ABSTRACT: Despite fruitful progress of evasion attacks on continuous data, such as images and videos, how to design adversarial examples for discrete data remains a rarely investigated, but important research problem. Our work echoes the challenges by proposing the attackability measurement of white-box evasion attacks against non-linear classifiers, such as deep neural nets, on discrete data with submodularity theory. Furthermore, we propose an efficient, yet provably powerful heuristic search method for evasion attacks with discrete input.

报告摘要：尽管对图像、视频等连续数据的规避攻击取得了丰硕的进展，但如何设计针对离散数据的对抗性攻击仍然是一个鲜有研究但却十分重要的研究课题。我们的工作对于这一挑战，利用submodularity理论提出了针对非线性分类器（如深度神经网络）的白盒规避攻击的抗攻击性度量方法。此外，我们提出了一个有效的，但可证明强大的启发式搜索方法，以规避离散输入攻击。

BIOGRAPHY: Dr. Yufei Han has received his Ph.D of Engineering at National Laboratory of Pattern Recognition, CASIA, China (2010). He is now a senior research scientist at INRIA France since 2021. Before that, Yufei worked as post-doctoral research fellow at INRIA (2010-2014)  Saclay and senior principal researcher at Symantec Research Labs (2015-2021) at Sophia Antipolis, France. His research interests include robust machine learning with imperfect security data, analysis of adversarial vulnerability of machine learning approaches and privacy-preserving distributed machine learning. He has served as PC and SPC for numerous conferences, including ICML, ICLR, NeurIPS, IJCAI and AAAI, and reviewers for prestigious journals, such as IEEE TDSC and IEEE TNNLS. He has authored over 50 research publications on top-tiered machine learning and cyber security conferences. He has also filed 27 US patents, 12 of which have been already granted.

报告人介绍：韩宇飞博士于2010年在中国科学院模式识别国家重点实验室获得工学博士学位。自2021年起，他担任法国国家信息与自动化研究所的高级研究员。在此之前，韩博士在法国国家信息与自动化研究所（法兰西岛地区，2010-2014）担任博士后研究员，并在法国索菲亚科技园区的Symantec研究实验室（2015-2021）担任首席高级研究员。他的研究兴趣包括具有不安全数据的鲁棒机器学习、机器学习方法的对抗性脆弱性分析和保护隐私的分布式机器学习。他曾担任多个会议的PC和SPC，包括ICML、ICLR、NeurIPS、IJCAI和AAAI，以及著名期刊的审稿人，如IEEE TDSC和IEEE TNNLS。他在顶级机器学习和网络安全会议上撰写了50多篇研究论文。他还申请了27项美国专利，其中12项已经获得批准。