Abstract: Embodiments for automatic data preprocessing for a machine learning operation by a processor. For each data instance in a set of data instances, a sequence of actions may be automatically learned in a reinforcement learning environment to be applied for preprocessing each data instance separately. Each of the data instances may be preprocessed for use by one or more machine learning models according to the learned sequence of actions.

Abstract: A method, computer program, and computer system are provided for predicting and assessing risks on websites. Data corresponding to historical interactions of a user with one or more websites is accessed. A simulation of actions of the user is generated based on the accessed data, and actions of the user are simulated on a pre-defined target website based on the generated simulation of the actions of the user. Risks on the target website are identified based on simulating the actions of the user. The website is updated to mitigate the identified risks.

Abstract: Various embodiments are provided for securing machine learning models by one or more processors in a computing system. One or more hardened machine learning models that are secured against adversarial attacks are provided by applying one or more of a plurality of combinations of selected preprocessing operations from one or more machine learning models, a data set used for hardening the one or more machine learning models, a list of preprocessors, and a selected number of learners.

Abstract: A method, system, and computer program product are disclosed. The method includes processing an audio signal that includes speech data and transcribing the speech data to generate text data. The method also includes identifying a vulnerable portion of the text data and, in response, applying adversarial text to the text data to generate robust text data. Adversarial noise corresponding to the robust text data is generated and applied to the speech data.

Abstract: Disclosed are techniques for determining data relationships between privacy-restricted datapoints, sourced over a computer network, which require data privacy measures concealing at least some datapoints from other clients in the network that the datapoint respectively do not originate from. A first client encrypts a first datapoint with a public key of a public/private encryption scheme and communicates it to the second client along with the public key. The second client encrypts a corresponding second datapoint with the public key, then determines a relationship between the two encrypted datapoints, and communicates the determined relationship to a central client along with the public key. Random noise is encrypted by the central client and added to the determined relationship, then sent together to the first client, followed by decryption by the first client using the private key. The central client extracts the random noise after receiving the decrypted determined relationship.

Abstract: A method, computer system, and a computer program product for text data protection is provided. The present invention may include receiving a text data. The present invention may also include identifying a portion of the received text data having a highest impact on a first confidence score associated with a target model prediction. The present invention may further include generating at least one semantically equivalent text relative to the identified portion of the received text data. The present invention may also include determining that the generated at least one semantically equivalent text produces a second confidence score associated with the target model prediction that is less than the first confidence score associated with the target model prediction. The present invention may further include generating a prompt to suggest modifying the identified portion of the received text data using the generated at least one semantically equivalent text.

Abstract: Disclosed are techniques for determining data relationships between privacy-restricted datapoints, sourced over a computer network, which require data privacy measures concealing at least some datapoints from other clients in the network that the datapoint respectively do not originate from. A first client encrypts a first datapoint with a public key of a public/private encryption scheme and communicates it to the second client along with the public key. The second client encrypts a corresponding second datapoint with the public key, then determines a relationship between the two encrypted datapoints, and communicates the determined relationship to a central client along with the public key. Random noise is encrypted by the central client and added to the determined relationship, then sent together to the first client, followed by decryption by the first client using the private key. The central client extracts the random noise after receiving the decrypted determined relationship.

Abstract: Embodiments for automatic feature learning for predictive modeling in a computing environment by a processor. A first table and a second table are joined based on an edge between the first table and the second table defined by an entity graph thereby creating a resulting joined table that is connected by a column of data. The resulting joined table is used as an input into one or more neural network operations that transform the resulting joined table to one or more features to predict a target variable.

Abstract: One or more computer processors transmit a machine learning model and an associated loss function to a worker, wherein the worker isolates private data. The one or more computer processors receive a plurality of encrypted gradients computed utilizing the transmitted machine learning model, the associated loss function, and the isolated private data. The one or more computer processors generate a plurality of adversarial perturbations, wherein the plurality of adversarial perturbations includes true perturbations and false perturbations. The one or more computer processors obfuscate the generated plurality of adversarial perturbations. The one or more computer processors transmit the obfuscated adversarial perturbations to the worker. The one or more computer processors harden the machine learning model utilizing the transmitted obfuscated adversarial perturbations and the private data.

