396 research outputs found
Digital Twin-based Anomaly Detection with Curriculum Learning in Cyber-physical Systems
Anomaly detection is critical to ensure the security of cyber-physical
systems (CPS). However, due to the increasing complexity of attacks and CPS
themselves, anomaly detection in CPS is becoming more and more challenging. In
our previous work, we proposed a digital twin-based anomaly detection method,
called ATTAIN, which takes advantage of both historical and real-time data of
CPS. However, such data vary significantly in terms of difficulty. Therefore,
similar to human learning processes, deep learning models (e.g., ATTAIN) can
benefit from an easy-to-difficult curriculum. To this end, in this paper, we
present a novel approach, named digitaL twin-based Anomaly deTecTion wIth
Curriculum lEarning (LATTICE), which extends ATTAIN by introducing curriculum
learning to optimize its learning paradigm. LATTICE attributes each sample with
a difficulty score, before being fed into a training scheduler. The training
scheduler samples batches of training data based on these difficulty scores
such that learning from easy to difficult data can be performed. To evaluate
LATTICE, we use five publicly available datasets collected from five real-world
CPS testbeds. We compare LATTICE with ATTAIN and two other state-of-the-art
anomaly detectors. Evaluation results show that LATTICE outperforms the three
baselines and ATTAIN by 0.906%-2.367% in terms of the F1 score. LATTICE also,
on average, reduces the training time of ATTAIN by 4.2% on the five datasets
and is on par with the baselines in terms of detection delay time
Global patterns, trends, and drivers of water use efficiency from 2000 to 2013
Water use efficiency (WUE; gross primary production [GPP]/evapotranspiration [ET]) estimates the tradeoff between carbon gain and water loss during photosynthesis and is an important link of the carbon and water cycles. Understanding the spatiotemporal patterns and drivers of WUE is helpful for projecting the responses of ecosystems to climate change. Here we examine the spatiotemporal patterns, trends, and drivers of WUE at the global scale from 2000 to 2013 using the gridded GPP and ET data derived from the Moderate Resolution Imaging Spectroradiometer (MODIS). Our results show that the global WUE has an average value of 1.70 g C/kg H2O with large spatial variability during the 14-year period. WUE exhibits large variability with latitude. WUE also varies much with elevation: it first remains relatively constant as the elevation varies from 0 to 1000 m and then decreases dramatically. WUE generally increases as precipitation and specific humidity increase; whereas it decreases after reaching maxima as temperature and solar radiation increases. In most land areas, the temporal trend of WUE is positively correlated with precipitation and specific humidity over the 14-year period; while it has a negative relationship with temperature and solar radiation related to global warming and dimming. On average, WUE shows an increasing trend of 0.0025 g C·kg−1 H2O·yr−1 globally. Our global-scale assessment of WUE has implications for improving our understanding of the linkages between the water and carbon cycles and for better projecting the responses of ecosystems to climate change
QueryNet: Attack by Multi-Identity Surrogates
Deep Neural Networks (DNNs) are acknowledged as vulnerable to adversarial
attacks, while the existing black-box attacks require extensive queries on the
victim DNN to achieve high success rates. For query-efficiency, surrogate
models of the victim are used to generate transferable Adversarial Examples
(AEs) because of their Gradient Similarity (GS), i.e., surrogates' attack
gradients are similar to the victim's ones. However, it is generally neglected
to exploit their similarity on outputs, namely the Prediction Similarity (PS),
to filter out inefficient queries by surrogates without querying the victim. To
jointly utilize and also optimize surrogates' GS and PS, we develop QueryNet, a
unified attack framework that can significantly reduce queries. QueryNet
creatively attacks by multi-identity surrogates, i.e., crafts several AEs for
one sample by different surrogates, and also uses surrogates to decide on the
most promising AE for the query. After that, the victim's query feedback is
accumulated to optimize not only surrogates' parameters but also their
architectures, enhancing both the GS and the PS. Although QueryNet has no
access to pre-trained surrogates' prior, it reduces queries by averagely about
an order of magnitude compared to alternatives within an acceptable time,
according to our comprehensive experiments: 11 victims (including two
commercial models) on MNIST/CIFAR10/ImageNet, allowing only 8-bit image
queries, and no access to the victim's training data. The code is available at
https://github.com/Sizhe-Chen/QueryNet.Comment: QueryNet reduces queries by about an order of magnitude against SOTA
black-box attack
Going Far Boosts Attack Transferability, but Do Not Do It
Deep Neural Networks (DNNs) could be easily fooled by Adversarial Examples
(AEs) with an imperceptible difference to original ones in human eyes. Also,
the AEs from attacking one surrogate DNN tend to cheat other black-box DNNs as
well, i.e., the attack transferability. Existing works reveal that adopting
