Routing for Security in Networks with Adversarial Nodes

We consider the problem of secure unicast transmission between two nodes in a directed graph, where an adversary eavesdrops/jams a subset of nodes. This adversarial setting is in contrast to traditional ones where the adversary controls a subset of links. In particular, we study, in the main, the class of routing-only schemes (as opposed to those allowing coding inside the network). Routing-only schemes usually have low implementation complexity, yet a characterization of the rates achievable by such schemes was open prior to this work. We first propose an LP based solution for secure communication against eavesdropping, and show that it is information-theoretically rate-optimal among all routing-only schemes. The idea behind our design is to balance information flow in the network so that no subset of nodes observe "too much" information. Interestingly, we show that the rates achieved by our routing-only scheme are always at least as good as, and sometimes better, than those achieved by "na\"ive" network coding schemes (i.e. the rate-optimal scheme designed for the traditional scenario where the adversary controls links in a network rather than nodes.) We also demonstrate non-trivial network coding schemes that achieve rates at least as high as (and again sometimes better than) those achieved by our routing schemes, but leave open the question of characterizing the optimal rate-region of the problem under all possible coding schemes. We then extend these routing-only schemes to the adversarial node-jamming scenarios and show similar results. During the journey of our investigation, we also develop a new technique that has the potential to derive non-trivial bounds for general secure-communication schemes

Connecting Multiple-unicast and Network Error Correction: Reduction and Unachievability

We show that solving a multiple-unicast network coding problem can be reduced to solving a single-unicast network error correction problem, where an adversary may jam at most a single edge in the network. Specifically, we present an efficient reduction that maps a multiple-unicast network coding instance to a network error correction instance while preserving feasibility. The reduction holds for both the zero probability of error model and the vanishing probability of error model. Previous reductions are restricted to the zero-error case. As an application of the reduction, we present a constructive example showing that the single-unicast network error correction capacity may not be achievable, a result of separate interest.Comment: ISIT 2015. arXiv admin note: text overlap with arXiv:1410.190

Deeply Supervised Discriminative Learning for Adversarial Defense.

Deep neural networks can easily be fooled by an adversary with minuscule perturbations added to an input image. The existing defense techniques suffer greatly under white-box attack settings, where an adversary has full knowledge of the network and can iterate several times to find strong perturbations. We observe that the main reason for the existence of such vulnerabilities is the close proximity of different class samples in the learned feature space of deep models. This allows the model decisions to be completely changed by adding an imperceptible perturbation to the inputs. To counter this, we propose to class-wise disentangle the intermediate feature representations of deep networks, specifically forcing the features for each class to lie inside a convex polytope that is maximally separated from the polytopes of other classes. In this manner, the network is forced to learn distinct and distant decision regions for each class. We observe that this simple constraint on the features greatly enhances the robustness of learned models, even against the strongest white-box attacks, without degrading the classification performance on clean images. We report extensive evaluations in both black-box and white-box attack scenarios and show significant gains in comparison to state-of-the-art defenses