Adversarial machine learning for cyber security

This master thesis aims to take advantage of state of the art and tools that have been developed in Adversarial Machine Learning (AML) and related research branches to strengthen Machine Learning (ML) models used in cyber security. First, it seeks to collect, organize and summarize the most recent and potential state-of-the-art techniques in AML, considering that it is a research branch in an unstable state with a great diversity of difficult to contrast proposals, which rapidly evolve but are quickly replaced by attacks or defenses with greater potential. This summary is important considering that the AML literature is far from being able to create defensive techniques that effectively protect a ML model from all possible attacks, and it is relevant to analyze them both in detail and with criteria in order to apply them in practice. It is also useful to find biases in state-of-the-art to be considered regarding the measurement of the attack or defense effectiveness, which can be addressed by proposing methodologies and metrics to mitigate them. Additionally, it is considered inappropriate to analyze AML in isolation, considering that the robustness of a ML model to adversarial attacks is totally related to its generalization capacity to in-distribution cases, to its robustness to out-of-distribution cases, and to the possibility of overinterpretation, using spurious (but statistically valid) patterns in the model that may give a false sense of high performance. Therefore, this thesis proposes a methodology to previously evaluate the exposure of a model to these considerations, focusing on improving it in progressive order of priorities in each of its stages, and to guarantee satisfactory overall robustness. Based on this methodology, two interesting case studies are chosen to be explored in greater depth to evaluate their robustness to adversarial attacks, perform attacks to gain insights about their strengths and weaknesses, and finally propose improvements. In this process, all kinds of approaches are used depending on the type of problem evaluated and its assumptions, performing exploratory analysis, applying AML attacks and detailing their implications, proposing improvements and implementation of defenses such as Adversarial Training, and finally creating and proposing a methodology to correctly evaluate the effectiveness of a defense avoiding the biases of the state of the art. For each of the case studies, it is possible to create efficient adversarial attacks, analyze the strengths of each model, and in the case of the second case study, it is possible to increase the adversarial robustness of a Classification Convolutional Neural Network using Adversarial Training. This leads to other positive effects on the model, such as a better representation of the data, easier implementation of techniques to detect adversarial cases through anomaly analysis, and insights concerning its performance to reinforce the model from other viewp

Problems and shortcuts in deep learning for screening mammography

This work reveals undiscovered challenges in the performance and generalizability of deep learning models. We (1) identify spurious shortcuts and evaluation issues that can inflate performance and (2) propose training and analysis methods to address them. We trained an AI model to classify cancer on a retrospective dataset of 120,112 US exams (3,467 cancers) acquired from 2008 to 2017 and 16,693 UK exams (5,655 cancers) acquired from 2011 to 2015. We evaluated on a screening mammography test set of 11,593 US exams (102 cancers; 7,594 women; age 57.1 \pm 11.0) and 1,880 UK exams (590 cancers; 1,745 women; age 63.3 \pm 7.2). A model trained on images of only view markers (no breast) achieved a 0.691 AUC. The original model trained on both datasets achieved a 0.945 AUC on the combined US+UK dataset but paradoxically only 0.838 and 0.892 on the US and UK datasets, respectively. Sampling cancers equally from both datasets during training mitigated this shortcut. A similar AUC paradox (0.903) occurred when evaluating diagnostic exams vs screening exams (0.862 vs 0.861, respectively). Removing diagnostic exams during training alleviated this bias. Finally, the model did not exhibit the AUC paradox over scanner models but still exhibited a bias toward Selenia Dimension (SD) over Hologic Selenia (HS) exams. Analysis showed that this AUC paradox occurred when a dataset attribute had values with a higher cancer prevalence (dataset bias) and the model consequently assigned a higher probability to these attribute values (model bias). Stratification and balancing cancer prevalence can mitigate shortcuts during evaluation. Dataset and model bias can introduce shortcuts and the AUC paradox, potentially pervasive issues within the healthcare AI space. Our methods can verify and mitigate shortcuts while providing a clear understanding of performance

