2025年第94期(总第1135期)
演讲主题:Enhancing Adversarial Robustness in Deep Learning: A Bayesian Uncertainty-Based Ensemble Learning Method
主讲人:柴一栋 香港城市大学副教授
主持人:杨彦武 信息管理与数据科学系主任、教授
活动时间:2025年12月12日(周五)10:00
活动地址: 管理大楼125教室
主讲人简介:
柴一栋,香港城市大学长聘副教授,合肥工业大学博士生导师。博士毕业于清华大学经管公司管理科学与工程系(信息系统方向),主要关注如何设计创新性的人工智能方法,更好地服务于个人、组织和社会的现代科学化管理。以第一作者或通讯作者发表研究成果于MISQ、ISR、JMIS等管理信息系统顶刊(UTD/FT),IEEE TDSC、IEEE TPAMI、IEEE TKDE、ACM TOIS等信息安全/人工智能/数据挖掘等领域的顶刊(CCF A),以及《管理科学学报》等中文期刊。担任ACM Transactions on AI Security and Privacy、《系统科学与系统工程学报》(英文版)、Industrial Management & Data Systems等期刊副主编。主持国家优秀青年基金等项目。指导的员工毕业后入职中科大(聘为特任副研究员)、安徽财经大学(聘为副教授)等。指导员工以第一或通讯作者发表成果于ISR、INFORMS JOC、IEEE TDSC、ACM TOIS、《管理科学学报》等顶刊,获“SWAIB(2025)最佳论文奖”“CNAIS(2024)推荐论文提名奖”、“第27届管理科学与工程国际会议暨博士生论坛优秀论文三等奖”、INFORMS Workshop on Data Science Best Paper Nominee等。
活动简介:
Deep learning (DL)-based predictive analytics has been widely embraced by IS scholars to solve various societal and business problems. However, DL models remain highly vulnerable to adversarial attacks, which craft subtle adversarial samples to deceive high-performing DL models into misbehaving as desired by the attacker, thereby opening the door to exploiting DL models for harmful purposes. Hence, enhancing the robustness of DL models against adversarial attacks is crucial to ensuring secure and reliable DL-based predictive analytics. Following the computational design science paradigm, this study designs a novel method to enhance the robustness of existing DL models against adversarial attacks while maintaining compatibility with them. Specifically, we propose a Bayesian Uncertainty-based Ensemble Learning (BUEL) method that enhances adversarial robustness from three perspectives. First, BUEL creates an ensemble of base models, each of which is a Bayesian DL model compatibly transformed from an existing DL model. The ensemble model enhances robustness by increasing the difficulty of adversarial attacks, as attackers must mislead a majority of the base models. Second, BUEL increases the robustness by a novel Bayesian Weight Assignment Mechanism (BWAM) that assigns higher weights to less vulnerable models. The weights are initially indicated by Bayesian uncertainty scores and subsequently updated using observed data in a Bayesian manner. Third, BUEL enhances the robustness by a novel adversarial training strategy that trains the ensemble model by imitating realistic environments involving benign users and different types of attackers. BUEL addresses several limitations of existing adversarial robustness enhancement methods, as demonstrated in this paper. Through experiments on the tasks of offensive language detection and fake news detection, we show BUEL can effectively enhance the adversarial robustness of DL models. BUEL not only significantly promotes the security of DL-based predictive analytics but also holds significant practical implications for individuals, organizations, and regulators.
