Workshop Description

The RAISA3 workshop will focus on the robustness of AI systems against adversarial attacks. While most research efforts in adversarial AI investigate attacks and defenses with respect to particular machine learning algorithms, our approach will be to explore the impact of adversarial AI at the system architecture level. In this workshop we will discuss threat-borne adversarial AI attacks that can impact an AI system at each of various processing stages, including: at the input stage of sensors and sources, at the data conditioning stage, during training and application of machine learning algorithms, at the human-machine teaming stage, and during application within the mission context. We will additionally discuss attacks against the supporting computing technologies.

The RAISA3 workshop is a one full day event and will include invited keynote speakers working in the research area, as well as a number of relevant presentations selected through a Call for Participation.

In general, adversarial AI attacks against AI systems take three forms: 1) data poisoning attacks inject incorrectly or maliciously labeled data points into training sets so that the algorithm learns the wrong mapping, 2) evasion attacks perturb correctly classified input samples just enough to cause errors in runtime classification, and 3) inversion attacks repeatedly test trained algorithms with edge-case inputs in order to reveal the previously hidden decision boundaries and training data. Protection against adversarial learning attacks include techniques which cleanse training sets of outliers in order to thwart data poisoning attempts, and methods which sacrifice up-front algorithm performance in order to be robust to evasion attacks. As AI capabilities become incorporated into facets of everyday life, the need to understand adversarial attacks and effects and relevant mitigation approaches for AI systems become of paramount importance.

Central to this methodology is the notion of threat modeling, which will support relevant discourse with respect to potential attacks and mitigations.

The workshop format is structured to encourage a lively exchange of ideas among researchers in AI working on developing techniques to mitigate adversarial attacks on end-to-end AI systems.