Analyzing Vision Transformers for Image Classification in Class Embedding Space

Despite the growing use of transformer models in computer vision, a mechanistic understanding of these networks is still needed. This work introduces a method to reverse-engineer Vision Transformers trained to solve image classification tasks. Inspired by previous research in NLP, we demonstrate how the inner representations at any level of the hierarchy can be projected onto the learned class embedding space to uncover how these networks build categorical representations for their predictions. We use our framework to show how image tokens develop class-specific representations that depend on attention mechanisms and contextual information, and give insights on how self-attention and MLP layers differentially contribute to this categorical composition. We additionally demonstrate that this method (1) can be used to determine the parts of an image that would be important for detecting the class of interest, and (2) exhibits significant advantages over traditional linear probing approaches. Taken together, our results position our proposed framework as a powerful tool for mechanistic interpretability and explainability research.Comment: NeurIPS 202

Convolutional neural networks for the classification of guitar effects and extraction of the parameter settings of single and multi-guitar effects from instrument mixes

Guitar effects are commonly used in popular music to shape the guitar sound to fit specific genres, or to create more variety within musical compositions. The sound not only is determined by the choice of the guitar effect, but also heavily depends on the parameter settings of the effect. Previous research focused on the classification of guitar effects and extraction of their parameter settings from solo guitar audio recordings. However, more realistic is the classification and extraction from instrument mixes. This work investigates the use of convolution neural networks (CNNs) for the classification and parameter extraction of guitar effects from audio samples containing guitar, bass, keyboard, and drums. The CNN was compared to baseline methods previously proposed, like support vector machines and shallow neural networks together with predesigned features. On two datasets, the CNN achieved classification accuracies 1-5% above the baseline accuracy, achieving up to 97.4% accuracy. With parameter values between 0.0 and 1.0, mean absolute parameter extraction errors of below 0.016 for the distortion, below 0.052 for the tremolo, and below 0.038 for the slapback delay effect were achieved, matching or surpassing the presumed human expert error of 0.05. The CNN approach was found to generalize to further effects, achieving mean absolute parameter extraction errors below 0.05 for the chorus, phaser, reverb, and overdrive effect. For sequentially applied combinations of distortion, tremolo, and slapback delay, the mean extraction error slightly increased from the performance for the single effects to the range of 0.05 to 0.1. The CNN was found to be moderately robust to noise and pitch changes of the background instrumentation suggesting that the CNN extracted meaningful features

Leakage and the Reproducibility Crisis in ML-based Science

The use of machine learning (ML) methods for prediction and forecasting has become widespread across the quantitative sciences. However, there are many known methodological pitfalls, including data leakage, in ML-based science. In this paper, we systematically investigate reproducibility issues in ML-based science. We show that data leakage is indeed a widespread problem and has led to severe reproducibility failures. Specifically, through a survey of literature in research communities that adopted ML methods, we find 17 fields where errors have been found, collectively affecting 329 papers and in some cases leading to wildly overoptimistic conclusions. Based on our survey, we present a fine-grained taxonomy of 8 types of leakage that range from textbook errors to open research problems. We argue for fundamental methodological changes to ML-based science so that cases of leakage can be caught before publication. To that end, we propose model info sheets for reporting scientific claims based on ML models that would address all types of leakage identified in our survey. To investigate the impact of reproducibility errors and the efficacy of model info sheets, we undertake a reproducibility study in a field where complex ML models are believed to vastly outperform older statistical models such as Logistic Regression (LR): civil war prediction. We find that all papers claiming the superior performance of complex ML models compared to LR models fail to reproduce due to data leakage, and complex ML models don't perform substantively better than decades-old LR models. While none of these errors could have been caught by reading the papers, model info sheets would enable the detection of leakage in each case

Statistical Methods For The Analysis And Development Of Quantitative Imaging Biomarkers

