Congratulations to Dr. Greige! Laura has successfully defended her PhD thesis entitled “Anomaly Detection in Competitive Multiplayer Games”.
Tag: Deep Learning
๐ Yida Xin’s Successful Ph.D. Thesis Defense ๐
Congratulations to Dr. Xin! Yida has successfully defended his PhD thesis entitled “Disambiguating Natural Language via Aligning Meaningful Descriptions”.
Applying Manifold Learning Technique to Design Recurrent Architecture for Low Dimension Classification
Deep Neural Networks (DNNs) can have very high performance in a visual recognition task but are prone to noise and adversarial attacks. One main problem of training a DNN is the input often lay in very high dimensional space which leads to a high number of parameters to train. This raises the question of reducing the number of dimensions of the dataset. Given a high dimension dataset such as a visual dataset, how can we find a lower dimension representation that keeps the essential information of the images? With a low dimension representation, we can hopefully use a more shallow/simple architecture that can decently classify high dimensional datasets.
Image credit: scikit-learn
Complex Valued Neural Networks
Current neural network models that deal with data on the spectral plane (magnitude and phase) only take as input the magnitude, and do not incorporate, in a meaningful way, the phase information. Research has shown that the output of biological neurons is affected by the phase of its inputs. In order to bridge this separation between artificial neurons and biological neurons, I am experimenting with the effectiveness and implementation of complex valued neural networks, which would integrate the phase information meaningfully. In particular, in order to take advantage of the popular neural network software package and framework, PyTorch, I am working to simulate complex valued neural network operations through real valued neural networks. I hope that by implementing complex valued neural networks through this framework, it will be easy for other researchers to use and experiment on.
Image credit: ai-scholar.tech
Efficient Neural Networks: Reducing Network Architecture Size
Neural networks are an immensely powerful tool for many difficult problems, but often require computational power beyond that of small devices such as embedded systems, Internet of Things devices, and mobile phones. In this project we aim to create computationally efficient neural networks, networks with smaller memory and compute footprints without losing objective functionality.
Image credit: benmoseley.blog
Deep Reinforcement Learning for FlipIt Security Game
Publication:
Cite
@inproceedings{greige_deep_2022,
abstract = {Reinforcement learning has shown much success in games such as chess, backgammon and Go [21, 22, 24]. However, in most of these games, agents have full knowledge of the environment at all times. In this paper, we describe a deep learning model in which agents successfully adapt to different classes of opponents and learn the optimal counter-strategy using reinforcement learning in a game under partial observability. We apply our model to \$\$\backslashmathsf \FlipIt\$\$FlipIt[25], a two-player security game in which both players, the attacker and the defender, compete for ownership of a shared resource and only receive information on the current state of the game upon making a move. Our model is a deep neural network combined with Q-learning and is trained to maximize the defender’s time of ownership of the resource. Despite the noisy information, our model successfully learns a cost-effective counter-strategy outperforming its opponent’s strategies and shows the advantages of the use of deep reinforcement learning in game theoretic scenarios. We also extend \$\$\backslashmathsf \FlipIt\$\$FlipItto a larger action-spaced game with the introduction of a new lower-cost move and generalize the model to n-player \$\$\backslashmathsf \FlipIt\$\$FlipIt.},
address = {Cham},
author = {Greige, Laura and Chin, Peter},
booktitle = {Complex Networks & Their Applications X},
editor = {Benito, Rosa Maria and Cherifi, Chantal and Cherifi, Hocine and Moro, Esteban and Rocha, Luis M. and Sales-Pardo, Marta},
isbn = {978-3-030-93409-5},
pages = {831–843},
publisher = {Springer International Publishing},
title = {Deep Reinforcement Learning for FlipIt Security Game},
year = {2022}
}
Corrupting Data to Remove Deceptive Perturbation: Using Preprocessing Method to Improve System Robustness
Publication:
2021 International Conference on Computational Science and Computational Intelligence (CSCI) (Conference Paper)
Cite
@inproceedings{le_corrupting_2021,
abstract = {Although deep neural networks have achieved great performance on classification tasks, recent studies showed that well trained networks can be fooled by adding subtle noises. This paper introduces a new approach to improve neural network robustness by applying the recovery process on top of the naturally trained classifier. In this approach, images will be intentionally corrupted by some significant operator and then be recovered before passing through the classifiers. SARGAN – an extension on Generative Adversarial Networks (GAN) is capable of denoising radar signals. This paper will show that SARGAN can also recover corrupted images by removing the adversarial effects. Our results show that this approach does improve the performance of naturally trained networks.},
author = {Le, Hieu and Walker, Hans and Tran, Dung and Chin, Peter},
booktitle = {2021 International Conference on Computational Science and Computational Intelligence (CSCI)},
doi = {10.1109/CSCI54926.2021.00308},
month = {December},
pages = {1594–1599},
title = {Corrupting Data to Remove Deceptive Perturbation: Using Preprocessing Method to Improve System Robustness},
year = {2021}
}
๐ Xiao Zhou’s Successful Ph.D. Thesis Defense ๐
Congratulations to Dr. Zhou! Xiao has successfully defended his PhD thesis entitled “Competitive Deep Learning for Imaging Applications”.
