The chemical molecule space is gigantic, and machine learning (ML) models predicting molecule properties are typically developed for small and specific applications within that space. One example is the field of drug discovery where models help to focus experimental efforts on only the most promising drug candidates by predicting their properties (such as toxicity and reaction with specific bacteria) beforehand. A common concept to navigate the gigantic molecule space is to define an applicability domain for each model – the domain within the chemical space for which the model can make predictions of a given reliability.
In machine learning research, the question of whether a model can make reliable predictions also is a hot topic. Research has shown that many ML algorithms are vulnerable to adversarial attacks. In an adversarial attack, an attacker meticulously crafts adversarial examples by exploiting the ML model's weakness. By adding small perturbations to the benign instances, the adversary forces the model to produce erroneous predictions with high confidence. Investigating successful adversarial attacks contributes to understanding the model’s weaknesses, and adversarial defenses have been developed to detect these attacks.
Both applicability domain and adversarial defenses aim to detect weaknesses of a model by searching for model inputs resulting in false or unreliable outputs. However, they approach the problem from different perspectives testing for different vulnerabilities. We hypothesize that connecting both research areas will result in meaningful insights that ultimately enhance research in both areas.
In this project, we will build on preliminary implementations and experimental setups for both applicability domain and adversarial attacks, and design, implement, run, visualize and analyze a comprehensive set of experiments. These experiments will transfer applicability domain approaches to adversarial defenses and vice versa.
Undergraduate
Experimental setup (code), results, figures, text, and ultimately a publication
Experience in Python programming is essential. Prior understanding of machine learning concepts will be an advantage. No prior knowledge of adversarial learning and applicability domain is required.
No lab has been assigned to this project