The field of neuroimaging statistics is concerned with elucidating meaningful conclusions from high-dimensional imaging objects, often in the form of single-dimensioned summary statistics. Ideally, these summaries should provide interpretable biomarker measurements that can guide patient diagnoses or treatment decisions while minimizing information loss associated with dimension reduction. This dissertation is focused on (1) exploring methods for analyzing previously developed imaging biomarkers and (2) developing new imaging biomarkers using both well-established and novel imaging analysis techniques. We approach this problem in three ways: in our first project, we assess how previously developed imaging biomarkers can best be incorporated into downstream analyses in the context of a clinical trial. This work conceptualizes imaging biomarkers as measurements which intrinsically contain historical information on a patient and examines the effect of incorporating these predictors on the statistical power in a clinical trial analysis. For our second project, we develop a radiomic predictor that automatically identifies an important prognostic biomarker in multiple sclerosis, relying on quantification of imaging patterns potentially associated with brain atrophy and more severe disease courses. In our third project, we construct a coordinate system and framework for multiple sclerosis lesions analyses for more sensitive and specific biomarker development. We use dimension reduction and flexible nonparametric modelling to assess the diagnostic value of this method. These methods lay the groundwork for improving future work developing and utilizing imaging biomarkers with imaging statistics

Functional and structural substrates of increased dosage of Grik4 gene elucidated using multi-modal MRI

