Playing to distraction: towards a robust training of CNN classifiers through visual explanation techniques

The field of deep learning is evolving in different directions, with still the need for more efficient training strategies. In this work, we present a novel and robust training scheme that integrates visual explanation techniques in the learning process. Unlike the attention mechanisms that focus on the relevant parts of images, we aim to improve the robustness of the model by making it pay attention to other regions as well. Broadly speaking, the idea is to distract the classifier in the learning process to force it to focus not only on relevant regions but also on those that, a priori, are not so informative for the discrimination of the class. We tested the proposed approach by embedding it into the learning process of a convolutional neural network for the analysis and classification of two well-known datasets, namely Stanford cars and FGVC-Aircraft. Furthermore, we evaluated our model on a real-case scenario for the classification of egocentric images, allowing us to obtain relevant information about peoples' lifestyles. In particular, we work on the challenging EgoFoodPlaces dataset, achieving state-of-the-art results with a lower level of complexity. The obtained results indicate the suitability of our proposed training scheme for image classification, improving the robustness of the final model.Comment: 20 pages,3 figures, 4 table

Economic development, demographic characteristics, road network and traffic accidents in Zhongshan, China: gradient boosting decision tree model

This paper explores the joint effects of economic development, demographic characteristics and road network on road safety. Although extensive efforts have been undertaken to model safety effects of various influential factors, little evidence is provided on the relative importance of explanatory variables by accounting for their mutual interactions and non-linear effects. We present an innovative gradient boosting decision tree (GBDT) model to explore joint effects of comprehensive factors on four traffic accident indicators (the number of traffic accidents, injuries, deaths, and the economic loss). A total of 27 elaborated influential factors in Zhongshan, China during 2000–2016 are collected. Results show that GBDT not only presents high prediction accuracy, but can also handle the multicollinearity between explanatory variables; more importantly, it can rank the influential factors on traffic accidents. We also investigate the partial effects of key influential factors. Based on key findings, we highlight the practical insights for planning practice

Towards Secure Deep Neural Networks for Cyber-Physical Systems

In recent years, deep neural networks (DNNs) are increasingly investigated in the literature to be employed in cyber-physical systems (CPSs). DNNs own inherent advantages in complex pattern identifying and achieve state-of-the-art performances in many important CPS applications. However, DNN-based systems usually require large datasets for model training, which introduces new data management issues. Meanwhile, research in the computer vision domain demonstrated that the DNNs are highly vulnerable to adversarial examples. Therefore, the security risks of employing DNNs in CPSs applications are of concern. In this dissertation, we study the security of employing DNNs in CPSs from both the data domain and learning domain. For the data domain, we study the data privacy issues of outsourcing the CPS data to cloud service providers (CSP). We design a space-efficient searchable symmetric encryption scheme that allows the user to query keywords over the encrypted CPS data that is stored in the cloud. After that, we study the security risks that adversarial machine learning (AML) can bring to the CPSs. Based on the attacker properties, we further separate AML in CPS into the customer domain and control domain. We analyze the DNN-based energy theft detection in advanced meter infrastructure as an example for customer domain attacks. The adversarial attacks to control domain CPS applications are more challenging and stringent. We then propose ConAML, a general AML framework that enables the attacker to generate adversarial examples under practical constraints. We evaluate the framework with three CPS applications in transportation systems, power grids, and water systems. To mitigate the threat of adversarial attacks, more robust DNNs are required for critical CPSs. We summarize the defense requirements for CPS applications and evaluate several typical defense mechanisms. For control domain adversarial attacks, we demonstrate that defensive methods like adversarial detection are not capable due to the practical attack requirements. We propose a random padding framework that can significantly increase the DNN robustness under adversarial attacks. The evaluation results show that our padding framework can reduce the effectiveness of adversarial examples in both customer domain and control domain applications