certain optimization algorithms in attack improves transferability, but the
underlying reasons have not been thoroughly studied. In this paper, we
investigate the impacts of optimization on attack transferability by
comprehensive experiments concerning 7 optimization algorithms, 4 surrogates,
and 9 black-box models. Through the thorough empirical analysis from three
perspectives, we surprisingly find that the varied transferability of AEs from
optimization algorithms is strongly related to the corresponding Root Mean
Square Error (RMSE) from their original samples. On such a basis, one could
simply approach high transferability by attacking until RMSE decreases, which
motives us to propose a LArge RMSE Attack (LARA). Although LARA significantly
improves transferability by 20%, it is insufficient to exploit the
vulnerability of DNNs, leading to a natural urge that the strength of all
attacks should be measured by both the widely used bound and the
RMSE addressed in this paper, so that tricky enhancement of transferability
would be avoided
Revisiting Deep Ensemble for Out-of-Distribution Detection: A Loss Landscape Perspective
Existing Out-of-Distribution (OoD) detection methods address to detect OoD
samples from In-Distribution data (InD) mainly by exploring differences in
features, logits and gradients in Deep Neural Networks (DNNs). We in this work
propose a new perspective upon loss landscape and mode ensemble to investigate
OoD detection. In the optimization of DNNs, there exist many local optima in
the parameter space, or namely modes. Interestingly, we observe that these
independent modes, which all reach low-loss regions with InD data (training and
test data), yet yield significantly different loss landscapes with OoD data.
Such an observation provides a novel view to investigate the OoD detection from
the loss landscape and further suggests significantly fluctuating OoD detection
performance across these modes. For instance, FPR values of the RankFeat method
can range from 46.58% to 84.70% among 5 modes, showing uncertain detection
performance evaluations across independent modes. Motivated by such diversities
on OoD loss landscape across modes, we revisit the deep ensemble method for OoD
detection through mode ensemble, leading to improved performance and benefiting
the OoD detector with reduced variances. Extensive experiments covering varied
OoD detectors and network structures illustrate high variances across modes and
also validate the superiority of mode ensemble in boosting OoD detection. We
hope this work could attract attention in the view of independent modes in the
OoD loss landscape and more reliable evaluations on OoD detectors
On Multi-head Ensemble of Smoothed Classifiers for Certified Robustness
Randomized Smoothing (RS) is a promising technique for certified robustness,
and recently in RS the ensemble of multiple deep neural networks (DNNs) has
shown state-of-the-art performances. However, such an ensemble brings heavy
computation burdens in both training and certification, and yet under-exploits
individual DNNs and their mutual effects, as the communication between these
classifiers is commonly ignored in optimization. In this work, starting from a
single DNN, we augment the network with multiple heads, each of which pertains
a classifier for the ensemble. A novel training strategy, namely Self-PAced
Circular-TEaching (SPACTE), is proposed accordingly. SPACTE enables a circular
communication flow among those augmented heads, i.e., each head teaches its
neighbor with the self-paced learning using smoothed losses, which are
specifically designed in relation to certified robustness. The deployed
multi-head structure and the circular-teaching scheme of SPACTE jointly
contribute to diversify and enhance the classifiers in augmented heads for
ensemble, leading to even stronger certified robustness than ensembling
multiple DNNs (effectiveness) at the cost of much less computational expenses
(efficiency), verified by extensive experiments and discussions
Binary Classification of Multigranulation Searching Algorithm Based on Probabilistic Decision
Multigranulation computing, which adequately embodies the model of human intelligence in process of solving complex problems, is aimed at decomposing the complex problem into many subproblems in different granularity spaces, and then the subproblems will be solved and synthesized for obtaining the solution of original problem. In this paper, an efficient binary classification of multigranulation searching algorithm which has optimal-mathematical expectation of classification times for classifying the objects of the whole domain is established. And it can solve the binary classification problems based on both multigranulation computing mechanism and probability statistic principle, such as the blood analysis case. Given the binary classifier, the negative sample ratio, and the total number of objects in domain, this model can search the minimum mathematical expectation of classification times and the optimal classification granularity spaces for mining all the negative samples. And the experimental results demonstrate that, with the granules divided into many subgranules, the efficiency of the proposed method gradually increases and tends to be stable. In addition, the complexity for solving problem is extremely reduced
- …