CIT Summer Series – Nael Abu-Ghazaleh – Security challenges and opportunities at the Intersection of Architecture and ML/AI

Virtual: https://events.vtools.ieee.org/m/364001

This is a weekly session of the CIT Summer Series, with Nael Abu-Ghazaleh presenting Security challenges and opportunities at the Intersection of Architecture and ML/AI : Machine learning is an increasingly important computational workload as data-driven deep learning models are becoming increasingly important in a wide range of application spaces. Computer systems, from the architecture up, have been impacted by ML in two primary directions: (1) ML is an increasingly important computing workload, with new accelerators and systems targeted to support both training and inference at scale; and (2) ML supporting architecture decisions, with new machine learning based algorithms controlling systems to optimize their performance, reliability and robustness. In this talk, I will explore the intersection of security, ML and architecture, identifying both security challenges and opportunities. Machine learning systems are vulnerable to new attacks including adversarial attacks crafted to fool a classifier to the attacker’s advantage, membership inference attacks attempting to compromise the privacy of the training data, and model extraction attacks seeking to recover the hyperparameters of a (secret) model. Architecture can be a target of these attacks when supporting ML, but also provides an opportunity to develop defenses against them, which I will illustrate with three examples from our recent work. First, I show how ML based hardware malware detectors can be attacked with adversarial perturbations to the Malware and how we can develop detectors that resist these attacks. Second, I will also show an example of a microarchitectural side channel attacks that can be used to extract the secret parameters of a neural network and potential defenses against it. Finally, I will also discuss how architecture can be used to make ML more robust against adversarial and membership inference attacks using the idea of approximate computing. I will conclude with describing some other potential open problems. Speaker(s): Nael Abu-Ghazaleh, Virtual: https://events.vtools.ieee.org/m/364001