Phd Position F - M From Stealthy ai Audits To Stealthy ai Attacks Missing Links H/F - INRIA

A propos d'Inria

Inria est l'institut national de recherche dédié aux sciences et technologies du numérique. Il emploie 2600 personnes. Ses 215 équipes-projets agiles, en général communes avec des partenaires académiques, impliquent plus de 3900 scientifiques pour relever les défis du numérique, souvent à l'interface d'autres disciplines. L'institut fait appel à de nombreux talents dans plus d'une quarantaine de métiers différents. 900 personnels d'appui à la recherche et à l'innovation contribuent à faire émerger et grandir des projets scientifiques ou entrepreneuriaux qui impactent le monde. Inria travaille avec de nombreuses entreprises et a accompagné la création de plus de 200 start-up. L'institut s'eorce ainsi de répondre aux enjeux de la transformation numérique de la science, de la société et de l'économie.PhD Position F/M From stealthy AI audits to stealthy AI attacks: missing links
Le descriptif de l'offre ci-dessous est en Anglais
Type de contrat : CDD

Niveau de diplôme exigé : Bac +5 ou équivalent

Fonction : Doctorant

A propos du centre ou de la direction fonctionnelle

The Inria Rennes - Bretagne Atlantique Centre is one of Inria's eight centres and has more than thirty research teams. The Inria Center is a major and recognized player in the field of digital sciences. It is at the heart of a rich R&D and innovation ecosystem: highly innovative PMEs, large industrial groups, competitiveness clusters, research and higher education players, laboratories of excellence, technological research institute, etc.

Contexte et atouts du poste

The ambition of the FANG chair is to bridge the gap between these two critical setups: legal auditing and offensive security, in the domain of modern deployed AI models. From this unique standpoint, and from the body of work we have contributed to build in the field of AI auditing, we expect to find new insights for attacking and defending deployed AI models, by finding novel angles. For instance, we proposed a unified way to approach model fingerprinting that is of interest for an auditor to guess which model she is observing on a platform; we conjecture that leveraging such an approach to measure the evolution in time of such a model (does the model changes due to updates?) is of core interest for an attacker --such as a competitor--, as she can derive what is at play at the company hosting this model. This could provide ground for the attacker for economic intelligence, while leaking some precious information that has to be defended by the attackedcompany.

Mission confiée

We will to take classic black-box audit metrics and try to combine/expand them to more
intrusive ones, in particular for other critical features from the attacked model. Here are two related scenarios: 1) a single run of a fingerprinting-oriented audit can assess if the observed model is compliant. Combining multiple such observations along the time dimension may lead to interesting attacks, as one might track the evolution of a model. 2) The efficient identification of remote models through stealthy fingerprinting will lead to more query efficient strategies for attackers, perfectly tailored for the target model (e.g. accurately targeted adversarial examples), increasing the severity of attacks.
Means: From the information hierarchy in T1, and this compositional attack effort, skills in AI security will be leveraged to come out with original attack configurations. These are expected to borrow stealthiness and the economic related aspect from our AI audit background.

Principales activités

Theoretical analysis and proof of concept coding.

Compétences

Technical skills and level required : good theoretical background in machine learning and statistics. Coding abilities in Python.

Languages : English is mandatory

Avantages

- Subsidized meals
- Partial reimbursement of public transport costs
- Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
- Possibility of teleworking (after 6 months of employment) and flexible organization of working hours
- Professional equipment available (videoconferencing, loan of computer equipment, etc.)
- Social, cultural and sports events and activities
- Access to vocational training
- Social security coverage

Rémunération

monthly gross salary 2200 euros