290 research outputs found
On Intriguing layer-wise properties of robust overfitting in adversarial training
Adversarial training has proven to be one of the most effective methods to defend against
adversarial attacks. Nevertheless, robust overfitting is a common obstacle in adversarial
training of deep networks. There is a common belief that the features learned by different
network layers have different properties, however, existing works generally investigate robust
overfitting by considering a DNN as a single unit and hence the impact of different network
layers on robust overfitting remains unclear. In this work, we divide a DNN into a series of
layers and investigate the effect of different network layers on robust overfitting. We find
that different layers exhibit distinct properties towards robust overfitting, and in particular,
robust overfitting is mostly related to the optimization of latter parts of the network. Based
upon the observed effect, we propose a robust adversarial training (RAT) prototype: in a
minibatch, we optimize the front parts of the network as usual, and adopt additional measures
to regularize the optimization of the latter parts. Based on the prototype, we designed two
realizations of RAT, and extensive experiments demonstrate that RAT can eliminate robust
overfitting and boost adversarial robustness over the standard adversarial training
Near-Optimal Deviation-Proof Medium Access Control Designs in Wireless Networks
Distributed medium access control (MAC) protocols are essential for the
proliferation of low cost, decentralized wireless local area networks (WLANs).
Most MAC protocols are designed with the presumption that nodes comply with
prescribed rules. However, selfish nodes have natural motives to manipulate
protocols in order to improve their own performance. This often degrades the
performance of other nodes as well as that of the overall system. In this work,
we propose a class of protocols that limit the performance gain which nodes can
obtain through selfish manipulation while incurring only a small efficiency
loss. The proposed protocols are based on the idea of a review strategy, with
which nodes collect signals about the actions of other nodes over a period of
time, use a statistical test to infer whether or not other nodes are following
the prescribed protocol, and trigger a punishment if a departure from the
protocol is perceived. We consider the cases of private and public signals and
provide analytical and numerical results to demonstrate the properties of the
proposed protocols.Comment: 14 double-column pages, submitted to ACM/IEEE Trans Networkin
Low-Complexity Iterative Detection for Orthogonal Time Frequency Space Modulation
We elaborate on the recently proposed orthogonal time frequency space (OTFS)
modulation technique, which provides significant advantages over orthogonal
frequency division multiplexing (OFDM) in Doppler channels. We first derive the
input--output relation describing OTFS modulation and demodulation (mod/demod)
for delay--Doppler channels with arbitrary number of paths, with given delay
and Doppler values. We then propose a low-complexity message passing (MP)
detection algorithm, which is suitable for large-scale OTFS taking advantage of
the inherent channel sparsity. Since the fractional Doppler paths (i.e., not
exactly aligned with the Doppler taps) produce the inter Doppler interference
(IDI), we adapt the MP detection algorithm to compensate for the effect of IDI
in order to further improve performance. Simulations results illustrate the
superior performance gains of OTFS over OFDM under various channel conditions.Comment: 6 pages, 7 figure
Spectrum Sharing in Wireless Networks via QoS-Aware Secondary Multicast Beamforming
Secondary spectrum usage has the potential to considerably increase spectrum utilization. In this paper, quality-of-service (QoS)-aware spectrum underlay of a secondary multicast network is considered. A multiantenna secondary access point (AP) is used for multicast (common information) transmission to a number of secondary single-antenna receivers. The idea is that beamforming can be used to steer power towards the secondary receivers while limiting sidelobes that cause interference to primary receivers. Various optimal formulations of beamforming are proposed, motivated by different ldquocohabitationrdquo scenarios, including robust designs that are applicable with inaccurate or limited channel state information at the secondary AP. These formulations are NP-hard computational problems; yet it is shown how convex approximation-based multicast beamforming tools (originally developed without regard to primary interference constraints) can be adapted to work in a spectrum underlay context. Extensive simulation results demonstrate the effectiveness of the proposed approaches and provide insights on the tradeoffs between different design criteria
Power allocation in wireless multi-user relay networks
In this paper, we consider an amplify-and-forward wireless relay system where multiple source nodes communicate with their corresponding destination nodes with the help of relay nodes. Conventionally, each relay equally distributes the available resources to its relayed sources. This approach is clearly sub-optimal since each user experiences dissimilar channel conditions, and thus, demands different amount of allocated resources to meet its quality-of-service (QoS) request. Therefore, this paper presents novel power allocation schemes to i) maximize the minimum signal-to-noise ratio among all users; ii) minimize the maximum transmit power over all sources; iii) maximize the network throughput. Moreover, due to limited power, it may be impossible to satisfy the QoS requirement for every user. Consequently, an admission control algorithm should first be carried out to maximize the number of users possibly served. Then, optimal power allocation is performed. Although the joint optimal admission control and power allocation problem is combinatorially hard, we develop an effective heuristic algorithm with significantly reduced complexity. Even though theoretically sub-optimal, it performs remarkably well. The proposed power allocation problems are formulated using geometric programming (GP), a well-studied class of nonlinear and nonconvex optimization. Since a GP problem is readily transformed into an equivalent convex optimization problem, optimal solution can be obtained efficiently. Numerical results demonstrate the effectiveness of our proposed approach
Network Lifetime Maximization With Node Admission in Wireless Multimedia Sensor Networks
Wireless multimedia sensor networks (WMSNs) are expected to support multimedia services such as delivery of video and audio streams. However, due to the relatively stringent quality-of-service (QoS) requirements of multimedia services (e.g., high transmission rates and timely delivery) and the limited wireless resources, it is possible that not all the potential sensor nodes can be admitted into the network. Thus, node admission is essential for WMSNs, which is the target of this paper. Specifically, we aim at the node admission and its interaction with power allocation and link scheduling. A cross-layer design is presented as a two-stage optimization problem, where at the first stage the number of admitted sensor nodes is maximized, and at the second stage the network lifetime is maximized. Interestingly, it is proved that the two-stage optimization problem can be converted to a one-stage optimization problem with a more compact and concise mathematical form. Numerical results demonstrate the effectiveness of the two-stage and one-stage optimization frameworks
Enhancing Accuracy-Privacy Trade-off in Differentially Private Split Learning
Split learning (SL) aims to protect user data privacy by distributing deep
models between client-server and keeping private data locally. Only processed
or `smashed' data can be transmitted from the clients to the server during the
SL process. However, recently proposed model inversion attacks can recover the
original data from the smashed data. In order to enhance privacy protection
against such attacks, a strategy is to adopt differential privacy (DP), which
involves safeguarding the smashed data at the expense of some accuracy loss.
This paper presents the first investigation into the impact on accuracy when
training multiple clients in SL with various privacy requirements.
Subsequently, we propose an approach that reviews the DP noise distributions of
other clients during client training to address the identified accuracy
degradation. We also examine the application of DP to the local model of SL to
gain insights into the trade-off between accuracy and privacy. Specifically,
findings reveal that introducing noise in the later local layers offers the
most favorable balance between accuracy and privacy. Drawing from our insights
in the shallower layers, we propose an approach to reduce the size of smashed
data to minimize data leakage while maintaining higher accuracy, optimizing the
accuracy-privacy trade-off. Additionally, a smaller size of smashed data
reduces communication overhead on the client side, mitigating one of the
notable drawbacks of SL. Experiments with popular datasets demonstrate that our
proposed approaches provide an optimal trade-off for incorporating DP into SL,
ultimately enhancing training accuracy for multi-client SL with varying privacy
requirements
- …