Secure, Assured, Intelligent Learning Systems (SAILS)
Program Description and Goals
Across numerous sectors, a variety of institutions are adopting machine learning/artificial intelligence (ML/AI) technologies to streamline business processes and aid in decision making. These technologies are increasingly trained on proprietary and sensitive datasets that represent a competitive advantage for the particular entity. Recent work has demonstrated, however, that these systems are vulnerable to a variety of attack vectors including adversarial examples, training time attacks, and attacks against privacy. Each of these vectors represents a potential degradation in the usefulness of ML/AI technologies. In light of the use of sensitive training sets, however, attacks against privacy represent a particularly damaging threat.
In general, attacks against privacy are comprised of attacks that aim to reveal some form of information used in the training procedure of AI/ML models. Of particular interest are model inversion attacks and membership inference attacks. Model inversion attacks aim to reconstruct some representation of the data used to train a model, such as the average of an individual’s face used to train a facial identification model. Membership inference attacks aim to determine whether a given individual’s data was used in training the model, thus potentially de-anonymizing that user.
The SAILS program aims to develop methods for creating models robust to attacks against privacy. The goal is to provide a mechanism by which model creators can have confidence that their trained models will not inadvertently reveal sensitive information. Towards this end, SAILS will focus on a variety of problem domains, to include speech, text, and image, as well as black box and white box access models. Performers will be expected to develop techniques, including but not limited to new training procedures, new model architectures, or new pre-/post-processing procedures. Developed methods will be scored against state-of-the-art baselines within the chosen domain while using published model vulnerabilities.
Contracting Office Address
Office of the Director of National Intelligence
Intelligence Advanced Research Projects Activity
Washington, DC 20511
Primary Point of Contact
Solicitation Status: N/A
Proposers' Day Announcement on FedBizOpps
Proposers' Day Date: February 26, 2019
Proposers' Day Briefings