Contribuciones a la Seguridad del Aprendizaje Automático

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Ciencias Matemáticas, leída el 05-11-2020Machine learning (ML) applications have experienced an unprecedented growth over the last two decades. However, the ever increasing adoption of ML methodologies has revealed important security issues. Among these, vulnerabilities to adversarial examples, data instances targeted at fooling ML algorithms, are especially important. Examples abound. For instance, it is relatively easy to fool a spam detector simply misspelling spam words. Obfuscation of malware code can make it seem legitimate. Simply adding stickers to a stop sign could make an autonomous vehicle classify it as a merge sign. Consequences could be catastrophic. Indeed, ML is designed to work in stationary and benign environments. However, in certain scenarios, the presence of adversaries that actively manipulate input datato fool ML systems to attain benefits break such stationarity requirements. Training and operation conditions are not identical anymore. This creates a whole new class of security vulnerabilities that ML systems may face and a new desirable property: adversarial robustness. If we are to trust operations based on ML outputs, it becomes essential that learning systems are robust to such adversarial manipulations...Las aplicaciones del aprendizaje automático o machine learning (ML) han experimentado un crecimiento sin precedentes en las últimas dos décadas. Sin embargo, la adopción cada vez mayor de metodologías de ML ha revelado importantes problemas de seguridad. Entre estos, destacan las vulnerabilidades a ejemplos adversarios, es decir; instancias de datos destinadas a engañar a los algoritmos de ML. Los ejemplos abundan: es relativamente fácil engañar a un detector de spam simplemente escribiendo mal algunas palabras características de los correos basura. La ofuscación de código malicioso (malware) puede hacer que parezca legítimo. Agregando unos parches a una señal de stop, se podría provocar que un vehículo autónomo la reconociese como una señal de dirección obligatoria. Cómo puede imaginar el lector, las consecuencias de estas vulnerabilidades pueden llegar a ser catastróficas. Y es que el machine learning está diseñado para trabajar en entornos estacionarios y benignos. Sin embargo, en ciertos escenarios, la presencia de adversarios que manipulan activamente los datos de entrada para engañar a los sistemas de ML(logrando así beneficios), rompen tales requisitos de estacionariedad. Las condiciones de entrenamiento y operación de los algoritmos ya no son idénticas, quebrándose una de las hipótesis fundamentales del ML. Esto crea una clase completamente nueva de vulnerabilidades que los sistemas basados en el aprendizaje automático deben enfrentar y una nueva propiedad deseable: la robustez adversaria. Si debemos confiaren las operaciones basadas en resultados del ML, es esencial que los sistemas de aprendizaje sean robustos a tales manipulaciones adversarias...Fac. de Ciencias MatemáticasTRUEunpu

Bioinformatics analysis of mutations in SARSCoV- 2 and clinical phenotypes

1 p.-1 fig.-8 tab.Background: Severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2), initially reported in Wuhan (China) hasspread worldwide. Like other viruses, SARS-CoV-2 accumulates mutations with each cycle of replication by continuously evolving a viral strain with one or more single nucleotide variants (SNVs). However, SNVs that cause severe COVID-19 or lead to immune escape or vaccine failure are not well understood. We aim to identify SNVs associated with severe clinical phenotypes.Methods: In this study, 27429 whole-genome aligned consensus sequences of SARS-CoV-2 were collected from genomic epidemiology of SARS-CoV-2 project in Spain (SeqCOVID) [1]. These samples were obtained from patients who required hospitalization and/or intensive care unit admission (ICU), excluding those registered in the first pandemic wave.Besides, 248 SARS-CoV-2 genomes were isolated from COVID-19 hospitalized patients from Gregorio Marañon General University Hospital (GMH) of which 142 were fully vaccinated. Bioinformatics tools using R and Python programming languages were developed and implemented comparing those to SARS-CoV-2 Wuhan-Hu-1 (reference genome).Results: Using a selection threshold mutational frequency 10%, 27 SNVs were expected to have association with hospitalization and ICU risk. The reference haplotype differing at the SNV coding for lysine at the residue 203 (N:R203K) was found to have negative association with COVID-19 hospitalization risk (p = 5.37 x 10-04). Similarly, a negative association was observed when the residue at 501 is replaced by tyrosine (S:N501Y) (p = 1.33 x 10-02). The application of a Chi-square test suggested that SNV-haplotypes coding for mutants residues such as (S:A222V, N:A220V, ORF10:V30L) and (ORF1a:T1001I, ORF1a:I2230T, S:N501Y, S:T716S, S:S982A, ORF8:Q27*, N:R203K, N:S235F) have negative associations with COVID-19 hospitalization risk (p = 6.58 x 10-07 and p = 2.27 x 10-16, respectively) and COVID-19 ICU risk (p = 1.15 x 10-02 and p = 2.51 x 10-02, respectively). Focusing on the SNV-haplotype coding the mutations (S:A222V, N:A220V, N:D377Y, ORF10:V30L) were observed to increase the risk of COVID-19 hospitalization (p = 2.71 x 10-04). Results from SARS-CoV-2 genomes analysis from GMH showed 63 coding SNVs which met the established threshold value. Applying a Chi-square test, the SNV-haplotype carrying coding variants for mutant residues in 5 ORF proteins and surface and membrane glycoprotein and nucleocapsid phosphoprotein was significantly associated with vaccine failure in hospitalized COVID-19 patients (p = 7.91 x 10-04).Conclusions: SNV-haplotypes carrying variants lead to non-synonymous mutations located along SARS-CoV-2 wholeproteome may influence COVID-19 severity and vaccine failure suggesting a functional role in the clinical outcome for COVID-19 patients.This research work was funded by the European Commission-NextGenerationEU (Regulation EU 2020/2094), through CSIC’s Global Health Platform (PTI Salud Global)Peer reviewe

Evolutionary genomics of SARS-CoV-2: keys for viral success

Resumen del trabajo presentado al 44º Congreso de la Sociedad Española de Bioquímica y Biología Molecular, celebrado en Málaga del 6 al 9 de septiembre de 2022.Peer reviewe

Genomic surveillance and impact of SARS-CoV-2 mutations

Resumen del póster presentado a las II Jornadas Científicas PTI + Salud Global, celebradas los días 5 y 6 de octubre de 2022 en el Auditorio Santiago Grisolía de Valencia (España).Peer reviewe

Perspectives on Adversarial Classification

Adversarial classification (AC) is a major subfield within the increasingly important domain of adversarial machine learning (AML). So far, most approaches to AC have followed a classical game-theoretic framework. This requires unrealistic common knowledge conditions untenable in the security settings typical of the AML realm. After reviewing such approaches, we present alternative perspectives on AC based on adversarial risk analysiThis work was partially supported by the NSF under Grant DMS-1638521 to the Statistical and Applied Mathematical Sciences Institute, a BBVA Foundation project and the Trustonomy project, which has received funding from the European Community’s Horizon 2020 research and innovation programme under grant agreement No 812003. R.N. acknowledges support of the Spanish Ministry of Science and Research for his grant FPU15-03636. V.G. acknowledges support of the Spanish Ministry of Science and Research for his grant FPU16-05034. D.R.I. is grateful to the MTM2017-86875-C3-1-R AEI/ FEDER EU project and the AXA-ICMAT Chair in adversarial risk analysis. We are grateful to stimulating discussions with the referees