Background and Occlusion Defenses Against Adversarial Examples and Adversarial Patches

Machine learning is increasingly used to make sense of our world in areas from spam detection, recommendation systems, to image classification. However, in each, it is vulnerable to adversarial manipulation. Within adversarial machine learning, we examine image classification attacks and defenses. We construct spoofs of face detection, and we create defenses against two attacks on image classification: normal and patch adversarial example attacks. We examine the Viola-Jones 2D face detection algorithm to study whether images can be created that humans do not notice as faces, yet the algorithm detects as faces. We show that it is possible to construct images that Viola-Jones recognizes as containing faces, yet no human would consider a face. Moreover, we show that it is possible to construct images that fool facial detection even after the images are printed and then photographed. Adversarial examples allow crafted attacks against deep neural network classification of images. The attack changes the computer classification of an image without changing how humans classify it. We propose a defense of expanding the training set with a single, large, and diverse class of background images, striving to ‘fill’ around the borders of the classification boundary. We find that our defense aids the detection of simple attacks on EMNIST, but not advanced attacks. We discuss several limitations of our examination. An attacker limited to changing just a small patch of an image can still deceive deep learning image classification. We propose a defense against such patch attacks based on multiple partial occlusions of the image such that a few occlusions each completely hide the patch. We provide certified accuracy for CIFAR-10, Fashion MNIST and MNIST, with a tunable tradeoff between the false-positive rate and certified accuracy. For CIFAR-10 and a 5 × 5 patch, we can provide certified accuracy for 43.8% of images, at the cost of only 1.6% in clean image accuracy compared to the architecture we defend or a cost of 0.1% compared to our training of that architecture, including a 0.2% false-positive rate

Quantocentric Culture: Ramifications for Social Work Education

Social work students' responses to research tend to reflect their anxiety about the acquisition of competency in statistics and research methods. Their desires to attain social work education and subsequently become practitioners are viewed by them as at odds with research as taught. Yet, within the current quantocentric culture—which the authors define as one in which quantitative research methods are privileged over other lines of inquiry—social work education is increasingly emphasizing research as a central component of practice. Using a ‘culture as disability’ framework to understand quantocentric culture and its impact on the educational environment, we suggest an educational approach designed to interest students in a broad view of research allowing for the wholehearted inclusion of non‐quantitative and practice‐related facets of research. The approach encourages students to: (a) fully articulate their perceptions of research, both positive and negative; (b) link these views and experiences to the anti‐oppressive social work literature and to examine research methods from the perspective of quantocentrism; and (c) develop an inclusive typology of research that integrates qualitative approaches encompassing historical, philosophical, narrative and other avenues that are relevant to their future social work practice careers

Symbolic Software Model Validation

Abstract—Modeling is the crucial first step in formal verification. Some models are constructed by humans from source code, while others are extracted automatically by tools. Regardless of how a model is constructed, verification is only as good as the model; therefore, it is essential to validate the model against the implementation it represents. In this paper we present two complementary approaches to software model validation. The first, data-centric model validation, checks that, for data structures relevant to the property being verified, all operations that update these data structures are captured in the model. The second, operation-centric model validation, checks that each operation being modeled is correctly simulated by the model. Both techniques are based on a combination of symbolic execution and satisfiability modulo theories (SMT) solving. We demonstrate the application of our methods on several case studies, including the address translation logic in the Bochs x86 emulator, the Berkeley Packet Filter, a TCAS benchmark suite, the FTP server from GNU Inetutils, and a component of the XMHF hypervisor. I