Robust Reasoning for Autonomous Cyber-Physical Systems in Dynamic Environments

Autonomous cyber-physical systems, CPS, in dynamic environments must work impeccably. The cyber-physical systems must handle tasks consistently and trustworthily, i.e., with a robust behavior. Robust systems, in general, require making valid and solid decisions using one or a combination of robust reasoning strategies, algorithms, and robustness analysis. However, in dynamic environments, data can be incomplete, skewed, contradictory, and redundant impacting the reasoning. Basing decisions on these data can lead to inconsistent, irrational, and unreasonable cyber-physical systems' movements, adversely impacting the system’s reliability and integrity. This paper presents the assessment of robust reasoning for autonomous cyber-physical systems in dynamic environments. In this work, robust reasoning is considered as 1) the capability of drawing conclusions with available data by applying classical and non-classical reasoning strategies and algorithms and 2) act and react robustly and safely in dynamic environments by employing robustness analysis to provide options on possible actions and evaluate alternative decisions. The result of the research shows that different common existing strategies, algorithms and analyses can be provided together with a comparison of their applicabilities, benefits, and drawbacks in the context of cyber-physical systems operating in dynamically changing environments. The conclusion is that robust reasoning in cyber-physical systems can handle dynamic environments. Moreover, combining these strategies and algorithms with robustness analysis can support achieving robust behavior in autonomous cyber-physical systems while operating in dynamically changing environments

RAB: Provable Robustness Against Backdoor Attacks

Recent studies have shown that deep neural networks (DNNs) are vulnerable to adversarial attacks, including evasion and backdoor (poisoning) attacks. On the defense side, there have been intensive efforts on improving both empirical and provable robustness against evasion attacks; however, provable robustness against backdoor attacks still remains largely unexplored. In this paper, we focus on certifying the machine learning model robustness against general threat models, especially backdoor attacks. We first provide a unified framework via randomized smoothing techniques and show how it can be instantiated to certify the robustness against both evasion and backdoor attacks. We then propose the first robust training process, RAB, to smooth the trained model and certify its robustness against backdoor attacks. We derive the robustness bound for machine learning models trained with RAB, and prove that our robustness bound is tight. In addition, we show that it is possible to train the robust smoothed models efficiently for simple models such as K-nearest neighbor classifiers, and we propose an exact smooth-training algorithm which eliminates the need to sample from a noise distribution for such models. Empirically, we conduct comprehensive experiments for different machine learning (ML) models such as DNNs, differentially private DNNs, and K-NN models on MNIST, CIFAR-10 and ImageNet datasets, and provide the first benchmark for certified robustness against backdoor attacks. In addition, we evaluate K-NN models on a spambase tabular dataset to demonstrate the advantages of the proposed exact algorithm. Both the theoretic analysis and the comprehensive evaluation on diverse ML models and datasets shed lights on further robust learning strategies against general training time attacks.Comment: 31 pages, 5 figures, 7 table