Adversarially Robust Distillation

Knowledge distillation is effective for producing small, high-performance neural networks for classification, but these small networks are vulnerable to adversarial attacks. This paper studies how adversarial robustness transfers from teacher to student during knowledge distillation. We find that a large amount of robustness may be inherited by the student even when distilled on only clean images. Second, we introduce Adversarially Robust Distillation (ARD) for distilling robustness onto student networks. In addition to producing small models with high test accuracy like conventional distillation, ARD also passes the superior robustness of large networks onto the student. In our experiments, we find that ARD student models decisively outperform adversarially trained networks of identical architecture in terms of robust accuracy, surpassing state-of-the-art methods on standard robustness benchmarks. Finally, we adapt recent fast adversarial training methods to ARD for accelerated robust distillation.Comment: Accepted to AAAI Conference on Artificial Intelligence, 202

The effect of scale-free topology on the robustness and evolvability of genetic regulatory networks

We investigate how scale-free (SF) and Erdos-Renyi (ER) topologies affect the interplay between evolvability and robustness of model gene regulatory networks with Boolean threshold dynamics. In agreement with Oikonomou and Cluzel (2006) we find that networks with SFin topologies, that is SF topology for incoming nodes and ER topology for outgoing nodes, are significantly more evolvable towards specific oscillatory targets than networks with ER topology for both incoming and outgoing nodes. Similar results are found for networks with SFboth and SFout topologies. The functionality of the SFout topology, which most closely resembles the structure of biological gene networks (Babu et al., 2004), is compared to the ER topology in further detail through an extension to multiple target outputs, with either an oscillatory or a non-oscillatory nature. For multiple oscillatory targets of the same length, the differences between SFout and ER networks are enhanced, but for non-oscillatory targets both types of networks show fairly similar evolvability. We find that SF networks generate oscillations much more easily than ER networks do, and this may explain why SF networks are more evolvable than ER networks are for oscillatory phenotypes. In spite of their greater evolvability, we find that networks with SFout topologies are also more robust to mutations than ER networks. Furthermore, the SFout topologies are more robust to changes in initial conditions (environmental robustness). For both topologies, we find that once a population of networks has reached the target state, further neutral evolution can lead to an increase in both the mutational robustness and the environmental robustness to changes in initial conditions.Comment: 16 pages, 15 figure

Heuristics of node selection criteria to assess robustness of world airport network

The world airport network (WAN) is one of the networked infrastructures that shape today's economic and social activity, so its resilience against incidents affecting the WAN is an important problem. In this paper, the robustness of air route networks is extended by defining and testing several heuristics to define selection criteria to detect the critical nodes of the WAN. In addition to heuristics based on genetic algorithms and simulated annealing, custom heuristics based on node damage and node betweenness are defined. The most effective heuristic is a multi-attack heuristic combining both custom heuristics. Results obtained are of importance not only for advance in the understanding of the structure of complex networks, but also for critical node detection.Peer ReviewedPostprint (author's final draft

Análise topológica sensível ao contexto visando a manutenibilidade da QoS

The issue addressed by the project is to offer a network infrastructure that is adapted to the current traffic profile for the service to be used with the expected quality. In particular, the cases will be considered in which the traffic profile is not supported by the infrastructure, or that it is overloaded. In this case, the choice of new links is very important to adapt the network to the traffic profile. However where the links will be inserted is the challenge addressed in this paper. The bandwidth and the paths average length were analyzed.IX Workshop en Arquitectura, Redes y Sistemas OperativosRed de Universidades con Carreras de Informática (RedUNCI

Análise topológica sensível ao contexto visando a manutenibilidade da QoS

The issue addressed by the project is to offer a network infrastructure that is adapted to the current traffic profile for the service to be used with the expected quality. In particular, the cases will be considered in which the traffic profile is not supported by the infrastructure, or that it is overloaded. In this case, the choice of new links is very important to adapt the network to the traffic profile. However where the links will be inserted is the challenge addressed in this paper. The bandwidth and the paths average length were analyzed.IX Workshop en Arquitectura, Redes y Sistemas OperativosRed de Universidades con Carreras de Informática (RedUNCI

Assuring the Machine Learning Lifecycle: Desiderata, Methods, and Challenges

Machine learning has evolved into an enabling technology for a wide range of highly successful applications. The potential for this success to continue and accelerate has placed machine learning (ML) at the top of research, economic and political agendas. Such unprecedented interest is fuelled by a vision of ML applicability extending to healthcare, transportation, defence and other domains of great societal importance. Achieving this vision requires the use of ML in safety-critical applications that demand levels of assurance beyond those needed for current ML applications. Our paper provides a comprehensive survey of the state-of-the-art in the assurance of ML, i.e. in the generation of evidence that ML is sufficiently safe for its intended use. The survey covers the methods capable of providing such evidence at different stages of the machine learning lifecycle, i.e. of the complex, iterative process that starts with the collection of the data used to train an ML component for a system, and ends with the deployment of that component within the system. The paper begins with a systematic presentation of the ML lifecycle and its stages. We then define assurance desiderata for each stage, review existing methods that contribute to achieving these desiderata, and identify open challenges that require further research

Robustness of Large Networks

Electrical Engineering, Mathematics and Computer Scienc

A critical view of the sensitivity of transit ASs to internal failures

Recent work on hot-potato routing [1] has uncovered that large transit ASs can be sensitive to hot-potato disruptions. Designing a robust network is felt as overly important by transit providers as paths crossed by the traffic have both to be optimal and reliable. However, equipment failures and maintenance make this robustness non-trivial to achieve. To help understanding the robustness of large networks to internal failures, [2] proposed metrics aimed at capturing the sensitivity of ASs to internal failures. In this paper, we discuss the strengths and weaknesses of this approach to understand the robustness of the control plane of large networks, having carried this analysis on a large tier-1 ISP and smaller transit ASs. We argue that this sensitivity model is mainly useful for intradomain topology design, not for the design the whole routing plane of an AS. We claim that additional effort is required to understand the propagation of BGP routes inside large ASs. Complex iBGP structures, in particular route-reflection hierarchies [3], affect route diversity and optimality but it an unclear way