Developing Robust Models, Algorithms, Databases and Tools With Applications to Cybersecurity and Healthcare

As society and technology becomes increasingly interconnected, so does the threat landscape. Once isolated threats now pose serious concerns to highly interdependent systems, highlighting the fundamental need for robust machine learning. This dissertation contributes novel tools, algorithms, databases, and models—through the lens of robust machine learning—in a research effort to solve large-scale societal problems affecting millions of people in the areas of cybersecurity and healthcare. (1) Tools: We develop TIGER, the first comprehensive graph robustness toolbox; and our ROBUSTNESS SURVEY identifies critical yet missing areas of graph robustness research. (2) Algorithms: Our survey and toolbox reveal existing work has overlooked lateral attacks on computer authentication networks. We develop D2M, the first algorithmic framework to quantify and mitigate network vulnerability to lateral attacks by modeling lateral attack movement from a graph theoretic perspective. (3) Databases: To prevent lateral attacks altogether, we develop MALNET-GRAPH, the world’s largest cybersecurity graph database—containing over 1.2M graphs across 696 classes—and show the first large-scale results demonstrating the effectiveness of malware detection through a graph medium. We extend MALNET-GRAPH by constructing the largest binary-image cybersecurity database—containing 1.2M images, 133×more images than the only other public database—enabling new discoveries in malware detection and classification research restricted to a few industry labs (MALNET-IMAGE). (4) Models: To protect systems from adversarial attacks, we develop UNMASK, the first model that flags semantic incoherence in computer vision systems, which detects up to 96.75% of attacks, and defends the model by correctly classifying up to 93% of attacks. Inspired by UNMASK’s ability to protect computer visions systems from adversarial attack, we develop REST, which creates noise robust models through a novel combination of adversarial training, spectral regularization, and sparsity regularization. In the presence of noise, our method improves state-of-the-art sleep stage scoring by 71%—allowing us to diagnose sleep disorders earlier on and in the home environment—while using 19× less parameters and 15×less MFLOPS. Our work has made significant impact to industry and society: the UNMASK framework laid the foundation for a multi-million dollar DARPA GARD award; the TIGER toolbox for graph robustness analysis is a part of the Nvidia Data Science Teaching Kit, available to educators around the world; we released MALNET, the world’s largest graph classification database with 1.2M graphs; and the D2M framework has had major impact to Microsoft products, inspiring changes to the product’s approach to lateral attack detection.Ph.D

The Costs of Favoritism: Is Politically-Driven Aid Less Effective?

As is now well documented, aid is given for both political as well as economic reasons. The conventional wisdom is that politically-motivated aid is less effective in promoting developmental objectives. We examine the ex-post performance ratings of World Bank projects and generally find that projects that are potentially politically motivated – such as those granted to governments holding a non-permanent seat on the United Nations Security Council or an Executive Directorship at the World Bank – are no more likely, on average, to get a negative quality rating than other projects. When aid is given to Security Council members with higher short-term debt, however, a negative quality rating is more likely. So we find evidence that World Bank project quality suffers as a consequence of political influence only when the recipient country is economically vulnerable in the first place.World Bank, aid effectiveness, political influence, United Nations Security Council

Integration of graphical, physics-based, and machine learning methods for assessment of impact and recovery of the built environment from wind hazards