Abstract: A method, computer system, and a computer program product for text data protection is provided. The present invention may include receiving a text data. The present invention may also include identifying a portion of the received text data having a highest impact on a first confidence score associated with a target model prediction. The present invention may further include generating at least one semantically equivalent text relative to the identified portion of the received text data. The present invention may also include determining that the generated at least one semantically equivalent text produces a second confidence score associated with the target model prediction that is less than the first confidence score associated with the target model prediction. The present invention may further include generating a prompt to suggest modifying the identified portion of the received text data using the generated at least one semantically equivalent text.

Abstract: One or more hardened machine learning models are secured against adversarial attacks by adding adversarial protection to one or more previously trained machine learning models. To generate the hardened machine learning models, the previously trained machine learning models are retrained and extended using preprocessing layers or using additional network layers which test model performance on benign or adversarial samples. A rollback strategy is additionally implemented to retain intermediate model states during the retraining to provide recovery if a training collapse is detected.

Abstract: Various embodiments are provided for automated evaluation of machine learning models in a computing environment by one or more processors in a computing system. A level of robustness of a machine learning model against adversarial whitebox operations may be evaluated and determined by applying a data set used for testing the machine learning model, one or more adversarial operation objectives, an adversarial threat model, and a selected number of hyperparameters. Results from the adversarial operation may be analyzed and a modified machine learning model may be generated while performing the evaluating and determining.

Abstract: Embodiments for providing adversarial protection to computing display devices by a processor. Security defenses may be provided on one or more image display devices against automated media analysis by using adversarial noise, an adversarial patch, or a combination thereof.

Abstract: Embodiments for providing optimized machine learning model features using federated learning on distributed data in a computing environment by a processor. Machine learning model features may be learned from one or more data sets extracted from one or more localized machine learning models associated with one or more nodes. The machine learning model features may be aggregated using a centralized machine learning model at a source node. The one or more localized machine learning models may be trained using aggregated machine learning model features provided by the centralized machine learning model.

Abstract: Embodiments for intelligent unsupervised learning of visual alphabets by one or more processors are described. A visual three-dimensional (3D) alphabet may be learned from one or more images using a machine learning operations. A set of 3D primitives representing the visual 3D alphabet may be provided.

Abstract: Embodiments for intelligent unsupervised learning of visual alphabets by one or more processors are described. A visual three-dimensional (3D) alphabet may be learned from one or more images using a machine learning operations. A set of 3D primitives representing the visual 3D alphabet may be provided.

Abstract: A method for protecting a machine learning model includes: generating a first adversarial example by modifying an original input using an attack tactic, wherein the model accurately classifies the original input but does not accurately classify at least the first adversarial example; training a defender to protect the model from the first adversarial example by updating a strategy of the defender based on predictive results from classifying the first adversarial example; updating the attack tactic based on the predictive results from classifying the first adversarial example; generating a second adversarial example by modifying the original input using the updated attack tactic, wherein the trained defender does not protect the model from the second adversarial example; and training the defender to protect the model from the second adversarial example by updating the at least one strategy of the defender based on results obtained from classifying the second adversarial example.

Abstract: Embodiments for providing adversarial protection to computing display devices by a processor. Security defenses may be provided on one or more image display devices against automated media analysis by using adversarial noise, an adversarial patch, or a combination thereof.

Abstract: Various embodiments are provided for securing trained machine learning models by one or more processors in a computing system. One or more hardened machine learning models are secured against adversarial attacks by adding adversarial protection to one or more trained machine learning model.

Abstract: Various embodiments are provided for securing machine learning models by one or more processors in a computing system. One or more hardened machine learning models that are secured against adversarial attacks are provided by applying one or more of a plurality of combinations of selected preprocessing operations from one or more machine learning models, a data set used for hardening the one or more machine learning models, a list of preprocessors, and a selected number of learners.