Title: AI-infused Security: Robust Defense by Bridging Theory and Practice

Shang-Tse Chen

Computer Science PhD Student

School of Computational Science and Engineering

College of Computing

Georgia Institute of Technology

https://www.cc.gatech.edu/~schen351

Date: Friday, August 19th, 2019

Time: 1:00pm to 3:00pm (EDT)

Location: Coda 114

Committee:

----------------

Dr. Polo Chau (Advisor, School of Computational Science and Engineering, Georgia Institute of Technology)

Dr. Maria-Florina Balcan (Co-advisor, School of Computer Science, Carnegie Mellon University)

Dr. Wenke Lee (School of Computer Science, Georgia Institute of Technology)

Dr. Le Song (School of Computational Science and Engineering, Georgia Institute of Technology)

Dr. Kevin A. Roundy (Symantec Research Labs)

Dr. Cory Cornelius (Intel Labs)

Abstract:

----------------

While Artificial Intelligence (AI) has tremendous potential as a defense against real-world cybersecurity threats, understanding the capabilities and robustness of AI remains a fundamental challenge, especially in adversarial environments. Our work tackles problems that are essential to successful deployment of AI in security settings. This dissertation is comprised of three interrelated research thrusts, in which we uniquely combine techniques from AI, cybersecurity, and algorithmic game theory.

(1) Theoretically-Principled Defense via Game Theory and ML: We develop new theories that guide defense resources allocation to guard against unexpected attacks and catastrophic events, using a novel online decision-making framework that compels players to employ ``diversified'' mixed strategies. Furthermore, by leveraging the deep connection between game theory and boosting, we develop a communication-efficient distributed boosting algorithm with strong theoretical guarantees in the agnostic learning setting where the data can contain arbitrary noise.

(2) Adversarial Attack and Defense of Deep Neural Networks: We discover vulnerabilities of deep neural networks in real-world and the countermeasures to mitigate the threat. We develop ShapeShifter, the first targeted physical adversarial attack that fools state-of-the-art object detectors. We also develop practical defenses including SHIELD, an efficient defense leveraging stochastic image compression, and UnMask, a knowledge-based adversarial detection and defense framework.

(3) Enterprise Cyber Threat Detection: We show how AI can be used in real enterprise environment by designing a novel and patented framework called Virtual Product to predict potential enterprise cyber threats from telemetry data.                  

Our work has made multiple important contributions in both theory and practice: our distributed boosting algorithm solves an open problem of distributed learning; ShaperShifter motivates a new DARPA program (GARD); Virtual Product leads to two patents.