Intrinsic Examples: Robust Fingerprinting of Deep Neural Networks
Publication:
32nd British Machine Vision Conference 2021, BMVC 2021, Online, November 22-25, 2021 (Conference Paper)
Cite
@inproceedings{wang_intrinsic_2021,
abstract = {This paper proposes to use intrinsic examples as a DNN fingerprinting technique
for the functionality verification of DNN models implemented on edge devices. The
proposed intrinsic examples do not affect the normal DNN training and can enable the
black-box testing capability for DNN models packaged into edge device applications.
We provide three algorithms for deriving intrinsic examples of the pre-trained model
(the model before the DNN system design and implementation procedure) to retrieve
the knowledge learnt from the training dataset for the detection of adversarial third-party
attacks such as transfer learning and fault injection attack that may happen during the
system implementation procedure. Besides, they can accommodate the model transformations due to various DNN model compression methods used by the system designer.},
author = {Wang, Siyue and Zhao, Pu and Wang, Xiao and Chin, Sang Peter and Wahl, Thomas and Fei, Yunsi and Chen, Qi Alfred and Lin, Xue},
booktitle = {32nd British Machine Vision Conference 2021, BMVC 2021, Online, November 22-25, 2021},
pages = {46},
publisher = {BMVA Press},
title = {Intrinsic Examples: Robust Fingerprinting of Deep Neural Networks},
url = {https://www.bmvc2021-virtualconference.com/assets/papers/0625.pdf},
year = {2021}
}
๐ Louis Jensen’s Successful Ph.D. Thesis Defense ๐
Congratulations to Dr. Jensen! Louis has successfully defended his PhD thesis entitled “Minimalism in Deep Learning”.
A Scale Invariant Measure of Flatness for Deep Network Minima
Publication:
ICASSP 2021 โ 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (Conference Paper)
Cite
@inproceedings{rangamani_scale_2021,
abstract = {It has been empirically observed that the flatness of minima obtained from training deep networks seems to correlate with better generalization. However, for deep networks with positively homogeneous activations, most measures of flatness are not invariant to rescaling of the network parameters. This means that the measure of flatness can be made as small or as large as possible through rescaling, rendering the quantitative measures meaningless. In this paper we show that for deep networks with positively homogenous activations, these rescalings constitute equivalence relations, and that these equivalence relations induce a quotient manifold structure in the parameter space. Using an appropriate Riemannian metric, we propose a Hessian-based measure for flatness that is invariant to rescaling and perform simulations to empirically verify our claim. Finally we perform experiments to verify that our flatness measure correlates with generalization by using minibatch stochastic gradient descent with different batch sizes to find deep network minima with different generalization properties.},
author = {Rangamani, Akshay and Nguyen, Nam H. and Kumar, Abhishek and Phan, Dzung and Chin, Sang Peter and Tran, Trac D.},
booktitle = {ICASSP 2021 – 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)},
doi = {10.1109/ICASSP39728.2021.9413771},
month = {June},
note = {ISSN: 2379-190X},
pages = {1680–1684},
title = {A Scale Invariant Measure of Flatness for Deep Network Minima},
year = {2021}
}
๐ Kieran Wang’s Successful Ph.D. Thesis Defense ๐
Congratulations to Dr. Wang! Kieran has successfully defended his PhD thesis entitled “Topics of Deep Learning in Security and Compression”.
