FMT: Removing Backdoor Feature Maps via Feature Map Testing in Deep Neural Networks

Deep neural networks have been widely used in many critical applications, such as autonomous vehicles and medical diagnosis. However, their security is threatened by backdoor attack, which is achieved by adding artificial patterns to specific training data. Existing defense strategies primarily focus on using reverse engineering to reproduce the backdoor trigger generated by attackers and subsequently repair the DNN model by adding the trigger into inputs and fine-tuning the model with ground-truth labels. However, once the trigger generated by the attackers is complex and invisible, the defender can not successfully reproduce the trigger. Consequently, the DNN model will not be repaired since the trigger is not effectively removed. In this work, we propose Feature Map Testing~(FMT). Different from existing defense strategies, which focus on reproducing backdoor triggers, FMT tries to detect the backdoor feature maps, which are trained to extract backdoor information from the inputs. After detecting these backdoor feature maps, FMT will erase them and then fine-tune the model with a secure subset of training data. Our experiments demonstrate that, compared to existing defense strategies, FMT can effectively reduce the Attack Success Rate (ASR) even against the most complex and invisible attack triggers. Second, unlike conventional defense methods that tend to exhibit low Robust Accuracy (i.e., the model's accuracy on the poisoned data), FMT achieves higher RA, indicating its superiority in maintaining model performance while mitigating the effects of backdoor attacks~(e.g., FMT obtains 87.40\% RA in CIFAR10). Third, compared to existing feature map pruning techniques, FMT can cover more backdoor feature maps~(e.g., FMT removes 83.33\% of backdoor feature maps from the model in the CIFAR10 \& BadNet scenario).Comment: 12 pages, 4 figure

Feature Map Testing for Deep Neural Networks

Due to the widespread application of deep neural networks~(DNNs) in safety-critical tasks, deep learning testing has drawn increasing attention. During the testing process, test cases that have been fuzzed or selected using test metrics are fed into the model to find fault-inducing test units (e.g., neurons and feature maps, activating which will almost certainly result in a model error) and report them to the DNN developer, who subsequently repair them~(e.g., retraining the model with test cases). Current test metrics, however, are primarily concerned with the neurons, which means that test cases that are discovered either by guided fuzzing or selection with these metrics focus on detecting fault-inducing neurons while failing to detect fault-inducing feature maps. In this work, we propose DeepFeature, which tests DNNs from the feature map level. When testing is conducted, DeepFeature will scrutinize every internal feature map in the model and identify vulnerabilities that can be enhanced through repairing to increase the model's overall performance. Exhaustive experiments are conducted to demonstrate that (1) DeepFeature is a strong tool for detecting the model's vulnerable feature maps; (2) DeepFeature's test case selection has a high fault detection rate and can detect more types of faults~(comparing DeepFeature to coverage-guided selection techniques, the fault detection rate is increased by 49.32\%). (3) DeepFeature's fuzzer also outperforms current fuzzing techniques and generates valuable test cases more efficiently.Comment: 12 pages, 5 figures. arXiv admin note: text overlap with arXiv:2307.1101

Neuron Sensitivity Guided Test Case Selection for Deep Learning Testing

Deep Neural Networks~(DNNs) have been widely deployed in software to address various tasks~(e.g., autonomous driving, medical diagnosis). However, they could also produce incorrect behaviors that result in financial losses and even threaten human safety. To reveal the incorrect behaviors in DNN and repair them, DNN developers often collect rich unlabeled datasets from the natural world and label them to test the DNN models. However, properly labeling a large number of unlabeled datasets is a highly expensive and time-consuming task. To address the above-mentioned problem, we propose NSS, Neuron Sensitivity guided test case Selection, which can reduce the labeling time by selecting valuable test cases from unlabeled datasets. NSS leverages the internal neuron's information induced by test cases to select valuable test cases, which have high confidence in causing the model to behave incorrectly. We evaluate NSS with four widely used datasets and four well-designed DNN models compared to SOTA baseline methods. The results show that NSS performs well in assessing the test cases' probability of fault triggering and model improvement capabilities. Specifically, compared with baseline approaches, NSS obtains a higher fault detection rate~(e.g., when selecting 5\% test case from the unlabeled dataset in MNIST \& LeNet1 experiment, NSS can obtain 81.8\% fault detection rate, 20\% higher than baselines)

ADMarker: A Multi-Modal Federated Learning System for Monitoring Digital Biomarkers of Alzheimer's Disease

Alzheimer's Disease (AD) and related dementia are a growing global health challenge due to the aging population. In this paper, we present ADMarker, the first end-to-end system that integrates multi-modal sensors and new federated learning algorithms for detecting multidimensional AD digital biomarkers in natural living environments. ADMarker features a novel three-stage multi-modal federated learning architecture that can accurately detect digital biomarkers in a privacy-preserving manner. Our approach collectively addresses several major real-world challenges, such as limited data labels, data heterogeneity, and limited computing resources. We built a compact multi-modality hardware system and deployed it in a four-week clinical trial involving 91 elderly participants. The results indicate that ADMarker can accurately detect a comprehensive set of digital biomarkers with up to 93.8% accuracy and identify early AD with an average of 88.9% accuracy. ADMarker offers a new platform that can allow AD clinicians to characterize and track the complex correlation between multidimensional interpretable digital biomarkers, demographic factors of patients, and AD diagnosis in a longitudinal manner

Interactions between all pairs of neighboring trees in 16 forests worldwide reveal details of unique ecological processes in each forest, and provide windows into their evolutionary histories

