FMT: Removing Backdoor Feature Maps via Feature Map Testing in Deep Neural Networks

Deep neural networks have been widely used in many critical applications, such as autonomous vehicles and medical diagnosis. However, their security is threatened by backdoor attack, which is achieved by adding artificial patterns to specific training data. Existing defense strategies primarily focus on using reverse engineering to reproduce the backdoor trigger generated by attackers and subsequently repair the DNN model by adding the trigger into inputs and fine-tuning the model with ground-truth labels. However, once the trigger generated by the attackers is complex and invisible, the defender can not successfully reproduce the trigger. Consequently, the DNN model will not be repaired since the trigger is not effectively removed. In this work, we propose Feature Map Testing~(FMT). Different from existing defense strategies, which focus on reproducing backdoor triggers, FMT tries to detect the backdoor feature maps, which are trained to extract backdoor information from the inputs. After detecting these backdoor feature maps, FMT will erase them and then fine-tune the model with a secure subset of training data. Our experiments demonstrate that, compared to existing defense strategies, FMT can effectively reduce the Attack Success Rate (ASR) even against the most complex and invisible attack triggers. Second, unlike conventional defense methods that tend to exhibit low Robust Accuracy (i.e., the model's accuracy on the poisoned data), FMT achieves higher RA, indicating its superiority in maintaining model performance while mitigating the effects of backdoor attacks~(e.g., FMT obtains 87.40\% RA in CIFAR10). Third, compared to existing feature map pruning techniques, FMT can cover more backdoor feature maps~(e.g., FMT removes 83.33\% of backdoor feature maps from the model in the CIFAR10 \& BadNet scenario).Comment: 12 pages, 4 figure

Feature Map Testing for Deep Neural Networks

Due to the widespread application of deep neural networks~(DNNs) in safety-critical tasks, deep learning testing has drawn increasing attention. During the testing process, test cases that have been fuzzed or selected using test metrics are fed into the model to find fault-inducing test units (e.g., neurons and feature maps, activating which will almost certainly result in a model error) and report them to the DNN developer, who subsequently repair them~(e.g., retraining the model with test cases). Current test metrics, however, are primarily concerned with the neurons, which means that test cases that are discovered either by guided fuzzing or selection with these metrics focus on detecting fault-inducing neurons while failing to detect fault-inducing feature maps. In this work, we propose DeepFeature, which tests DNNs from the feature map level. When testing is conducted, DeepFeature will scrutinize every internal feature map in the model and identify vulnerabilities that can be enhanced through repairing to increase the model's overall performance. Exhaustive experiments are conducted to demonstrate that (1) DeepFeature is a strong tool for detecting the model's vulnerable feature maps; (2) DeepFeature's test case selection has a high fault detection rate and can detect more types of faults~(comparing DeepFeature to coverage-guided selection techniques, the fault detection rate is increased by 49.32\%). (3) DeepFeature's fuzzer also outperforms current fuzzing techniques and generates valuable test cases more efficiently.Comment: 12 pages, 5 figures. arXiv admin note: text overlap with arXiv:2307.1101

Neuron Sensitivity Guided Test Case Selection for Deep Learning Testing

Deep Neural Networks~(DNNs) have been widely deployed in software to address various tasks~(e.g., autonomous driving, medical diagnosis). However, they could also produce incorrect behaviors that result in financial losses and even threaten human safety. To reveal the incorrect behaviors in DNN and repair them, DNN developers often collect rich unlabeled datasets from the natural world and label them to test the DNN models. However, properly labeling a large number of unlabeled datasets is a highly expensive and time-consuming task. To address the above-mentioned problem, we propose NSS, Neuron Sensitivity guided test case Selection, which can reduce the labeling time by selecting valuable test cases from unlabeled datasets. NSS leverages the internal neuron's information induced by test cases to select valuable test cases, which have high confidence in causing the model to behave incorrectly. We evaluate NSS with four widely used datasets and four well-designed DNN models compared to SOTA baseline methods. The results show that NSS performs well in assessing the test cases' probability of fault triggering and model improvement capabilities. Specifically, compared with baseline approaches, NSS obtains a higher fault detection rate~(e.g., when selecting 5\% test case from the unlabeled dataset in MNIST \& LeNet1 experiment, NSS can obtain 81.8\% fault detection rate, 20\% higher than baselines)

Correlations in Horizontal Branch Oscillations and Break Components in XTE J1701-462 and GX 17+2

