На 22 август 2023 г. (вторник) от 16:00 часа в зала 503 на ИМИ-БАН
ще се проведе заседание на семинара на секция
„Математически основи на информатиката”.

Доклад на тема:

Data Attribution: Scaling up and Applications to Defending Against Backdoor Attacks

Абстракт. The goal of data attribution is to trace model predictions back to training data. Despite a long line of work towards this goal, existing approaches to data attribution tend to force users to choose between computational tractability and efficacy. That is, computationally tractable methods can struggle with accurately attributing model predictions in non-convex settings (e.g., in the context of deep neural networks), while methods that are effective in such regimes require training thousands of models, which makes them impractical for large models or datasets.

In this talk, I will first introduce TRAK (Tracing with the Randomly-projected After Kernel), a data attribution method that is both effective and computationally tractable for large-scale, differentiable models. Next, I will showcase how to leverage data attribution methods for building defenses against backdoor attacks. In a backdoor attack, an adversary inserts maliciously constructed backdoor examples into a training set to make the resulting model vulnerable to manipulation. I will show that without structural information about the training data distribution, backdoor attacks are indistinguishable from naturally-occurring features in the data–and thus impossible to “detect” in a general sense. With this insight in mind, I will describe how we use TRAK (and other data attribution methods) towards finding features corresponding to the “backdoored” samples.