Combining Machine Learning Defenses without Conflicts
Vasisht Duddu, Rui Zhang, N. Asokan
TL;DR
This paper introduces Def extbackslash Con, a principled and scalable technique to identify effective combinations of machine learning defenses that avoids conflicts and maintains high effectiveness, saving time and resources.
Contribution
The paper presents Def extbackslash Con, a novel, accurate, scalable, non-invasive, and general method for evaluating the effectiveness of combined ML defenses.
Findings
Achieves 90% accuracy on known defense combinations.
Achieves 81% accuracy on new, unexplored combinations.
Demonstrates effectiveness across multiple defense types.
Abstract
Machine learning (ML) defenses protect against various risks to security, privacy, and fairness. Real-life models need simultaneous protection against multiple different risks which necessitates combining multiple defenses. But combining defenses with conflicting interactions in an ML model can be ineffective, incurring a significant drop in the effectiveness of one or more defenses being combined. Practitioners need a way to determine if a given combination can be effective. Experimentally identifying effective combinations can be time-consuming and expensive, particularly when multiple defenses need to be combined. We need an inexpensive, easy-to-use combination technique to identify effective combinations. Ideally, a combination technique should be (a) accurate (correctly identifies whether a combination is effective or not), (b) scalable (allows combining multiple defenses), (c)…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Malware Detection Techniques