Patching Weak Convolutional Neural Network Models through Modularization and Composition

Despite great success in many applications, deep neural networks are not always robust in practice. For instance, a convolutional neuron network (CNN) model for classification tasks often performs unsatisfactorily in classifying some particular classes of objects. In this work, we are concerned with patching the weak part of a CNN model instead of improving it through the costly retraining of the entire model. Inspired by the fundamental concepts of modularization and composition in software engineering, we propose a compressed modularization approach, CNNSplitter, which decomposes a strong CNN model for $N$-class classification into $N$ smaller CNN modules. Each module is a sub-model containing a part of the convolution kernels of the strong model. To patch a weak CNN model that performs unsatisfactorily on a target class (TC), we compose the weak CNN model with the corresponding module obtained from a strong CNN model. The ability of the weak CNN model to recognize the TC can thus be improved through patching. Moreover, the ability to recognize non-TCs is also improved, as the samples misclassified as TC could be classified as non-TCs correctly. Experimental results with two representative CNNs on three widely-used datasets show that the averaged improvement on the TC in terms of precision and recall are 12.54% and 2.14%, respectively. Moreover, patching improves the accuracy of non-TCs by 1.18%. The results demonstrate that CNNSplitter can patch a weak CNN model through modularization and composition, thus providing a new solution for developing robust CNN models.Comment: Accepted at ASE'2

Reusing Deep Neural Network Models through Model Re-engineering

Training deep neural network (DNN) models, which has become an important task in today's software development, is often costly in terms of computational resources and time. With the inspiration of software reuse, building DNN models through reusing existing ones has gained increasing attention recently. Prior approaches to DNN model reuse have two main limitations: 1) reusing the entire model, while only a small part of the model's functionalities (labels) are required, would cause much overhead (e.g., computational and time costs for inference), and 2) model reuse would inherit the defects and weaknesses of the reused model, and hence put the new system under threats of security attack. To solve the above problem, we propose SeaM, a tool that re-engineers a trained DNN model to improve its reusability. Specifically, given a target problem and a trained model, SeaM utilizes a gradient-based search method to search for the model's weights that are relevant to the target problem. The re-engineered model that only retains the relevant weights is then reused to solve the target problem. Evaluation results on widely-used models show that the re-engineered models produced by SeaM only contain 10.11% weights of the original models, resulting 42.41% reduction in terms of inference time. For the target problem, the re-engineered models even outperform the original models in classification accuracy by 5.85%. Moreover, reusing the re-engineered models inherits an average of 57% fewer defects than reusing the entire model. We believe our approach to reducing reuse overhead and defect inheritance is one important step forward for practical model reuse.Comment: Accepted by ICSE'2

Investigating White-Box Attacks for On-Device Models

Numerous mobile apps have leveraged deep learning capabilities. However, on-device models are vulnerable to attacks as they can be easily extracted from their corresponding mobile apps. Existing on-device attacking approaches only generate black-box attacks, which are far less effective and efficient than white-box strategies. This is because mobile deep learning frameworks like TFLite do not support gradient computing, which is necessary for white-box attacking algorithms. Thus, we argue that existing findings may underestimate the harmfulness of on-device attacks. To this end, we conduct a study to answer this research question: Can on-device models be directly attacked via white-box strategies? We first systematically analyze the difficulties of transforming the on-device model to its debuggable version, and propose a Reverse Engineering framework for On-device Models (REOM), which automatically reverses the compiled on-device TFLite model to the debuggable model. Specifically, REOM first transforms compiled on-device models into Open Neural Network Exchange format, then removes the non-debuggable parts, and converts them to the debuggable DL models format that allows attackers to exploit in a white-box setting. Our experimental results show that our approach is effective in achieving automated transformation among 244 TFLite models. Compared with previous attacks using surrogate models, REOM enables attackers to achieve higher attack success rates with a hundred times smaller attack perturbations. In addition, because the ONNX platform has plenty of tools for model format exchanging, the proposed method based on the ONNX platform can be adapted to other model formats. Our findings emphasize the need for developers to carefully consider their model deployment strategies, and use white-box methods to evaluate the vulnerability of on-device models.Comment: Published in The International Conference on Software Engineering 2024 (ICSE'24

