Privacy Risks of Securing Machine Learning Models against Adversarial Examples

The arms race between attacks and defenses for machine learning models has come to a forefront in recent years, in both the security community and the privacy community. However, one big limitation of previous research is that the security domain and the privacy domain have typically been considered separately. It is thus unclear whether the defense methods in one domain will have any unexpected impact on the other domain. In this paper, we take a step towards resolving this limitation by combining the two domains. In particular, we measure the success of membership inference attacks against six state-of-the-art defense methods that mitigate the risk of adversarial examples (i.e., evasion attacks). Membership inference attacks determine whether or not an individual data record has been part of a model's training set. The accuracy of such attacks reflects the information leakage of training algorithms about individual members of the training set. Adversarial defense methods against adversarial examples influence the model's decision boundaries such that model predictions remain unchanged for a small area around each input. However, this objective is optimized on training data. Thus, individual data records in the training set have a significant influence on robust models. This makes the models more vulnerable to inference attacks. To perform the membership inference attacks, we leverage the existing inference methods that exploit model predictions. We also propose two new inference methods that exploit structural properties of robust models on adversarially perturbed data. Our experimental evaluation demonstrates that compared with the natural training (undefended) approach, adversarial defense methods can indeed increase the target model's risk against membership inference attacks.Comment: ACM CCS 2019, code is available at https://github.com/inspire-group/privacy-vs-robustnes

Application of functionalized nanofluid in thermosyphon

A water-based functionalized nanofluid was made by surface functionalizing the ordinary silica nanoparticles. The functionalized nanofluid can keep long-term stability. and no sedimentation was observed. The functionalized nanofluid as the working fluid is applied in a thermosyphon to understand the effect of this special nanofluid on the thermal performance of the thermosyphon. The experiment was carried out under steady operating pressures. The same work was also explored for traditional nanofluid (consisting of water and the same silica nanoparticles without functionalization) for comparison. Results indicate that a porous deposition layer exists on the heated surface of the evaporator during the operating process using traditional nanofluid; however, no coating layer exists for functionalized nanofluid. Functionalized nanofluid can enhance the evaporating heat transfer coefficient, while it has generally no effect on the maximum heat flux. Traditional nanofluid deteriorates the evaporating heat transfer coefficient but enhances the maximum heat flux. The existence of the deposition layer affects mainly the thermal performance, and no meaningful nanofluid effect is found in the present study

On service-enhanced product recommendation: Guiding users through complex product specification

Complex service-enhanced products such as solar power plants and intelligent buildings are one-of-a-kind and highly customized by nature. As such on one hand the specification of their sub-products and services involve a wide variety of competitive/cooperative stakeholders and on the other hand through different stages of their long life cycle, these specification are generated in different sessions and go through many iterations. These characteristics of complex products make the process of specifying their components difficult and time-consuming. We have previously defined the tools for specification of both sub-products and their enhancing services related to complex products [1], [2]. In this paper we introduce an approach for the use of a recommender system to assist designers of sub-products with reusing the existing specifications, as well as for recommending business services that can enhance the defined sub-products. Considering that multitudinous (hundreds to thousands) components present in complex products, their specifications cannot be accomplished without proper reuse of related existing specifications in the system, shared by different stakeholders. The introduced recommender system assists designers with their specification of new components, using the previously specified components in the system, and discovers/ranks those similar components, while matching the preferences and requirements set by the users