Protecting the integrity of the training procedure of neural networks
This addresses IT security issues for high-risk applications where neural network opacity poses safety risks, though it appears incremental as it builds on existing cryptographic methods.
The paper tackles the problem of poisoning attacks during neural network training by proposing an approach that uses standard cryptographic mechanisms to provably verify the integrity of the training procedure.
Due to significant improvements in performance in recent years, neural networks are currently used for an ever-increasing number of applications. However, neural networks have the drawback that their decisions are not readily interpretable and traceable for a human. This creates several problems, for instance in terms of safety and IT security for high-risk applications, where assuring these properties is crucial. One of the most striking IT security problems aggravated by the opacity of neural networks is the possibility of so-called poisoning attacks during the training phase, where an attacker inserts specially crafted data to manipulate the resulting model. We propose an approach to this problem which allows provably verifying the integrity of the training procedure by making use of standard cryptographic mechanisms.