Muhammad Shafique

Title Security and Reliability for Machine Learning: Do You Trust the Intelligence Features of Your Smart Cyber Physical Systems and Internet-of-Things
Abstract

Access to massive amounts of data and high-end computers has heralded revolutionary advances in Machine Learning (ML) impacting domains ranging from autonomous driving and robotics, to healthcare, the natural sciences, the arts and beyond. As we deploy modern ML systems in safety- and health-care applications, however, it is important to ensure their security against adversarial attacks. Researchers have shown that many modern ML algorithms, especially the ones based on the deep neural networks (DNNs) are fragile and can be embarrassingly easy to fool. This is easier said than done. Recent research has shown that DNNs are susceptible to a range of attacks including adversarial input perturbations, backdoors, Trojans, and fault attacks. This can create catastrophic effects for various safety-critical applications like automotive, healthcare, etc. For instance, selfdriving cars and vehicular networks, which heavily rely on ML-based functions, exhibit a wide attack surface that can be exploited by well-known and yet-unknown-but-possible attacks on ML models. DNNs contain hundreds of millions of parameters and are hard to interpret/debug let alone verify, significantly increasing the chance they may misbehave. Further, any ML system is only as robust as the data on which we train it on. If the data distributions change in the field, this can impair performance (for example, an autonomous vehicle trained in day time conditions may not function at nighttime). The goal of this talk is to shed light on various security threats for the ML algorithms, especially the deep neural networks (DNNs). Various security attacks and defenses for DNNs will be presented in detail. Afterwards, open research problem and perspectives will be briefly discussed. Towards the end, this talk will also highlight the need for reliability in ML systems considering faults in the underlying hardware. Anecdotally, researchers speculated that ML applications forgive hardware errors. But, new research has revealed that the accuracy drops even at low fault rates. In fact, ML hardware in Tesla’s self-driving cars uses expensive dual modular redundancy to mitigate the impact of faults.

Bio

Muhammad Shafique is a full professor (Univ.Prof.) of Computer Architecture and Robust Energy-Efficient Technologies (CARE-Tech.) at the Institute of Computer Engineering, Faculty of Informatics, Vienna University of Technology (TU Wien) since Nov. 2016. He received his Ph.D. in Computer Science from Karlsruhe Institute of Technology (KIT), Germany in Jan.2011. Afterwards, he established and led a highly recognized research group for several years as well as conducted impactful research and development activities in Pakistan. Besides co-founding a technology startup in Pakistan, he was also an initiator and team lead of an ICT R&D project. He has also established strong research ties with multiple universities in Pakistan, where he is actively co-supervising various R&D activities, resulting in top-quality research outcome and scientific publications. Before, he was with Streaming Networks Pvt. Ltd. (Islamabad office) where he was involved in research and development of video coding systems several years. Dr. Shafique has demonstrated success in leading team-projects, meeting deadlines for demonstrations, motivating team members to peak performance levels, and completion of independent challenging tasks. His experience is corroborated by strong technical knowledge and an educational record (throughout Gold Medalist). He also possesses an in-depth understanding of various video coding standards (HEVC, H.264, MVC, MPEG-1/2/4). His research interests are in computer architecture, power- & energy-efficient systems, robust computing, dependable & fault-tolerant system design, hardware security, emerging Brain-Inspired Computing trends like Neuromorphic and Approximate Computing, Hardware and System-level Design for Machine Learning and AI, emerging technologies & nanosystems, FPGAs, MPSoCs, and embedded systems. His research has a special focus on cross-layer analysis, modeling, design, and optimization of computing and memory systems covering various layers of the hardware and software stacks. The researched technologies and tools are deployed in application use cases from Internet-of-Things (IoT), Cyber-Physical Systems (CPS), and ICT for Development (ICT4D) domains. Dr. Shafique has given several Keynotes, Invited Talks, and Tutorials at premier venues. He has also organized many special sessions at premier venues (like DAC, ICCAD, DATE, and ESWeek) and served as the Guest Editor for IEEE Design and Test Magazine (D&T) and IEEE Transactions on Sustainable Computing (T-SUSC). He is the TPC Chair of ISVLSI 2020. He has served as the TPC co-Chair of ESTIMedia and LPDC, General Chair of ESTIMedia, Track Chair at DATE and FDL, and PhD Forum Chair of ISVLSI 2019. He has served on the program committees of numerous prestigious IEEE/ACM conferences including ICCAD, ISCA, DATE, CASES, ASPDAC, and FPL. He is a senior member of the IEEE and IEEE Signal Processing Society (SPS), and a member of the ACM, SIGARCH, SIGDA, SIGBED, and HIPEAC. He holds one US patent and has (co-)authored 6 Books, 10+ Book Chapters, and over 200 papers in premier journals and conferences. Dr. Shafique received the prestigious 2015 ACM/SIGDA Outstanding New Faculty Award (given world-wide to one person per year) for demonstrating an outstanding potential as a lead researcher and/or educator in the field of electronic design automation. Dr. Shafique also received six gold medals in his educational career, and several best paper awards and nominations at prestigious conferences like CODES+ISSS, DATE, DAC and ICCAD, Best Master Thesis Award, DAC'14 Designer Track Best Poster Award, IEEE Transactions of Computer "Feature Paper of the Month" Awards, and Best Lecturer Award. His research work on aging optimization for GPUs featured as a Research Highlight in the Nature Electronics, Feb.2018 issue.