Phd Position F/m Data Injection Attacks in - Sophia Antipolis, France - Inria

Inria
Inria
Entreprise vérifiée
Sophia Antipolis, France

il y a 3 semaines

Sophie Dupont

Posté par:

Sophie Dupont

beBee Recruiter
Description
Le descriptif de l'offre ci-dessous est en Anglais_


Type de contrat :

CDD

Niveau de diplôme exigé :
Bac + 5 ou équivalent


Fonction :
Doctorant


A propos du centre ou de la direction fonctionnelle:
The Inria Université Côte d'Azur center counts 37 research teams as well as 8 support services. The center's staff (about 500 people) is made up of scientists of different nationalities, engineers, technicians and administrative staff.

The majority of the center's research teams are located in Sophia Antipolis and five of them are based in an Inria antenna in Montpellier.

The Inria branch in Montpellier is growing in size, in accordance with the strategy described in the institution's Contract of Objectives and Performance (COP).


Contexte et atouts du poste:


Mission confiée:


Recently, we have introduced the notion of worst-case data-generating (WCDG) probability measure [1, 2], which has been a key instrument to the study of generalization capabilities of machine learning algorithms [3].

We have come to the conclusion that this work has set a fruitful mathematical theory that has already let to important results:
(i) An analytical characterization of the generalization error of machine learning algorithms; and (ii) The identification of the Gibbs algorithm as an instrument for the characterization of the generalization capabilities of any machine learning algorithm. The advantages of pairing any algorithm with a particular Gibbs algorithm is that, the latter is well understood and known to have mathematical properties that ease the analysis of generalization [4, 5, 6, 7, 8, 9].

The WCDG probability measure also models data-injection attacks to machine learning systems that are the most difficult to detect.

Essentially, the WCDG probability measure describes the probability distribution of datasets after a malicious modification aiming at tampering with the model selection.

Such a malicious intervention on the datasets is said to be difficult to detect because the WCDG probability measure is sufficiently close to the original distributions of the datasets.

Interestingly, how close the WCDG probability measure is to the original measure is quantified via relative entropy (or Kullback-Leibler divergence) via a parameter, which remains part of the design.


REFERENCES
[1] X. Zou, S. M. Perlaza, I. Esnaola, and E. Altman, "Generalization analysis of machine learning algorithms via the worst-case data-generating probability measure," in Proceedings of the AAAI Conference on Artificial Intelligence, Vancouver, Canada, Feb. 2024.

[2] ——, "The worst-case data-generating probability measure," INRIA, Centre Inria d'Universit ́e Cˆote d'Azur, Sophia Antipolis, France, Tech. Rep. RR-9515, Aug. 2023.

[3] X. Zou, S. M. Perlaza, I. Esnaola, E. Altman, and H. V. Poor, "An exact characterization of the generalization error of machine learning algorithms," INRIA, Centre Inria d'Universit ́e Cˆote d'Azur, Sophia Antipolis, France, Tech. Rep. RR-9539, Jan. 2024.

[4] S. M. Perlaza, G. Bisson, I. Esnaola, A. Jean-Marie, and S.

Rini, "Empirical risk minimization with relative entropy regularization:
Optimality and sensitivity," in Proceedings of the IEEE International Symposium on Information Theory (ISIT), Espoo, Finland, Jul. 2022, pp

[5] F. Daunas, I. Esnaola, S. M. Perlaza, and H. V. Poor, "Analysis of the relative entropy asymmetry in the regularization of empirical risk minimization," in Proceedings of the IEEE International Symposium on Information Theory (ISIT), Taipei, Taiwan, Jun. 2023.

[6] S. M. Perlaza, I. Esnaola, G. Bisson, and H. V.

Poor, "On the validation of Gibbs algorithms:

Training datasets, test datasets and their aggregation," in Proceedings of the IEEE International Symposium on Information Theory (ISIT), Taipei, Taiwan, Jun.

2023.

[7] S. M. Perlaza, G. Bisson, I. Esnaola, A. Jean-Marie, and S. Rini, "Empirical risk minimization with generalized relative entropy regularization," INRIA, Centre Inria d'Universit ́e Cˆote d'Azur, Sophia Antipolis, France, Tech. Rep. RR-9454, Feb. 2022.

[8] F. Daunas, I. Esnaola, S. M. Perlaza, and H. V. Poor, "Empirical risk minimization with relative entropy regularization type-II," INRIA, Centre Inria d'Universit ́e Cˆote d'Azur, Sophia Antipolis, France, Tech. Rep. RR-9508, May. 2023.

[9] ——, "Empirical risk minimization with f-divergence regularization in statistical learning," INRIA, Centre Inria d'Universit ́e Cˆote d'Azur, Sophia Antipolis, France, Tech. Rep. RR-9521, Oct. 2023.


Principales activités:

The objectives of this thesis are the following.

  • To characterize the fundamental tradeoff between generalization error and detection probability that governs datainjection attacks onto supervised machine learning systems;
  • To identify algorithm design guidelines that increase the robustness of machine learning algorithms to datainjection attack
Plus d'emplois de Inria
Voir tous les emplois de Inria