371.pdf\u0022\u003Eaims to identify how deep learning over networks could be manipulated by such adversarial attacks. \u003C\/a\u003EThey focus on\u0026nbsp;graph neural network (GNN) models, which are particularly at risk for fraudulent activity.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe premise of any adversarial problem: Learn how a model could be attacked by attacking first, and fix the flaws that were found along the way to reinforce the system.\u0026nbsp;\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;What we studied in this paper is an adversarial problem: Given an effective deep learning method over graphs, can we modify the network in an inevitable way, such that the deep learning method fails in this case?\u0026rdquo; said School of Computational Science and Engineering (CSE) Ph.D. student\u0026nbsp;\u003Cstrong\u003EHanjun Dai.\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIn the case of deep learning on graph structures, the need for reinforced buttresses against any potential attacks is critical as the uses are prevalent and wide spread.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u0026ldquo;What we show is that we can change the transaction network a little bit, which changes the act of the machine,\u0026rdquo;\u0026nbsp;CSE Associate Professor and Associate Director of the Machine Learning Center at Georgia Tech\u0026nbsp;\u003Cstrong\u003ELe Song\u0026nbsp;\u003C\/strong\u003Esaid. \u0026ldquo;For example, in the case of financial applications, I could transfer some money somewhere else, which changes the ML model to make the wrong prediction.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDeep learning models are particularly vulnerable to this type of adversarial manipulation \u0026ndash;\u0026nbsp;\u003Ca href=\u0022https:\/\/www.cc.gatech.edu\/news\/606678\/georgia-tech-teams-intel-protect-artificial-intelligence-malicious-attacks-using-shield\u0022\u003Ean issue that is currently being addressed across fields and methods for various applications like image recognition.\u003C\/a\u003E\u0026nbsp;But, according to Dai and Song, until now, little attention has been paid to these models\u0026#39; interpretability, or the mechanisms by which they make their decisions,\u0026nbsp;making it risky for some financial or security-related applications.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EAccording to Dai, \u0026ldquo;This study is highly related to the robustness and reliability of the deep learning method, and we are the first to study such problem over combinatorial structures, such as networks.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;I think the networks express rich combinatorial knowledge information about the world,\u0026rdquo;\u0026nbsp;Dai said. \u0026ldquo;For example, social networks express the knowledge about user relationships; knowledge graphs tell the logic concepts over entities. On the other hand, deep learning learns the knowledge in a continuous but\u0026nbsp;opaque way. How to combine the clean, hard rules from networks with the black-box deep learning is the future of this direction of research.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EDai and Song are set to present the findings of this paper, along with five other research papers from Song\u0026rsquo;s research teams, at the\u0026nbsp;\u003C\/strong\u003E\u003Cstrong\u003E\u003Ca href=\u0022https:\/\/icml.cc\/\u0022\u003EInternational Conference on\u0026nbsp;Machine Learning\u003C\/a\u003E\u0026nbsp;\u003C\/strong\u003E\u003Cstrong\u003E(ICML) 2018:\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/arxiv.org\/abs\/1802.07814\u0022\u003E\u003Cstrong\u003E\u003Cem\u003ELearning to Explain: An Information-Theoretic Perspective on Model Interpretation\u003C\/em\u003E\u003C\/strong\u003E\u003C\/a\u003E\u003Cbr \/\u003E\r\n\u003Ca href=\u0022https:\/\/arxiv.org\/abs\/1802.07814\u0022\u003E\u003Cem\u003EJianbo Chen (University of California, Berkeley) \u0026middot; Le Song (Georgia Institute of Technology) \u0026middot; Martin Wainwright (University of California at Berkeley) \u0026middot; Michael Jordan (UC Berkeley)\u003C\/em\u003E\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003E\u003Cem\u003E\u003Ca href=\u0022https:\/\/arxiv.org\/pdf\/1806.02371.pdf\u0022\u003EAdversarial Attack on Graph Structured Data\u003Cbr \/\u003E\r\nHanjun