2019 Summer.Includes bibliographical references.The interaction between a natural hazard and a community has the potential to result in a natural disaster with substantial socio-economic losses. In order to minimize disaster impacts, researchers have been improving building codes and exploring further concepts of community resilience. Community resilience refers to a community's ability to absorb a hazard (minimize impacts) and "bounce back" afterwards (quick recovery time). Therefore, the two main components in modeling resilience are: the initial impact and subsequent recovery time. With respect to a community's building stock, this entails the building damage state sustained and how long it takes to repair and reoccupy that building. In modeling these concepts, probabilistic and physics-based methods have been the traditional approach. With advancements in artificial intelligence and machine learning, as well as data availability, it may be possible to model impact and recovery differently. Most current methods are highly constrained by their topic area, for example a damage state focuses on structural loading and resistance, while social vulnerability independently focus on certain social demographics. These models currently perform independently and are then aggregated together, but with the complex connectivity available through machine learning, structural and social characteristics may be combined simultaneously in one network model. The popularity of machine learning predictive modeling across multiple different applications has risen due to the benefit of modeling complex networks and perhaps identifying critical variables that were previously unknown, or the mechanism behind how these variables interacted within the predictive problem being modeled. The research presented herein outlines a method of using artificial neural networks to model building damage and recovery times. The incorporation of graph theory to analyze the resulting models also provides insight into the "black box" of artificial intelligence and the interaction of socio-technical parameters within the concept of community resilience. The subsequent neural network models are then verified through hindcasting the 2011 Joplin tornado for individual building damage and the time it took to repair and reoccupy each building. The results of this research show viability for using these methods to model damage, but more research work may be needed to model recovery at the same level of accuracy as damage. It is therefore recommended that artificial neural networks be primarily used for problems where the variables are well known but their interactions are not as easily understood or modeled. The graphical analysis also reveals an importance of social parameters across all points in the resilience process, while the structural components remain mostly important in determining the initial impact. Final importance factors are determined for each of the variables evaluated herein. It is suggested moving forward, that modeling approaches consider integrating how a community interacts with its infrastructure, since the human components are what make a natural hazard a disaster, and tracing artificial neural network connections may provide a starting point for such integration into current traditional modeling approaches

The Costs of Favoritism: Is Politically-driven Aid less Effective?

As is now well documented, aid is given for both political as well as economic reasons. The conventional wisdom is that politically-motivated aid is less effective in promoting developmental objectives. We examine the ex-post performance ratings of World Bank projects and generally find that projects that are potentially politically motivated – such as those granted to governments holding a non-permanent seat on the United Nations Security Council or an Executive Directorship at the World Bank – are no more likely, on average, to get a negative quality rating than other projects. When aid is given to Security Council members with higher short-term debt, however, a negative quality rating is more likely. So we find evidence that World Bank project quality suffers as a consequence of political influence only when the recipient country is economically vulnerable in the first place.World Bank, aid effectiveness, political influence, United Nations Security Council

CAG: A Real-time Low-cost Enhanced-robustness High-transferability Content-aware Adversarial Attack Generator

Deep neural networks (DNNs) are vulnerable to adversarial attack despite their tremendous success in many AI fields. Adversarial attack is a method that causes the intended misclassfication by adding imperceptible perturbations to legitimate inputs. Researchers have developed numerous types of adversarial attack methods. However, from the perspective of practical deployment, these methods suffer from several drawbacks such as long attack generating time, high memory cost, insufficient robustness and low transferability. We propose a Content-aware Adversarial Attack Generator (CAG) to achieve real-time, low-cost, enhanced-robustness and high-transferability adversarial attack. First, as a type of generative model-based attack, CAG shows significant speedup (at least 500 times) in generating adversarial examples compared to the state-of-the-art attacks such as PGD and C\&W. CAG only needs a single generative model to perform targeted attack to any targeted class. Because CAG encodes the label information into a trainable embedding layer, it differs from prior generative model-based adversarial attacks that use $n$ different copies of generative models for $n$ different targeted classes. As a result, CAG significantly reduces the required memory cost for generating adversarial examples. CAG can generate adversarial perturbations that focus on the critical areas of input by integrating the class activation maps information in the training process, and hence improve the robustness of CAG attack against the state-of-art adversarial defenses. In addition, CAG exhibits high transferability across different DNN classifier models in black-box attack scenario by introducing random dropout in the process of generating perturbations. Extensive experiments on different datasets and DNN models have verified the real-time, low-cost, enhanced-robustness, and high-transferability benefits of CAG