Context. The problem of optimizing the resilience of artificial intelligence systems to destructive disturbances has not yet been fully solved and is quite relevant for safety-critical applications. The task of optimizing the resilience of an artificial intelligence system to disturbing influences is a high-level task in relation to efficiency optimization, which determines the prospects of using the ideas and methods of meta-learning to solve it. The object of current research is the process of meta-learning aimed at optimizing the resilience of an artificial intelligence system to destructive disturbances. The subjects of the study are architectural add-ons and the meta-learning method which optimize resilience to adversarial attacks, fault injection, and task changes.
Objective. Stated research goal is to develop an effective meta-learning method for optimizing the resilience of an artificial intelligence system to destructive disturbances.
Method. The resilience optimization is implemented by combining the ideas and methods of adversarial learning, fault-tolerant learning, model-agnostic meta-learning, few-shot learning, gradient optimization methods, and probabilistic gradient approximation strategies. The choice of architectural add-ons is based on parameter-efficient knowledge transfer designed to save resources and avoid the problem of catastrophic forgetting.
Results. A model-agnostic meta-learning method for optimizing the resilience of artificial intelligence systems based on gradient meta-updates or meta-updates using an evolutionary strategy has been developed. This method involves the use of tuner and metatuner blocks that perform parallel correction of the building blocks of a original deep neural network. The ability of the proposed approach to increase the efficiency of perturbation absorption and increase the integral resilience indicator of the artificial intelligence system is experimentally tested on the example of the image classification task. The experiments were conducted on a model with the ResNet-18 architecture, with an add-on in the form of tuners and meta-tuners with the Conv-Adapter architecture. In this case, CIFAR-10 is used as a base set on which the model was trained, and CIFAR-100 is used as a set for generating samples on which adaptation is performed using a few-shot learning scenarios. We compare the resilience of the artificial intelligence system after pre-training tuners and meta-tuners using the adversarial learning algorithm, the fault-tolerant learning algorithm, the conventional model-agnostic meta-learning algorithm, and the proposed meta-learning method for optimizing resilience. Also, the meta-learning algorithms with meta-gradient updating and meta-updating based on the evolutionary strategy are compared on the basis of the integral resilience indicator.
Conclusions. It has been experimentally confirmed that the proposed method provides a better resilience to random bit-flip injection compared to fault injection training by an average of 5%. Also, the proposed method provides a better resilience to Ladversarial evasion attacks compared to adversarial training by an average of 4.8%. In addition, an average 4.8% increase in the resilience to task changes is demonstrated compared to conventional fine-tuning of tuners. Moreover, meta-learning with an evolutionary strategy provides, on average, higher values of the resilience indicator. On the downside, this meta-learning method requires more iterations.