Beyond Images: Robustifying Representation Learning against Trojaning Attacks
Open Access
- Author:
- Xi, Zhaohan
- Graduate Program:
- Informatics (PHD)
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- February 15, 2024
- Committee Members:
- Dongwon Lee, Professor in Charge/Director of Graduate Studies
Minghui Zhu, Outside Unit & Field Member
Fenglong Ma, Major Field Member
Ting Wang, Chair & Dissertation Advisor
Jinghui Chen, Major Field Member - Keywords:
- Representation Learning
Graph Learning
Natural Language Processing
Machine Learning Security - Abstract:
- Representation learning offers new opportunities to enhance learning adaptiveness by abstracting real-world objects into latent formats. In addition to images, representation learning is widely adopted across various domains such as graphs and texts. Despite the considerable efforts dedicated to representation learning, recent research also explores the potential vulnerabilities associated with it. However, many prior studies primarily focus on identifying security risks by extrapolating attacks from visual domains (i.e., images) without adequately considering the new opportunities arising from different data structures and learning mechanisms. Furthermore, existing attacks often overlook the rationale behind perturbation, as corresponding attacks in original domains may not be transferable or legitimate. To address these concerns, we outline three objectives in this work: (1) understanding the new challenges and opportunities of attacks against representation learning systems, (2) demonstrating practical attacks to illustrate their impacts, and (3) proposing robustification strategies as potential solutions to enhance the trustworthiness of representation learning development. Specifically, we concentrate on three representation learning models: Graph Neural Networks (GNNs), Knowledge Representation Learning (KRL), and Language Models (LMs). For each model, we first synthesize existing security attacks and then introduce a new attack vector — the trojaning attack — with realistic illustrations. Furthermore, we explore defensive solutions against these security risks. Our work sheds light on the uniqueness of novel attack vectors and promotes technical advancements to address underlying security risks in practical representation learning scenarios.