An Adaptive Charging Strategy of Lithium-ion Battery for Loss Reduction with Thermal Effect Consideration

With the increasing deployment of the electric vehicles, the study of advanced battery charging strategy has become of great significance to improve charging performance with reduced loss. This paper presents an optimized adaptive charging strategy for EV battery packs based on a developed system loss model. An electrical model integrated with thermal properties for the lithium-ion battery with cooling as well as a full loss model for the power converter have been included in this complete model. To reduce the overall loss of the charging system, the influence of temperature and varying internal resistance at different state of charge (SOC) have been considered to obtain an objective function. Moreover, an enhanced particle swarm optimization (PSO) algorithm is proposed and applied to speed up convergence time as well as enhance the precision of the solution. The results show that this proposed strategy can reduce the total loss by 4.01 and a 7.48 decrease of the charging time compared with the classical approach without applying this optimization

Research on Teaching Reform of Artificial Intelligence Course Based on CDIO

In view of the problem of how to set up general undergraduate artificial intelligence courses, on the basis of carefully combing and summarizing years of teaching exploration and practice, it is proposed to set Artificial Intelligence (AI) courses in the lower grades of the university. Taking the teaching practice carried out by Liaoning Institute of Science and Engineering as an example, the “12365” principle is proposed based on the CDIO concept, and corresponding teaching reform and practice are carried out

CONTROL OF STICKY CONTAMINANTS WITH CATIONIC TALC IN DEINKED PULP

In this study a cationic talc was applied to deinked pulp for control of sticky contaminants. Effects of the cationic talc on stickies and dissolved and colloid substances were investigated and compared with those of a conventional talc. Characteristics of wet-end chemistry were examined for the pulp with addition of both kinds of talc samples. Furthermore, influences on paper properties were also compared. The results showed that the addition of cationic talc can effectively decrease the content of stickies and DCS, while reducing the cationic demand of the pulp, and the turbidity of the filtrate. Deposition of stickies can be reduced by about 63% with the addition of 2.0% cationic talc into the pulp, and the DCS was reduced from 1989 mg/L to 1927 mg/L. Addition of cationic talc significantly increased the ash content of the paper, but it negatively influenced the paper strength properties

Aboveground net primary productivity of vegetation along a climate-related gradient in a Eurasian temperate grassland: spatiotemporal patterns and their relationships with climate factors

Accurate assessments of spatiotemporal patterns in net primary productivity and their links to climate are important to obtain a deeper understanding of the function, stability and sustainability of grassland ecosystems. We combined a satellite-derived NDVI time-series dataset and field-based samples to investigate spatiotemporal patterns in aboveground net primary productivity (ANPP), and we examined the effect of growing season air temperate (GST) and precipitation (GSP) on these patterns along a climaterelated gradient in an eastern Eurasian grassland. Our results indicated that the ANPP fluctuated with no significant trend during 2001-2012. The spatial distribution of ANPP was heterogeneous and decreased from northeast to southwest. The interannual changes in ANPP were mainly controlled by year-to-year GSP; a strong correlation of interannual variability between ANPP and GSP was observed. Similarly, GSP strongly influenced spatial variations in ANPP, and the slopes of fitted linear functions of the GSP-ANPP relationship increased from arid temperate desert grassland to humid meadow grassland. An exponential function could be used to fit the GSP-ANPP relationship for the entire region. An improved moisture index that combines the effects of GST and GSP better explained the variations in ANPP compared with GSP alone. In comparisons with the previous studies, we found that the relationships between spatiotemporal variations in ANPP and climate factors were probably scale dependent. We imply that the quantity and spatial range of analyzed samples contribute to these different results. Multi-scale studies are necessary to improve our knowledge of the response of grassland ANPP to climate change.ArticleENVIRONMENTAL EARTH SCIENCES.76(1):56(2017)journal articl