A Black-box Attack on Neural Networks Based on Swarm Evolutionary Algorithm

Neural networks play an increasingly important role in the field of machine learning and are included in many applications in society. Unfortunately, neural networks suffer from adversarial samples generated to attack them. However, most of the generation approaches either assume that the attacker has full knowledge of the neural network model or are limited by the type of attacked model. In this paper, we propose a new approach that generates a black-box attack to neural networks based on the swarm evolutionary algorithm. Benefiting from the improvements in the technology and theoretical characteristics of evolutionary algorithms, our approach has the advantages of effectiveness, black-box attack, generality, and randomness. Our experimental results show that both the MNIST images and the CIFAR-10 images can be perturbed to successful generate a black-box attack with 100\% probability on average. In addition, the proposed attack, which is successful on distilled neural networks with almost 100\% probability, is resistant to defensive distillation. The experimental results also indicate that the robustness of the artificial intelligence algorithm is related to the complexity of the model and the data set. In addition, we find that the adversarial samples to some extent reproduce the characteristics of the sample data learned by the neural network model

Weighted-Sampling Audio Adversarial Example Attack

Recent studies have highlighted audio adversarial examples as a ubiquitous threat to state-of-the-art automatic speech recognition systems. Thorough studies on how to effectively generate adversarial examples are essential to prevent potential attacks. Despite many research on this, the efficiency and the robustness of existing works are not yet satisfactory. In this paper, we propose~\textit{weighted-sampling audio adversarial examples}, focusing on the numbers and the weights of distortion to reinforce the attack. Further, we apply a denoising method in the loss function to make the adversarial attack more imperceptible. Experiments show that our method is the first in the field to generate audio adversarial examples with low noise and high audio robustness at the minute time-consuming level.Comment: https://aaai.org/Papers/AAAI/2020GB/AAAI-LiuXL.9260.pd

Decision-Based Marginal Total Variation Diffusion for Impulsive Noise Removal in Color Images

Impulsive noise removal for color images usually employs vector median filter, switching median filter, the total variation L1 method, and variants. These approaches, however, often introduce excessive smoothing and can result in extensive visual feature blurring and thus are suitable only for images with low density noise. A marginal method to reduce impulsive noise is proposed in this paper that overcomes this limitation that is based on the following facts: (i) each channel in a color image is contaminated independently, and contaminative components are independent and identically distributed; (ii) in a natural image the gradients of different components of a pixel are similar to one another. This method divides components into different categories based on different noise characteristics. If an image is corrupted by salt-and-pepper noise, the components are divided into the corrupted and the noise-free components; if the image is corrupted by random-valued impulses, the components are divided into the corrupted, noise-free, and the possibly corrupted components. Components falling into different categories are processed differently. If a component is corrupted, modified total variation diffusion is applied; if it is possibly corrupted, scaled total variation diffusion is applied; otherwise, the component is left unchanged. Simulation results demonstrate its effectiveness

Kernel Recursive Least-Squares Temporal Difference Algorithms with Sparsification and Regularization

By combining with sparse kernel methods, least-squares temporal difference (LSTD) algorithms can construct the feature dictionary automatically and obtain a better generalization ability. However, the previous kernel-based LSTD algorithms do not consider regularization and their sparsification processes are batch or offline, which hinder their widespread applications in online learning problems. In this paper, we combine the following five techniques and propose two novel kernel recursive LSTD algorithms: (i) online sparsification, which can cope with unknown state regions and be used for online learning, (ii)L2andL1regularization, which can avoid overfitting and eliminate the influence of noise, (iii) recursive least squares, which can eliminate matrix-inversion operations and reduce computational complexity, (iv) a sliding-window approach, which can avoid caching all history samples and reduce the computational cost, and (v) the fixed-point subiteration and online pruning, which can makeL1regularization easy to implement. Finally, simulation results on two 50-state chain problems demonstrate the effectiveness of our algorithms.</jats:p

Adversarial Samples on Android Malware Detection Systems for IoT Systems

Many IoT(Internet of Things) systems run Android systems or Android-like systems. With the continuous development of machine learning algorithms, the learning-based Android malware detection system for IoT devices has gradually increased. However, these learning-based detection models are often vulnerable to adversarial samples. An automated testing framework is needed to help these learning-based malware detection systems for IoT devices perform security analysis. The current methods of generating adversarial samples mostly require training parameters of models and most of the methods are aimed at image data. To solve this problem, we propose a \textbf{t}esting framework for \textbf{l}earning-based \textbf{A}ndroid \textbf{m}alware \textbf{d}etection systems(TLAMD) for IoT Devices. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample without affecting the features of the application. By introducing genetic algorithms and some technical improvements, our test framework can generate adversarial samples for the IoT Android Application with a success rate of nearly 100\% and can perform black-box testing on the system