AdvMS: A Multi-Source Multi-Cost Defense Against Adversarial Attacks
Publication:
ICASSP 2020 โ 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (Conference Paper)
Cite
@inproceedings{wang_advms_2020,
abstract = {Designing effective defense against adversarial attacks is a crucial topic as deep neural networks have been proliferated rapidly in many security-critical domains such as malware detection and self-driving cars. Conventional defense methods, although shown to be promising, are largely limited by their single-source single-cost nature: The robustness promotion tends to plateau when the defenses are made increasingly stronger while the cost tends to amplify. In this paper, we study principles of designing multi-source and multi-cost schemes where defense performance is boosted from multiple defending components. Based on this motivation, we propose a multi-source and multi-cost defense scheme, Adversarially Trained Model Switching (AdvMS), that inherits advantages from two leading schemes: adversarial training and random model switching. We show that the multi-source nature of AdvMS mitigates the performance plateauing issue and the multi-cost nature enables improving robustness at a flexible and adjustable combination of costs over different factors which can better suit specific restrictions and needs in practice.},
author = {Wang, Xiao and Wang, Siyue and Chen, Pin-Yu and Lin, Xue and Chin, Peter},
booktitle = {ICASSP 2020 – 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)},
doi = {10.1109/ICASSP40776.2020.9052967},
month = {May},
note = {ISSN: 2379-190X},
pages = {2902–2906},
title = {AdvMS: A Multi-Source Multi-Cost Defense Against Adversarial Attacks},
year = {2020}
}
Block Switching: A Stochastic Approach for Deep Learning Security
Publication:
Cite
@misc{wang_block_2020,
abstract = {Recent study of adversarial attacks has revealed the vulnerability of modern deep learning models. That is, subtly crafted perturbations of the input can make a trained network with high accuracy produce arbitrary incorrect predictions, while maintain imperceptible to human vision system. In this paper, we introduce Block Switching (BS), a defense strategy against adversarial attacks based on stochasticity. BS replaces a block of model layers with multiple parallel channels, and the active channel is randomly assigned in the run time hence unpredictable to the adversary. We show empirically that BS leads to a more dispersed input gradient distribution and superior defense effectiveness compared with other stochastic defenses such as stochastic activation pruning (SAP). Compared to other defenses, BS is also characterized by the following features: (i) BS causes less test accuracy drop; (ii) BS is attack-independent and (iii) BS is compatible with other defenses and can be used jointly with others.},
annote = {Comment: Accepted by AdvML19: Workshop on Adversarial Learning Methods for Machine Learning and Data Mining at KDD, Anchorage, Alaska, USA, August 5th, 2019, 5 pages},
author = {Wang, Xiao and Wang, Siyue and Chen, Pin-Yu and Lin, Xue and Chin, Peter},
keywords = {Computer Science – Computer Vision and Pattern Recognition, Computer Science – Machine Learning},
month = {February},
note = {arXiv:2002.07920 [cs]},
publisher = {arXiv},
shorttitle = {Block Switching},
title = {Block Switching: A Stochastic Approach for Deep Learning Security},
url = {http://arxiv.org/abs/2002.07920},
urldate = {2022-08-06},
year = {2020}
}
Defensive Dropout for Hardening Deep Neural Networks under Adversarial Attacks
Publication:
2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD) (Conference Paper)
Cite
@inproceedings{wang_defensive_2018,
abstract = {Deep neural networks (DNNs) are known vulnerable to adversarial attacks. That is, adversarial examples, obtained by adding delicately crafted distortions onto original legal inputs, can mislead a DNN to classify them as any target labels. This work provides a solution to hardening DNNs under adversarial attacks through defensive dropout. Besides using dropout during training for the best test accuracy, we propose to use dropout also at test time to achieve strong defense effects. We consider the problem of building robust DNNs as an attacker-defender two-player game, where the attacker and the defender know each others’ strategies and try to optimize their own strategies towards an equilibrium. Based on the observations of the effect of test dropout rate on test accuracy and attack success rate, we propose a defensive dropout algorithm to determine an optimal test dropout rate given the neural network model and the attacker’s strategy for generating adversarial examples. We also investigate the mechanism behind the outstanding defense effects achieved by the proposed defensive dropout. Comparing with stochastic activation pruning (SAP), another defense method through introducing randomness into the DNN model, we find that our defensive dropout achieves much larger variances of the gradients, which is the key for the improved defense effects (much lower attack success rate). For example, our defensive dropout can reduce the attack success rate from 100% to 13.89% under the currently strongest attack i.e., C&W attack on MNIST dataset.},
author = {Wang, Siyue and Wang, Xiao and Zhao, Pu and Wen, Wujie and Kaeli, David and Chin, Peter and Lin, Xue},
booktitle = {2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)},
doi = {10.1145/3240765.3264699},
month = {November},
note = {ISSN: 1558-2434},
pages = {1–8},
title = {Defensive Dropout for Hardening Deep Neural Networks under Adversarial Attacks},
year = {2018}
}
๐ Ken Zhou’s Successful M.S. Thesis Defense ๐
Congratulations to Ken Zhou! Ken has successfully defended his MS thesis entitled “Bidirectional Long Short-term Memory Network For Proto-object Representation”.
