Analyzing Failure Modes of Inscrutable Machine Learning Models

171440-Thumbnail Image.png
Description
Machine learning models and in specific, neural networks, are well known for being inscrutable in nature. From image classification tasks and generative techniques for data augmentation, to general purpose natural language models, neural networks are currently the algorithm of preference

Machine learning models and in specific, neural networks, are well known for being inscrutable in nature. From image classification tasks and generative techniques for data augmentation, to general purpose natural language models, neural networks are currently the algorithm of preference that is riding the top of the current artificial intelligence (AI) wave, having experienced the greatest boost in popularity above any other machine learning solution. However, due to their inscrutable design based on the optimization of millions of parameters, it is ever so complex to understand how their decision is influenced nor why (and when) they fail. While some works aim at explaining neural network decisions or making systems to be inherently interpretable the great majority of state of the art machine learning works prioritize performance over interpretability effectively becoming black boxes. Hence, there is still uncertainty in the decision boundaries of these already deployed solutions whose predictions should still be analyzed and taken with care. This becomes even more important when these models are used on sensitive scenarios such as medicine, criminal justice, settings with native inherent social biases or where egregious mispredictions can negatively impact the system or human trust down the line. Thus, the aim of this work is to provide a comprehensive analysis on the failure modes of the state of the art neural networks from three domains: large image classifiers and their misclassifications, generative adversarial networks when used for data augmentation and transformer networks applied to structured representations and reasoning about actions and change.
Date Created
2022
Agent

A Study of Explainable Decision Support for Longitudinal Sequential Decision Making

161714-Thumbnail Image.png
Description
Decision support systems aid the human-in-the-loop by enhancing the quality of decisions and the ease of making them in complex decision-making scenarios. In the recent years, such systems have been empowered with automated techniques for sequential decision making or planning

Decision support systems aid the human-in-the-loop by enhancing the quality of decisions and the ease of making them in complex decision-making scenarios. In the recent years, such systems have been empowered with automated techniques for sequential decision making or planning tasks to effectively assist and cooperate with the human-in-the-loop. This has received significant recognition in the planning as well as human computer interaction communities as such systems connect the key elements of automated planning in decision support to principles of naturalistic decision making in the HCI community. A decision support system, in addition to providing planning support, must be able to provide intuitive explanations based on specific user queries for proposed decisions to its end users. Using this as motivation, I consider scenarios where the user questions the system's suggestion by providing alternatives (referred to as foils). In response, I empower existing decision support technologies to engage in an interactive explanatory dialogue with the user and provide contrastive explanations based on user-specified foils to reach a consensus on proposed decisions. Furthermore, the foils specified by the user can be indicative of the latent preferences of the user. I use this interpretation to equip existing decision support technologies with three different interaction strategies that utilize the foil to provide revised plan suggestions. Finally, as part of my Master's thesis, I present RADAR-X, an extension of RADAR, a proactive decision support system, that showcases the above mentioned capabilities. Further, I present a user-study evaluation that emphasizes the need for contrastive explanations and a computational evaluation of the mentioned interaction strategies.
Date Created
2021
Agent

The What, When, and How of Strategic Movement in Adversarial Settings: A Syncretic View of AI and Security

158720-Thumbnail Image.png
Description
The field of cyber-defenses has played catch-up in the cat-and-mouse game of finding vulnerabilities followed by the invention of patches to defend against them. With the complexity and scale of modern-day software, it is difficult to ensure that all known

The field of cyber-defenses has played catch-up in the cat-and-mouse game of finding vulnerabilities followed by the invention of patches to defend against them. With the complexity and scale of modern-day software, it is difficult to ensure that all known vulnerabilities are patched; moreover, the attacker, with reconnaissance on their side, will eventually discover and leverage them. To take away the attacker's inherent advantage of reconnaissance, researchers have proposed the notion of proactive defenses such as Moving Target Defense (MTD) in cyber-security. In this thesis, I make three key contributions that help to improve the effectiveness of MTD.

First, I argue that naive movement strategies for MTD systems, designed based on intuition, are detrimental to both security and performance. To answer the question of how to move, I (1) model MTD as a leader-follower game and formally characterize the notion of optimal movement strategies, (2) leverage expert-curated public data and formal representation methods used in cyber-security to obtain parameters of the game, and (3) propose optimization methods to infer strategies at Strong Stackelberg Equilibrium, addressing issues pertaining to scalability and switching costs. Second, when one cannot readily obtain the parameters of the game-theoretic model but can interact with a system, I propose a novel multi-agent reinforcement learning approach that finds the optimal movement strategy. Third, I investigate the novel use of MTD in three domains-- cyber-deception, machine learning, and critical infrastructure networks. I show that the question of what to move poses non-trivial challenges in these domains. To address them, I propose methods for patch-set selection in the deployment of honey-patches, characterize the notion of differential immunity in deep neural networks, and develop optimization problems that guarantee differential immunity for dynamic sensor placement in power-networks.
Date Created
2020
Agent