Stage - Out-Of-Distribution Detection For Adversarial Attacks Evasion H/F

Job description

Description

Through the recent developments of AI, the use of models produced by machine learning has become widespread, even in industrial settings. However, studies are flourishing showing the dangers that such models can bring, in terms of safety, privacy or even fair-ness.To mitigate these dangers and improve trust in AI, one possible avenue of research consists in designing methods for generating explanations of the model behaviour.Such methods, regrouped under the umbrella term eXplainable AI (XAI), empower the user by providing them with relevant information to make an informed choice to trust the model (or not).Another important topic is to assess the correct domain of operation of a neural network.Indeed, inputs of a neural network are expected to BE drawn from a distribution similar to the training set. To put IT bluntly, a program trained to detect pedestrians on a road should not BE expected to perform well when presented with pictures of planes.As 1embedding such limitation in a neural network is unfeasible, there had been a lot of work on the field of out-of-distribution detection (OOD-detection).Through several work Xu-Darme, Girard-Satabin, et al. (2023), the AISER team bridged XAI and OOD-detection together, using case-based reasoning techniques to detect distribution shift from an input. This ability can BE used to other means, for instance monitoring the presence of maliciously modified samples (for instance, adversarial examples (Szegedy et al. 2014).During this internship, you will study the use of AISER's OOD-detection method, PARTICUL, to identify whether new inputs were tampered with. You will work using the open-source library CaBRNet(Xu-Darme et al. 2024), developped at CEA LIST, which provides an implementation of PARTICUL.The broad internship goals are :- Familiarization with the state-of-the-art on XAI (Molnar 2022), OOD-detection Tajwaret al. (2021) and adversarial examples Carlini and Wagner (2016);- Getting started with the PARTICUL implementation in CaBRNet;- Design and implementation of benchmarks involving the tampering of wholedatasets with adversarial examples;- Evaluation against other OOD-detection methods using for instance the Open-OODbenchmark (Yang et al. 2022)

Lettre de motivation requise

Non

Date de début

13 sept., 2024

Expérience

Sup_7

Profil

The candidate will work at the confluence of numerous topics : artificial intelligence, machine learning and cybersecurity.As IT is not realistic to BE expert in all fields, we encourage candidates that do not meet the full qualification requirements to apply nonetheless. We strive to provide an inclusive and enjoyable workplace. We are aware of discriminations based on gender (especially prevalent on our fields), race or disability,we are doing our best to fight them. One of our team member is formally trained againstpsychological harassment and sexual abuse.Minimalmaster student or equivalent (2nd/3rd engineering school year) in computer science;ability to work in a team;some knowledge of version control.Preferredformal training in machine learning and/or statistics;experience of machine learning theory.

Fonction

Informatique_syst_info

Formation

RJ/Qualif/Ingenieur_B5

Secteur

Ind_hightech_telecom