Using Deep Learning to Extract Scenery Information in Real Time Spatiotemporal Compressed Sensing
Cite
@inproceedings{wang_using_2018,
abstract = {One of the problems of real time compressed sensing system is the computational cost of the reconstruction algorithms. It is especially problematic for close loop sensory applications where the sensory parameters needs to be constantly adjust to adapt to a dynamic scene. Through a preliminary experiment with MNIST dataset, we showed that we can extract some scene information (object recognition, scene movement direction and speed) based on the compressed samples using a deep convolutional neural network. It achieves 100% percent accuracy in distinguishing moving velocity, 96.22% in recognizing the digit and 90.04% in detecting moving direction after the code images are re-centered. Even though the classification accuracy drops slightly compared to using original videos, the computational speed is two time faster than classification on videos directly. This method also eliminates the need for sparse reconstruction prior to classification.},
author = {Wang, Xiao and Zhang, Jie and Xiong, Tao and Tran, Trac Duy and Chin, Sang Peter and Etienne-Cummings, Ralph},
booktitle = {2018 IEEE International Symposium on Circuits and Systems (ISCAS)},
doi = {10.1109/ISCAS.2018.8351736},
month = {May},
note = {ISSN: 2379-447X},
pages = {1–4},
title = {Using Deep Learning to Extract Scenery Information in Real Time Spatiotemporal Compressed Sensing},
year = {2018}
}
Deep learning-based classification and anomaly detection of side-channel signals
Publication:
Cite
@inproceedings{wang_deep_2018,
abstract = {In computer systems, information leaks from the physical hardware through side-channel signals such as power draw. We can exploit these signals to infer the state of ongoing computational tasks without having direct access to the device. This paper investigates the application of recent deep learning techniques to side-channel analysis in both classification of machine state and anomaly detection. We use real data collected from three different devices: an Arduino, a Raspberry Pi, and a Siemens PLC. For classification we compare the performance of a Multi-Layer Perceptron and a Long Short-Term Memory classifiers. Both achieve near-perfect accuracy on binary classification and around 90% accuracy on a multi-class problem. For anomaly detection we explore an autoencoder based model. Our experiments show the potential of using these deep learning techniques in side-channel analysis and cyber-attack detection.},
author = {Wang, Xiao and Zhou, Quan and Harer, Jacob and Brown, Gavin and Qiu, Shangran and Dou, Zhi and Wang, John and Hinton, Alan and Gonzalez, Carlos Aguayo and Chin, Peter},
booktitle = {Cyber Sensing 2018},
doi = {10.1117/12.2311329},
editor = {Ternovskiy, Igor V. and Chin, Peter},
keywords = {Anomaly Detection, Classification, Deep Learning, Side-channel Analysis},
note = {Backup Publisher: International Society for Optics and Photonics},
pages = {37 — 44},
publisher = {SPIE},
title = {Deep learning-based classification and anomaly detection of side-channel signals},
url = {https://doi.org/10.1117/12.2311329},
volume = {10630},
year = {2018}
}
๐ Tao Xiong’s Successful Ph.D. Thesis Defense ๐
Congratulations to Dr. Xiong! Tao has successfully defended his PhD thesis entitled “Data-Driven Representation, Learning and Applications: From Compressed Sensing to Deep Neural Networks”.