On Intriguing layer-wise properties of robust overfitting in adversarial training

Adversarial training has proven to be one of the most effective methods to defend against adversarial attacks. Nevertheless, robust overfitting is a common obstacle in adversarial training of deep networks. There is a common belief that the features learned by different network layers have different properties, however, existing works generally investigate robust overfitting by considering a DNN as a single unit and hence the impact of different network layers on robust overfitting remains unclear. In this work, we divide a DNN into a series of layers and investigate the effect of different network layers on robust overfitting. We find that different layers exhibit distinct properties towards robust overfitting, and in particular, robust overfitting is mostly related to the optimization of latter parts of the network. Based upon the observed effect, we propose a robust adversarial training (RAT) prototype: in a minibatch, we optimize the front parts of the network as usual, and adopt additional measures to regularize the optimization of the latter parts. Based on the prototype, we designed two realizations of RAT, and extensive experiments demonstrate that RAT can eliminate robust overfitting and boost adversarial robustness over the standard adversarial training

Near-Optimal Deviation-Proof Medium Access Control Designs in Wireless Networks

Distributed medium access control (MAC) protocols are essential for the proliferation of low cost, decentralized wireless local area networks (WLANs). Most MAC protocols are designed with the presumption that nodes comply with prescribed rules. However, selfish nodes have natural motives to manipulate protocols in order to improve their own performance. This often degrades the performance of other nodes as well as that of the overall system. In this work, we propose a class of protocols that limit the performance gain which nodes can obtain through selfish manipulation while incurring only a small efficiency loss. The proposed protocols are based on the idea of a review strategy, with which nodes collect signals about the actions of other nodes over a period of time, use a statistical test to infer whether or not other nodes are following the prescribed protocol, and trigger a punishment if a departure from the protocol is perceived. We consider the cases of private and public signals and provide analytical and numerical results to demonstrate the properties of the proposed protocols.Comment: 14 double-column pages, submitted to ACM/IEEE Trans Networkin

Low-Complexity Iterative Detection for Orthogonal Time Frequency Space Modulation

We elaborate on the recently proposed orthogonal time frequency space (OTFS) modulation technique, which provides significant advantages over orthogonal frequency division multiplexing (OFDM) in Doppler channels. We first derive the input--output relation describing OTFS modulation and demodulation (mod/demod) for delay--Doppler channels with arbitrary number of paths, with given delay and Doppler values. We then propose a low-complexity message passing (MP) detection algorithm, which is suitable for large-scale OTFS taking advantage of the inherent channel sparsity. Since the fractional Doppler paths (i.e., not exactly aligned with the Doppler taps) produce the inter Doppler interference (IDI), we adapt the MP detection algorithm to compensate for the effect of IDI in order to further improve performance. Simulations results illustrate the superior performance gains of OTFS over OFDM under various channel conditions.Comment: 6 pages, 7 figure

Spectrum Sharing in Wireless Networks via QoS-Aware Secondary Multicast Beamforming

Secondary spectrum usage has the potential to considerably increase spectrum utilization. In this paper, quality-of-service (QoS)-aware spectrum underlay of a secondary multicast network is considered. A multiantenna secondary access point (AP) is used for multicast (common information) transmission to a number of secondary single-antenna receivers. The idea is that beamforming can be used to steer power towards the secondary receivers while limiting sidelobes that cause interference to primary receivers. Various optimal formulations of beamforming are proposed, motivated by different ldquocohabitationrdquo scenarios, including robust designs that are applicable with inaccurate or limited channel state information at the secondary AP. These formulations are NP-hard computational problems; yet it is shown how convex approximation-based multicast beamforming tools (originally developed without regard to primary interference constraints) can be adapted to work in a spectrum underlay context. Extensive simulation results demonstrate the effectiveness of the proposed approaches and provide insights on the tradeoffs between different design criteria

Power allocation in wireless multi-user relay networks

In this paper, we consider an amplify-and-forward wireless relay system where multiple source nodes communicate with their corresponding destination nodes with the help of relay nodes. Conventionally, each relay equally distributes the available resources to its relayed sources. This approach is clearly sub-optimal since each user experiences dissimilar channel conditions, and thus, demands different amount of allocated resources to meet its quality-of-service (QoS) request. Therefore, this paper presents novel power allocation schemes to i) maximize the minimum signal-to-noise ratio among all users; ii) minimize the maximum transmit power over all sources; iii) maximize the network throughput. Moreover, due to limited power, it may be impossible to satisfy the QoS requirement for every user. Consequently, an admission control algorithm should first be carried out to maximize the number of users possibly served. Then, optimal power allocation is performed. Although the joint optimal admission control and power allocation problem is combinatorially hard, we develop an effective heuristic algorithm with significantly reduced complexity. Even though theoretically sub-optimal, it performs remarkably well. The proposed power allocation problems are formulated using geometric programming (GP), a well-studied class of nonlinear and nonconvex optimization. Since a GP problem is readily transformed into an equivalent convex optimization problem, optimal solution can be obtained efficiently. Numerical results demonstrate the effectiveness of our proposed approach

Network Lifetime Maximization With Node Admission in Wireless Multimedia Sensor Networks

Wireless multimedia sensor networks (WMSNs) are expected to support multimedia services such as delivery of video and audio streams. However, due to the relatively stringent quality-of-service (QoS) requirements of multimedia services (e.g., high transmission rates and timely delivery) and the limited wireless resources, it is possible that not all the potential sensor nodes can be admitted into the network. Thus, node admission is essential for WMSNs, which is the target of this paper. Specifically, we aim at the node admission and its interaction with power allocation and link scheduling. A cross-layer design is presented as a two-stage optimization problem, where at the first stage the number of admitted sensor nodes is maximized, and at the second stage the network lifetime is maximized. Interestingly, it is proved that the two-stage optimization problem can be converted to a one-stage optimization problem with a more compact and concise mathematical form. Numerical results demonstrate the effectiveness of the two-stage and one-stage optimization frameworks

Enhancing Accuracy-Privacy Trade-off in Differentially Private Split Learning

Split learning (SL) aims to protect user data privacy by distributing deep models between client-server and keeping private data locally. Only processed or `smashed' data can be transmitted from the clients to the server during the SL process. However, recently proposed model inversion attacks can recover the original data from the smashed data. In order to enhance privacy protection against such attacks, a strategy is to adopt differential privacy (DP), which involves safeguarding the smashed data at the expense of some accuracy loss. This paper presents the first investigation into the impact on accuracy when training multiple clients in SL with various privacy requirements. Subsequently, we propose an approach that reviews the DP noise distributions of other clients during client training to address the identified accuracy degradation. We also examine the application of DP to the local model of SL to gain insights into the trade-off between accuracy and privacy. Specifically, findings reveal that introducing noise in the later local layers offers the most favorable balance between accuracy and privacy. Drawing from our insights in the shallower layers, we propose an approach to reduce the size of smashed data to minimize data leakage while maintaining higher accuracy, optimizing the accuracy-privacy trade-off. Additionally, a smaller size of smashed data reduces communication overhead on the client side, mitigating one of the notable drawbacks of SL. Experiments with popular datasets demonstrate that our proposed approaches provide an optimal trade-off for incorporating DP into SL, ultimately enhancing training accuracy for multi-client SL with varying privacy requirements