Superconductivity in a new layered cobalt oxychalcogenide Na6_{6}Co3_{3}Se6_{6}O3_{3} with a 3d5d^{5} triangular lattice

Unconventional superconductivity in bulk materials under ambient pressure is extremely rare among the 3$d$ transition-metal compounds outside the layered cuprates and iron-based family. It is predominantly linked to highly anisotropic electronic properties and quasi-two-dimensional (2D) Fermi surfaces. To date, the only known example of the Co-based exotic superconductor was the hydrated layered cobaltate, Na$_{x}$CoO$_{2}\cdot$ yH$_{2}$O, and its superconductivity is realized in the vicinity of a spin-1/2 Mott state. However, the nature of the superconductivity in these materials is still an active subject of debate, and therefore, finding new class of superconductors will help unravel the mysteries of their unconventional superconductivity. Here we report the discovery of unconventional superconductivity at $\sim$ 6.3 K in our newly synthesized layered compound Na$_{6}$Co$_{3}$Se$_{6}$O$_{3}$, in which the edge-shared CoSe$_{6}$ octahedra form [CoSe$_{2}$] layers with a perfect triangular lattice of Co ions. It is the first 3$d$ transition-metal oxychalcogenide superconductor with distinct structural and chemical characteristics. Despite its relatively low $T_{c}$, material exhibits extremely high superconducting upper critical fields, $\mu_{0}H_{c2}(0)$, which far exceeds the Pauli paramagnetic limit by a factor of 3 - 4. First-principles calculations show that Na$_{6}$Co$_{3}$Se$_{6}$O$_{3}$ is a rare example of negative charge transfer superconductor. This new cobalt oxychalcogenide with a geometrical frustration among Co spins, shows great potential as a highly appealing candidate for the realization of high-$T_{c}$ and/or unconventional superconductivity beyond the well-established Cu- and Fe-based superconductor families, and opened a new field in physics and chemistry of low-dimensional superconductors

Strongly coupled magneto-exciton condensates in large-angle twisted double bilayer graphene

Excitons, the bosonic quasiparticle emerging from Coulomb interaction between electrons and holes, will undergo a Bose-Einstein condensation(BEC) and transition into a superfluid state with global phase coherence at low temperatures. An important platform to study such excitonic physics is built on double-layer quantum wells or recent two-dimensional material heterostructures, where two parallel planes of electrons and holes are separated by a thin insulating layer. Lowering this separation distance ($d$) enhances the interlayer Coulomb interaction thereby strengthens the exciton binding energy. However, an exceedingly small $d$ will lead to the undesired interlayer tunneling, which results the annihilation of excitons. Here, we report the observation of a sequences of robust exciton condensates(ECs) in double bilayer graphenes twisted to $\sim 10^\circ$ with no insulating mid-layer. The large momentum mismatch between the two graphene layers well suppress the interlayer tunneling, allowing us to reach the separation lower limit $\sim$ 0.334 nm and investigate ECs in the extreme coupling regime. Carrying out transport measurements on the bulk and edge of the devices, we find incompressible states corresponding to ECs when both layers are half-filled in the $N=0$ and $N=1$ Landau levels (LLs). The comparison between these ECs and theoretical calculations suggest that the low-energy charged excitation of ECs can be meron-antimeron or particle-hole pair, which relies on both LL index and carrier type. Our results establish large-angle twisted bilayers as an experimental platform with extreme coupling strength for studying quantum bosonic phase and its low-energy excitations

Tunable even- and odd-denominator fractional quantum Hall states in trilayer graphene

The fractional quantum Hall (FQH) states are exotic quantum many-body phases whose elementary charged excitations are neither bosons nor fermions but anyons, obeying fractional braiding statistics. While most FQH states are believed to have Abelian anyons, the Moore-Read type states with even denominators, appearing at half filling of a Landau level (LL), are predicted to possess non-Abelian excitations with appealing potentials in topological quantum computation. These states, however, depend sensitively on the orbital contents of the single-particle LL wavefunction and the mixing between different LLs. Although they have been observed in a few materials, their non-Abelian statistics still awaits experimental confirmation. Here we show magnetotransport measurements on Bernal-stacked trilayer graphene (TLG), whose unique multiband structure facilitates the interlaced LL mixing, which can be controlled by external magnetic and displacement fields. We observe a series of robust FQH states including even-denominator ones at filling factors $\nu=-9/2$, $-3/2$, $3/2$ and $9/2$. In addition, we are able to finetune the LL mixing and crossings to drive quantum phase transitions of these half-filling states and their neighboring odd-denominator ones, exhibiting a related emerging and waning behavior. Our results establish TLG as a controllable system for tuning the weights of LL orbitals and mixing strength, and a fresh platform to seek for non-Abelian quasi-particles