We studied the horizontal branch oscillations (HBO) and the band-limited components observed in the power spectra of the transient neutron star low-mass X-ray binary XTE J1701-462 and the persistent "Sco-like" Z source GX 17+2. These two components were studied based on the state-resolved spectra. We found that the frequencies of XTE J1701-462 lie on the known correlations (WK and PBK), showing consistency with other types of X-ray binaries (black holes, atoll sources and millisecond X-ray pulsars). However, GX 17+2 is shifted from the WK correlation like other typical Z sources. We suggest that the WK/PBK main track forms a boundary which separates persistent sources from transient sources. The characteristic frequencies of break and HBO are independent of accretion rate in both sources, although it depends on spectral models. We also report the energy dependence of the HBO and break frequencies in XTE J1701-462 and how the temporal properties change with spectral state in XTE J1701-462 and GX 17+2. We studied the correlation between rms at the break and the HBO frequency. We suggest that HBO and break components for both sources probably arise from a similar physical mechanism: Comptonization emission from the corona. These two components could be caused by same kind of oscillation in a corona who with uneven density, and they could be generated from different areas of corona. We further suggest that different proportions of the Comptonization component in the total flux cause the different distribution between GX 17+2 and XTE J1701-462 in the $rms_{\rm{break}}$-$rms_{\rm{HBO}}$ diagram.Comment: 36 pages, 7 figures, accpeted by Ap

Hilbert-Huang Transform analysis of quasi-periodic oscillations in MAXI J1820+070

We present time-frequency analysis, based on the Hilbert-Huang transform (HHT), of the evolution on the low-frequency quasi-periodic oscillations (LFQPOs) observed in the black hole X-ray binary MAXI J1820+070. Through the empirical mode decomposition (EMD) method, we decompose the light curve of the QPO component and measure its intrinsic phase lag between photons from different energy bands. We find that the QPO phase lag is negative (low energy photons lag behind high energy photons), meanwhile the absolute value of the lag increases with energy. By applying the Hilbert transform to the light curve of the QPO, we further extract the instantaneous frequency and amplitude of the QPO. Compared these results with those from the Fourier analysis, we find that the broadening of the QPO peak is mainly caused by the frequency modulation. Through further analysis, we find that these modulations could share a common physical origin with the broad-band noise, and can be well explained by the internal shock model of the jet

An Updated Search of Steady TeV γ−\gamma-Ray Point Sources in Northern Hemisphere Using the Tibet Air Shower Array

Using the data taken from Tibet II High Density (HD) Array (1997 February-1999 September) and Tibet-III array (1999 November-2005 November), our previous northern sky survey for TeV $\gamma-$ray point sources has now been updated by a factor of 2.8 improved statistics. From $0.0^{\circ}$ to $60.0^{\circ}$ in declination (Dec) range, no new TeV $\gamma-$ray point sources with sufficiently high significance were identified while the well-known Crab Nebula and Mrk421 remain to be the brightest TeV $\gamma-$ray sources within the field of view of the Tibet air shower array. Based on the currently available data and at the 90% confidence level (C.L.), the flux upper limits for different power law index assumption are re-derived, which are approximately improved by 1.7 times as compared with our previous reported limits.Comment: This paper has been accepted by hepn

Proton-Boron Fusion Yield Increased by Orders of Magnitude with Foam Targets

A novel intense beam-driven scheme for high yield of the tri-alpha reaction 11B(p,{\alpha})2{\alpha} was investigated. We used a foam target made of cellulose triacetate (TAC, C_9H_{16}O_8) doped with boron. It was then heated volumetrically by soft X-ray radiation from a laser heated hohlraum and turned into a homogenous, and long living plasma. We employed a picosecond laser pulse to generate a high-intensity energetic proton beam via the well-known Target Normal Sheath Acceleration (TNSA) mechanism. We observed up to 10^{10}/sr {\alpha} particles per laser shot. This constitutes presently the highest yield value normalized to the laser energy on target. The measured fusion yield per proton exceeds the classical expectation of beam-target reactions by up to four orders of magnitude under high proton intensities. This enhancement is attributed to the strong electric fields and nonequilibrium thermonuclear fusion reactions as a result of the new method. Our approach shows opportunities to pursue ignition of aneutronic fusion

The accretion flow geometry of MAXI J1820+070 through broadband noise research with Insight-HXMT

Here we present a detailed study of the broadband noise in the power density spectra of the black hole X-ray binary MAXI J1820+070 during the hard state of its 2018 outburst, using the Hard X-ray Modulation Telescope (Insight-HXMT) observations. The broadband noise shows two main humps, which might separately correspond to variability from a variable disk and two Comptonization regions. We fitted the two humps with multiple Lorentzian functions and studied the energy-dependent properties of each component up to 100--150 keV and their evolution with spectral changes. The lowest frequency component is considered as the sub-harmonic of QPO component and shows different energy dependence compared with other broadband noise components. We found that although the fractional rms of all the broadband noise components mainly decrease with energy, their rms spectra are different in shape. Above $\sim$ 20--30 keV, the characteristic frequencies of these components increase sharply with energy, meaning that the high-energy component is more variable on short timescales. Our results suggest that the hot inner flow in MAXI J1820+070 is likely to be inhomogeneous. We propose a geometry with a truncated accretion disk, two Comptonization regions