Grik4 is the gene responsible for encoding the high-affinity GluK4 subunit of the kainate receptors. Increased dosage of this subunit in the forebrain was linked to an increased level of anxiety, lack of social communication, and depression. On the synaptic level, abnormal synaptic transmission was also reported. The manifestations of this abnormal expression have not been investigated at the circuit level, nor the correlations between those circuits and the abnormal patterns of the behavior previously reported. In this line of work, we aspired to use different non-invasive magnetic resonance imaging (MRI) modalities to elucidate any disturbance that might stem from the increased dosage of Grik4 and how those changes might explain the abnormal behaviors. MRI offers a noninvasive way to look into the intact brain in vivo. Resting-state functional MRI casts light on how the brain function at rest on the network level and has the capability to detect any anomalies that might occur within or between those networks. On the microstructural level, the diffusion MRI is concerned with the underlying features of the tissues, using the diffusion of water molecules as a proxy for that end. Moving more macroscopically, using structural scans, voxel-based morphometry can detect subtle differences in the morphology of the different brain structures. We recorded videos of our animals performing two tasks that have long been linked to anxiety, the open field and the plus-maze tests before acquiring structural and functional scans. Lastly, we recorded blood-oxygenationlevel dependent (BOLD) signals in a different set of animals during electrical stimulation of specific white matter tracts in order to investigate how neuronal activity propagates. Our analysis showed a vast spectrum of changes in the transgenic group relative to the animals in the control group. On the resting-state networks level, we observed an increase in the within-network strength spanning different structures such as the hippocampus, some regions of the cortex, and the hypothalamus. The increased internal coherence or strength in the networks contrasted with a significant reduction in between-networks connectivity for some regions such as parts of the cortex and the hypothalamus, suggesting long-range network decorrelation. Supporting this idea, major white matter (WM) tracts, such as the corpus callosum and the hippocampal commissure, suffered from substantial changes compatible with an important reduction in myelination and/or a decrease in the mean axonal diameter. Macrostructurally speaking, the overexpression of GluK4 subunit had a bimodal effect, with expansion in some cortical areas in the transgenic animals accompanied by a shrinkage in the subcortical regions. Upon stimulating the brain with an electrical current, we noticed a difference in activity propagation between the two hemispheres. In transgenic animals, the evoked activity remained more confined to the stimulated hemisphere, again consistent with an impaired long-range connectivity. The structural changes both, at the micro and macro level, were in tight correlation with different aspects of the behavior including markers of anxiety such as the time spent in the open arms vs the closed arms in the plus-maze test and the time spent in the center vs the corners in the open field test. Our findings reveal how the disruption of kainate receptors, or more globally the glutamate receptors, and the abnormal synaptic transmission can translate into brain-wide changes in connectivity and alter the functional equilibrium between macro-and mesoscopic networks. The postsynaptic enhancement previously reported in the transgenic animals was here reflected in the BOLD signal and measured as an increase in the within-network strength. Importantly, the correlations between the structural changes and the behavior help to put the developmental changes and their behavioral ramifications into context. RESUMEN Grik4 es el gen responsable de codificar la subunidad GluK4 de alta afinidad de los receptores de kainato. El aumento de la dosis de esta subunidad en el prosencéfalo se relacionó con un mayor nivel de ansiedad, falta de comunicación social y depresión. A nivel sináptico, también se informó una transmisión sináptica anormal. Las manifestaciones de esta expresión anormal no se han investigado a nivel de circuito, ni las correlaciones entre esos circuitos y los patrones anormales de la conducta previamente informada. En esta línea de trabajo, aspiramos a utilizar diferentes modalidades de imágenes por resonancia magnética (MRI) no invasivas para dilucidar cualquier alteración que pudiera derivarse del aumento de la dosis de Grik4 y cómo esos cambios podrían explicar los comportamientos anormales. La resonancia magnética ofrece una forma no invasiva de observar el cerebro intacto in vivo. La resonancia magnética funcional en estado de reposo arroja luz sobre cómo funciona el cerebro en reposo en el nivel de la red y tiene la capacidad de detectar cualquier anomalía que pueda ocurrir dentro o entre esas redes. En el nivel microestructural, la resonancia magnética de difusión se ocupa de las características subyacentes de los tejidos utilizando la difusión de moléculas de agua como un proxy para ese fin. Moviéndose más macroscópicamente, utilizando escaneos estructurales, la morfometría basada en vóxeles puede detectar diferencias sutiles en la morfología de las diferentes estructuras cerebrales. Grabamos videos de nuestros animales realizando dos tareas que durante mucho tiempo se han relacionado con la ansiedad, el campo abierto y las pruebas de laberinto positivo antes de adquirir escaneos estructurales y funcionales. Por último, registramos señales dependientes del nivel de oxigenación de la sangre (BOLD) en un grupo diferente de animales durante la estimulación eléctrica de tractos específicos de materia blanca para investigar cómo se propaga la actividad neuronal. Nuestro análisis mostró un amplio espectro de cambios en el grupo transgénico en relación con los animales en el grupo de control. En el nivel de las redes de estado de reposo, observamos un aumento en la fuerza dentro de la red que abarca diferentes estructuras como el hipocampo, algunas regiones de la corteza y el hipotálamo. La mayor coherencia interna o fuerza en las redes contrastó con una reducción significativa en la conectividad entre redes para algunas regiones como partes de la corteza y el hipotálamo, lo que sugiere una descorrelación de redes de largo alcance. Apoyando esta idea, los grandes tractos de materia blanca (WM), como el cuerpo calloso y la comisura del hipocampo, sufrieron cambios sustanciales compatibles con una importante reducción de la mielinización y / o una disminución del diámetro axonal medio. Macroestructuralmente hablando, la sobreexpresión de la subunidad GluK4 tuvo un efecto bimodal, con expansión en algunas áreas corticales en los animales transgénicos acompañada de una contracción en las regiones subcorticales. Al estimular el cerebro con una corriente eléctrica, notamos una diferencia en la propagación de la actividad entre las dos hemiesferas. En los animales transgénicos, la actividad evocada permaneció más confinada al hemisferio estimulado, de nuevo consistente con una conectividad de largo alcance deteriorada. Los cambios estructurales, tanto a nivel micro como macro, estaban en estrecha correlación con diferentes aspectos de la conducta, incluidos marcadores de ansiedad como el tiempo pasado con los brazos abiertos frente a los brazos cerrados en la prueba del laberinto positivo y el tiempo pasado en el centro vs las esquinas en la prueba de campo abierto. Nuestros hallazgos revelan cómo la interrupción de los receptores de kainato, o más globalmente los receptores de glutamato, y la transmisión sináptica anormal pueden traducirse en cambios de conectividad en todo el cerebro y alterar el equilibrio funcional entre las redes macro y mesoscópicas. La mejora postsináptica informada anteriormente en los animales transgénicos se reflejó aquí en la señal BOLD y se midió como un aumento en la fuerza dentro de la red. Es importante destacar que las correlaciones entre los cambios estructurales y elcomportamiento ayudan a contextualizar los cambios en el desarrollo y sus ramificaciones conductuales

Bodies of Seeing: A video ethnography of academic x-ray image interpretation training and professional vision in undergraduate radiology and radiography education

