Security and Safety for Shared Artificial Intelligence
S3AI will lay the foundations for building secure collaborative artificial intelligence systems: Methods to ensure privacy, protection against hostile attacks and guarantees for the intended performance of the system.
Objectives and envisaged technological developments
The approach is based on methods of transfer learning and algebraic geometry using geometric structures in the input space induced by deep learning models. As a result we expect theoretical frameworks and analysis tools at the interface of mathematics, deep learning and information security regarding
- new DNN architectures and related privacy learning strategies,
- new defence strategies against enemy attacks and
- new methods for assessing trustworthiness.
A paradigm shift in artificial intelligence (AI) is currently emerging to support the reusability of deep machine learning artifacts and to build powerful collaborative AI ecosystems. This development marks the innovative shift from data sharing to sharing the hidden distributed representation in deep learning models. This development has multiple implications for the usability of AI applications and business models based on them, especially with respect to reducing development costs by reusing pre-built models and saving data collection efforts.
The even more far-reaching effect, however, results from the opening up of as yet untapped possibilities for machine learning from data across company boundaries. These opportunities include overcoming limitations in the availability of annotated data for high quality, customized services, or opening up new innovative ways for collaborative, AI-based business models between players in an emerging data market.
On the other hand, this emerging technology poses new challenges, especially in the area of security. As central scientific and technical challenges, S3AI concentrates on methods for the protection of privacy, for the protection against hostile attacks by manipulation of input data (integrity) and for the assessment (trust), whether or to what extent the AI system realizes the desired behavior.
S3AI follows a "security by design" approach according to the principle that these security aspects must already be considered in the model architecture. We will develop novel model architectures based on distributed Deep Transfer Learning, using mathematical concepts from algebraic geometry and regularization. In this context S3AI deals with the following aspects:
- Variants of information security: Degree of privacy protection and related information security requirements;
- Variants of information sharing: data sharing (no model), representation sharing (partial model) and model sharing (full model);
- Variants of initial situations and learning conditions such as domain adaptation, multi-task learning, multi-view learning (information fusion);
- different classes of models and applications for deep learning.
Within S3AI the Software Competence Center Hagenberg (SCCH) will cooperate with renowned national and international scientific partners. The consortium will be complemented by corporate partners from different industries (manufacturing, mobility, automation, data analysis, tool providers, ...), which underlines the high industrial interest and relevance of the topics covered in S3AI.
- Radon Institute of Computational and Applied Mathematics (RICAM) of Austrian Academy of Sciences
- Research Institute for Symbolic Computation (RISC) at JKU (Linz)
- Institute for Machine Learning at JKU (Linz)
- Pattern Recognition and Applications Lab of University of Cagliari (Italien)
- Dept. Elektrotechniek-ESAT/COSIC of the University of Leuven (Belgien) Internationale
- kpibench GmbH
- RUBBLE MASTER HMH GmbH
- AVI Systems GmbH
- PKE Holding AG
- TissueGnostics GmbH
Duration of the project
01.01.2020 - 31.12.2023
The project is funded within the framework of COMET, program line "modules".