Adversarial Sample Detection for Deep Neural Network through Model Mutation Testing

Deep neural networks (DNN) have been shown to be useful in a wide range of applications. However, they are also known to be vulnerable to adversarial samples. By transforming a normal sample with some carefully crafted human imperceptible perturbations, even highly accurate DNN make wrong decisions. Multiple defense mechanisms have been proposed which aim to hinder the generation of such adversarial samples. However, a recent work show that most of them are ineffective. In this work, we propose an alternative approach to detect adversarial samples at runtime. Our main observation is that adversarial samples are much more sensitive than normal samples if we impose random mutations on the DNN. We thus first propose a measure of `sensitivity' and show empirically that normal samples and adversarial samples have distinguishable sensitivity. We then integrate statistical hypothesis testing and model mutation testing to check whether an input sample is likely to be normal or adversarial at runtime by measuring its sensitivity. We evaluated our approach on the MNIST and CIFAR10 datasets. The results show that our approach detects adversarial samples generated by state-of-the-art attacking methods efficiently and accurately.Comment: Accepted by ICSE 201

Improving the security of quantum direct communication with authentication

Two protocols of quantum direct communication with authentication [Phys. Rev. A {\bf 73}, 042305 (2006)] are recently proposed by Lee, Lim and Yang. In this paper we will show that in the two protocols the authenticator Trent should be prevented from knowing the secret message of communication. The first protocol can be eavesdropped by Trent using the the intercept-measure-resend attack, while the second protocol can be eavesdropped by Trent using single-qubit measurement. To fix these leaks, I revise the original versions of the protocols by using the Pauli-Z operation $\sigma_z$ instead of the original bit-flip operation $X$. As a consequence, the protocol securities are improved.Comment: Any suggestion,comment or help is welcome

Super-resolution image transfer by a vortex-like metamaterial

We propose a vortex-like metamaterial device that is capable of transferring image along a spiral route without losing subwavelength information of the image. The super-resolution image can be guided and magnified at the same time with one single design. Our design may provide insights in manipulating super-resolution image in a more flexible manner. Examples are given and illustrated with numerical simulations.Comment: 7 pages, 6 figure

Plane waves in thermoelasticity with one relaxation time

We apply the thermoelastic equations with one relaxation time developed by Lord and Shulman (1967) to solve some elastic half-space problems. Laplace transform is used to find the general solution. Problems concerning the ramp-type increase in boundary temperature and stress are studied in detail. Explicit expressions for temperature and stress are obtained for small values of time, where second sound phenomena are of relevance. Numerical values of stress and temperature are calculated and displayed graphically