This thesis reports on a UK-based video ethnography of academic x-ray image interpretation training across two undergraduate courses in radiology and radiography. By studying the teaching and learning practices of the classroom, I initially explore the professional vision of x-ray image interpretation and how its relation to normal radiographic anatomy founds the practice of being ‘critical’. This criticality accomplishes a faculty of perceptual norms that is coded and organised and also, therefore, of a specific radiological vision. Professionals’ commitment to the cognitivist rhetoric of ‘looking at’/‘pattern recognition’ builds this critical perception, a perception that deepens in organisation when professionals endorse a ‘systematic approach’ that mediates matter-of-fact thoroughness and offers a helpful critical commentary towards the image. In what follows, I explore how x-ray image interpretation is constituted in case presentations. During training, x-ray images are treated with suspicion and as misleading and are aligned with a commitment to discursive contexts of ‘missed abnormality’, ‘interpretive risk’, and ‘technical error’. The image is subsequently constructed as ambiguous and that what is shown cannot be taken at face value. This interconnects with reenacting ideals around ‘seeing clearly’ that are explained through the teaching practices and material world of the academic setting and how, if misinterpretation is established, the ambiguity of the image is reduced by embodied gestures and technoscientific knowledge. By making this correction, the ambiguous image is reenacted and the misinterpretation of image content is explained. To conclude, I highlight how the professional vision of academic x-ray image interpretation prepares students for the workplace, shapes the classificatory interpretation of ab(normal) anatomy, manages ambiguity through embodied expectations and bodily norms, and cultivates body-machine relations

Inferring structures, free energy differences, and kinetic rates of biological macromolecular assemblies by integrative modeling

Biological macromolecular assemblies play crucial roles in most cellular processes. The determination of their structures, thermodynamics, and kinetics is essential to understand their function, evolution, modulation, and design. Determining such models, however, remains challenging. One particularly powerful approach to constructing models in general is integrative modeling. Integrative modeling aims to maximize the accuracy, precision, and completeness of models, by simultaneously utilizing all available information, including experimental data, physical principles, statistical analyses, and other prior models. The goal of this thesis is to expand the scope of integrative modeling to the inference of spatial, thermodynamic, and kinetic aspects of macromolecular assemblies. In Chapter I, I introduce the integrative modeling framework for spatiotemporal modeling of biological macromolecular assemblies. In Chapter II, I demonstrate how the synergy between multi-chemistry cross-linking mass spectrometry and integrative modeling can map the structural dynamics of macromolecular assemblies, by application to the human Cop9 signalosome complex. In Chapter III, I present a method for determining structures, free energy differences, and kinetic rates of macromolecular assemblies along their functional cycle, mainly from negative stain electron microscopy (EM). We apply the method to the yeast Hsp90 to estimate the free energy differences and kinetic parameters along its nucleotide hydrolysis cycle, which includes open and closed states of Hsp90. In Chapter IV, I describe a validation of stochastic sampling in integrative modeling. The remaining chapters describe applications of integrative modeling to assemblies of various sizes and scales, using various sources of information, thus illustrating the flexibility of the integrative modeling approach. Specifically, I apply integrative modeling to the human ECM29-Proteasome assembly under oxidative stress (Chapter V), the yeast nuclear pore complex (NPC) cytoplasmic mRNA export platform (Chapter VI), the major membrane ring component of the yeast NPC (Chapter VII), the entire yeast NPC (Chapter VIII), and the reconstruction of 3D structures of MET antibodies (Chapter IX)

The Ethics of Occultic Communication: An Invocation of Joshua Gunn and Sissela Bok

Occultic rhetoric, according to Joshua Gunn, is a genre of discourse concerned with the study and practice of secret communications. The strategic sharing of secret messages involves a host of methods and conventions designed for the selective disclosure of hidden knowledge, thus controlling the boundaries of (and accessibility to power between) insider and outsider groups. Occultic rhetoric has its uses in everyday encounters, but the abuse of such manipulative strategies, especially by those in the academy and other positions of power and trust, calls for an ethical response. This dissertation submits occultic rhetoric to moral investigation by incorporating the works of Sissela Bok who examined the ethics of both secrecy and lying. By applying her principles to case studies of deliberately disguised or distorted messages in academic settings, this project suggests an approach for the moral exercise of secret communications, otherwise known as an ethics of occultic rhetoric