When Darwin visited the Galapagos archipelago, he observed that, in spite of the islands’ physical similarity, members of species that had dispersed to them recently were beginning to diverge from each other. He postulated that these divergences must have resulted primarily from interactions with sets of other species that had also diverged across these otherwise similar islands. By extrapolation, if Darwin is correct, such complex interactions must be driving species divergences across all ecosystems. However, many current general ecological theories that predict observed distributions of species in ecosystems do not take the details of between-species interactions into account. Here we quantify, in sixteen forest diversity plots (FDPs) worldwide, highly significant negative density-dependent (NDD) components of both conspecific and heterospecific between-tree interactions that affect the trees’ distributions, growth, recruitment, and mortality. These interactions decline smoothly in significance with increasing physical distance between trees. They also tend to decline in significance with increasing phylogenetic distance between the trees, but each FDP exhibits its own unique pattern of exceptions to this overall decline. Unique patterns of between-species interactions in ecosystems, of the general type that Darwin postulated, are likely to have contributed to the exceptions. We test the power of our null-model method by using a deliberately modified data set, and show that the method easily identifies the modifications. We examine how some of the exceptions, at the Wind River (USA) FDP, reveal new details of a known allelopathic effect of one of the Wind River gymnosperm species. Finally, we explore how similar analyses can be used to investigate details of many types of interactions in these complex ecosystems, and can provide clues to the evolution of these interactions

Locating Impact on Structural Plate Using Principal Component Analysis and Support Vector Machines

A new method which integrates principal component analysis (PCA) and support vector machines (SVM) is presented to predict the location of impact on a clamped aluminum plate structure. When the plate is knocked using an instrumented hammer, the induced time-varying strain signals are collected by four piezoelectric sensors which are mounted on the plate surface. The PCA algorithm is adopted for the dimension reduction of the large original data sets. Afterwards, a new two-layer SVM regression framework is proposed to improve the impact location accuracy. For a comparison study, the conventional backpropagation neural networks (BPNN) approach is implemented as well. Experimental results show that the proposed strategy achieves much better locating accuracy in comparison with the conventional approach

General soliton and (semi-)rational solutions of the partial reverse space y-non-local Mel’nikov equation with non-zero boundary conditions

General soliton and (semi-)rational solutions to the y-non-local Mel’nikov equation with non-zero boundary conditions are derived by the Kadomtsev–Petviashvili (KP) hierarchy reduction method. The solutions are expressed in N × N Gram-type determinants with an arbitrary positive integer N. A possible new feature of our results compared to previous studies of non-local equations using the KP reduction method is that there are two families of constraints among the parameters appearing in the solutions, which display significant discrepancies. For even N, one of them only generates pairs of solitons or lumps while the other one can give rise to odd numbers of solitons or lumps; the interactions between lumps and solitons are always inelastic for one family whereas the other family may lead to semi-rational solutions with elastic collisions between lumps and solitons. These differences are illustrated by a thorough study of the solution dynamics for N = 1, 2, 3. Besides, regularities of solutions are discussed under proper choices of parameters

A Highly Pipelined and Highly Parallel VLSI Architecture of CABAC Encoder for UHDTV Applications

Recently, specifically designed video codecs have been preferred due to the expansion of video data in Internet of Things (IoT) devices. Context Adaptive Binary Arithmetic Coding (CABAC) is the entropy coding module widely used in recent video coding standards such as HEVC/H.265 and VVC/H.266. CABAC is a well known throughput bottleneck due to its strong data dependencies. Because the required context model of the current bin often depends on the results of the previous bin, the context model cannot be prefetched early enough and then results in pipeline stalls. To solve this problem, we propose a prediction-based context model prefetching strategy, effectively eliminating the clock consumption of the contextual model for accessing data in memory. Moreover, we offer multi-result context model update (MCMU) to reduce the critical path delay of context model updates in multi-bin/clock architecture. Furthermore, we apply pre-range update and pre-renormalize techniques to reduce the multiplex BAE’s route delay due to the incomplete reliance on the encoding process. Moreover, to further speed up the processing, we propose to process four regular and several bypass bins in parallel with a variable bypass bin incorporation (VBBI) technique. Finally, a quad-loop cache is developed to improve the compatibility of data interactions between the entropy encoder and other video encoder modules. As a result, the pipeline architecture based on the context model prefetching strategy can remove up to 45.66% of the coding time due to stalls of the regular bin, and the parallel architecture can also save 29.25% of the coding time due to model update on average under the condition that the Quantization Parameter (QP) is equal to 22. At the same time, the throughput of our proposed parallel architecture can reach 2191 Mbin/s, which is sufficient to meet the requirements of 8 K Ultra High Definition Television (UHDTV). Additionally, the hardware efficiency (Mbins/s per k gates) of the proposed architecture is higher than that of existing advanced pipeline and parallel architectures

An unconventional SNARE complex mediates exocytosis at the plasma membrane and vesicular fusion at the apical annuli in Toxoplasma gondii.

Exocytosis is a key active process in cells by which proteins are released in bulk via the fusion of exocytic vesicles with the plasma membrane. Soluble N-ethylmaleimide-sensitive factor attachment protein receptor (SNARE) protein-mediated vesicle fusion with the plasma membrane is essential in most exocytotic pathways. In mammalian cells, the vesicular fusion step of exocytosis is normally mediated by Syntaxin-1 (Stx1) and SNAP25 family proteins (SNAP25 and SNAP23). However, in Toxoplasma gondii, a model organism of Apicomplexa, the only SNAP25 family protein, with a SNAP29-like molecular structure, is involved in vesicular fusion at the apicoplast. Here, we reveal that an unconventional SNARE complex comprising TgStx1, TgStx20, and TgStx21 mediates vesicular fusion at the plasma membrane. This complex is essential for the exocytosis of surface proteins and vesicular fusion at the apical annuli in T. gondii