Dai (Georgia Tech) \u0026middot; Hui Li (Ant Financial Services Group) \u0026middot; Tian Tian () \u0026middot; Xin Huang (Ant Financial) \u0026middot; Lin Wang () \u0026middot; Jun Zhu (Tsinghua University) \u0026middot; Le Song (Georgia Institute of Technology)\u003C\/a\u003E\u003C\/em\u003E\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/arxiv.org\/abs\/1710.07742\u0022\u003E\u003Cstrong\u003E\u003Cem\u003ETowards Black-box Iterative Machine Teaching\u003C\/em\u003E\u003C\/strong\u003E\u003C\/a\u003E\u003Cbr \/\u003E\r\n\u003Ca href=\u0022https:\/\/arxiv.org\/abs\/1710.07742\u0022\u003E\u003Cem\u003EWeiyang Liu (Georgia Tech) \u0026middot; Bo Dai (Georgia Institute of Technology) \u0026middot; Xingguo Li (University of Minnesota) \u0026middot; Zhen Liu (Georgia Tech) \u0026middot; James Rehg (Georgia Tech) \u0026middot; Le Song (Georgia Institute of Technology)\u003C\/em\u003E\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/www.cc.gatech.edu\/~hdai8\/pdf\/equilibrium_embedding.pdf\u0022\u003E\u003Cstrong\u003E\u003Cem\u003ELearning Steady-States of Iterative Algorithms over Graphs\u003C\/em\u003E\u003C\/strong\u003E\u003Cbr \/\u003E\r\n\u003Cem\u003EHanjun Dai (Georgia Tech) \u0026middot; Zornitsa Kozareva (Amazon) \u0026middot; Bo Dai (Georgia Institute of Technology) \u0026middot; Alex Smola (Amazon) \u0026middot; Le Song (Georgia Institute of Technology)\u003C\/em\u003E\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/arxiv.org\/pdf\/1710.10568.pdf\u0022\u003E\u003Cstrong\u003E\u003Cem\u003EStochastic Training of Graph Convolutional Networks\u003C\/em\u003E\u003C\/strong\u003E\u003C\/a\u003E\u003Cbr \/\u003E\r\n\u003Ca href=\u0022https:\/\/arxiv.org\/pdf\/1710.10568.pdf\u0022\u003E\u003Cem\u003EJianfei Chen (Tsinghua University) \u0026middot; Jun Zhu (Tsinghua University) \u0026middot; Le Song (Georgia Institute of Technology)\u003C\/em\u003E\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003E\u003Cem\u003E\u003Ca href=\u0022https:\/\/arxiv.org\/abs\/1712.10285\u0022\u003ESBEED: Convergent Reinforcement Learning with Nonlinear Function Approximation\u003C\/a\u003E\u003C\/em\u003E\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cem\u003E\u003Ca href=\u0022https:\/\/arxiv.org\/abs\/1712.10285\u0022\u003EBo Dai (Georgia Institute of Technology) \u0026middot; Albert Shaw (Georgia Tech) \u0026middot; Lihong Li (Google Inc.) \u0026middot; Lin Xiao (Microsoft Research) \u0026middot; Niao He (UIUC) \u0026middot; Zhen Liu (Georgia Tech) \u0026middot; Jianshu Chen (Microsoft Research) \u0026middot; Le Song (Georgia Institute of Technology)\u003C\/a\u003E\u003C\/em\u003E\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Researchers from CSE lead initiative to assess the mechanisms by which adversarial attacks on graph structured data harm machine learning models and how to thwart them."}],"uid":"34540","created_gmt":"2018-07-06 13:40:18","changed_gmt":"2018-07-06 20:07:54","author":"Kristen Perez","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2018-07-06T00:00:00-04:00","iso_date":"2018-07-06T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"607545":{"id":"607545","type":"image","title":"Understanding Adversarial Attack on Graph Structured Data Graph","body":null,"created":"1530883450","gmt_created":"2018-07-06 13:24:10","changed":"1530883450","gmt_changed":"2018-07-06 13:24:10","alt":"","file":{"fid":"231749","name":"dqn_diagram.jpg","image_path":"\/sites\/default\/files\/images\/dqn_diagram.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/dqn_diagram.jpg","mime":"image\/jpeg","size":113486,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/dqn_diagram.jpg?itok=wAQCX6LN"}}},"media_ids":["607545"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"50877","name":"School of Computational Science and Engineering"}],"categories":[],"keywords":[],"core_research_areas":[{"id":"145171","name":"Cybersecurity"},{"id":"39431","name":"Data Engineering and Science"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003E\u003Cstrong\u003EKristen Perez\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003ECommunications Officer I\u003C\/p\u003E\r\n\r\n\u003Cp\u003ECollege of Computing - School of Computational Science and Engineering\u003C\/p\u003E\r\n","format":"limited_html"}],"email":["kristen.perez@cc.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}