IARPA announces Proposers’ Day for SAILS, TrojAI
On January 25, the Intelligence Advanced Research Projects Activity announced a Proposers’ Day Conference for the Secure, Assured, Intelligent Learning Systems (SAILS) and Trojans in Artificial Intelligence (TrojAI) solicitations. Registration is due by 5:00 p.m. Eastern on February 20, according to FedBizOpps.
The Intelligence Advanced Research Projects Activity (IARPA) will host a Proposers’ Day Conference for the SAILS and TrojAI programs on February 26, 2019 in anticipation of the release of two new solicitations. The Conference will provide information on the SAILS and TrojAI programs and the research problems the programs aim to address. Questions from potential proposers will also be answered. The Conference will be held from 9:00-4:30 EST in the Washington, DC metropolitan area. Additionally, the Conference will be remotely accessible via conference call; remote attendees’ questions can be emailed in during the Conference and addressed during a dedicated Q&A session.
Across numerous sectors, a variety of institutions are adopting machine learning/artificial intelligence (ML/AI) technologies to streamline business processes and aid in decision making. These technologies are increasingly trained on proprietary and sensitive datasets that represent a competitive advantage for the particular entity. Recent work has demonstrated, however, that these systems are vulnerable to a variety of attack vectors including adversarial examples, training time attacks, and attacks against privacy. Each of these vectors represents a potential degradation in the usefulness of ML/AI technologies. In light of the use of sensitive training sets, however, attacks against privacy represent a particularly damaging threat.
The SAILS program aims to develop methods for creating models robust to attacks against privacy. The goal is to provide a mechanism by which model creators can have confidence that their trained models will not inadvertently reveal sensitive information. Towards this end, SAILS will focus on a variety of problem domains, to include speech, text, and image, as well as black box and white box access models. Performers will be expected to develop techniques, including but not limited to new training procedures, new model architectures, or new pre-/post-processing procedures. Developed methods will be scored against state-of-the-art baselines within the chosen domain while using published model vulnerabilities.
Using current machine learning methods, an artificial intelligence (AI) is trained on data, learns relationships in that data, and then is deployed to the world to operate on new data. For example, an AI can be trained on images of traffic signs, learn what stop signs and speed limit signs look like, and then be deployed as part of an autonomous car. The problem is that an adversary that can disrupt the training pipeline can insert Trojan behaviors into the AI. For example, an AI learning to distinguish traffic signs can be given just a few additional examples of stop signs with yellow squares on them, each labeled “speed limit sign.”3 If the AI were deployed in a self-driving car, an adversary could cause the AI to misidentify a stop sign as a speed limit sign just by putting a sticky note on it, potentially leading the car to run through the sign. Such Trojan attacks are a security threat to all users of AIs and those impacted by them.
The goal of the TrojAI program is to combat Trojan attacks by finding them in AIs, before the AI is deployed. Performers will create software that reads in an AI’s code and states the probability that the AI has a Trojan. Performers’ software will be tested against thousands of real AIs, with and without Trojans inside them. TrojAI will initially focus on AIs created for simple image classification tasks (like the traffic sign example); if successful, TrojAI will then expand to examine AIs from other problem domains, such as audio or text classification.
Full information is available here.