Enhancing Deep Neural Networks Testing by Traversing Data Manifold

We develop DEEPTRAVERSAL, a feedback-driven framework to test DNNs. DEEPTRAVERSAL first launches an offline phase to map media data of various forms to manifolds. Then, in its online testing phase, DEEPTRAVERSAL traverses the prepared manifold space to maximize DNN coverage criteria and trigger prediction errors. In our evaluation, DNNs executing various tasks (e.g., classification, self-driving, machine translation) and media data of different types (image, audio, text) were used. DEEPTRAVERSAL exhibits better performance than prior methods with respect to popular DNN coverage criteria and it can discover a larger number and higher quality of error-triggering inputs. The tested DNN models, after being repaired with findings of DEEPTRAVERSAL, achieve better accurac

MDPFuzz: Testing Models Solving Markov Decision Processes

The Markov decision process (MDP) provides a mathematical framework for modeling sequential decision-making problems, many of which are crucial to security and safety, such as autonomous driving and robot control. The rapid development of artificial intelligence research has created efficient methods for solving MDPs, such as deep neural networks (DNNs), reinforcement learning (RL), and imitation learning (IL). However, these popular models for solving MDPs are neither thoroughly tested nor rigorously reliable. We present MDPFuzzer, the first blackbox fuzz testing framework for models solving MDPs. MDPFuzzer forms testing oracles by checking whether the target model enters abnormal and dangerous states. During fuzzing, MDPFuzzer decides which mutated state to retain by measuring if it can reduce cumulative rewards or form a new state sequence. We design efficient techniques to quantify the "freshness" of a state sequence using Gaussian mixture models (GMMs) and dynamic expectation-maximization (DynEM). We also prioritize states with high potential of revealing crashes by estimating the local sensitivity of target models over states. MDPFuzzer is evaluated on five state-of-the-art models for solving MDPs, including supervised DNN, RL, IL, and multi-agent RL. Our evaluation includes scenarios of autonomous driving, aircraft collision avoidance, and two games that are often used to benchmark RL. During a 12-hour run, we find over 80 crash-triggering state sequences on each model. We show inspiring findings that crash-triggering states, though look normal, induce distinct neuron activation patterns compared with normal states. We further develop an abnormal behavior detector to harden all the evaluated models and repair them with the findings of MDPFuzzer to significantly enhance their robustness without sacrificing accuracy

The formation channels of multiphase gas in nearby early-type galaxies

The processes responsible for the assembly of cold and warm gas in early-type galaxies (ETGs) are not well-understood. We report on the multiwavelength properties of 15 non-central, nearby ($z \leq$ 0.00889) ETGs primarily through Multi-Unit Spectroscopic Explorer (MUSE) and Chandra X-ray observations, to address the origin of their multiphase gas. The MUSE data reveals 8/15 sources contain warm ionized gas traced by the H$\alpha$ emission line. The morphology of this gas is found to be filamentary in 3/8 sources: NGC 1266, NGC 4374, and NGC 4684 which is similar to that observed in many group and cluster-centered galaxies. All H$\alpha$ filamentary sources have X-ray luminosities exceeding the expected emission from the stellar population, suggesting the presence of diffuse hot gas which likely cooled to form the cooler phases. The morphology of the remaining 5/8 sources are rotating gas disks, not as commonly observed in higher mass systems. Chandra X-ray observations (when available) of the ETGs with rotating H$\alpha$ disks indicate that they are nearly void of hot gas. A mixture of stellar mass loss and external accretion was likely the dominant channel for the cool gas in NGC 4526 and NGC 4710. These ETGs show full kinematic alignment between their stars and gas, and are fast rotators. The H$\alpha$ features within NGC 4191 (clumpy, potentially star-forming ring), NGC 4643 and NGC 5507 (extended structures) along with loosely overlapping stellar and gas populations allow us to attribute external accretion to be the primary formation channel of the cool gas in these systems.Comment: 16 pages, 7 figures, accepted for publication in MNRA

Decompiling x86 Deep Neural Network Executables

Due to their widespread use on heterogeneous hardware devices, deep learning (DL) models are compiled into executables by DL compilers to fully leverage low-level hardware primitives. This approach allows DL computations to be undertaken at low cost across a variety of computing platforms, including CPUs, GPUs, and various hardware accelerators. We present BTD (Bin to DNN), a decompiler for deep neural network (DNN) executables. BTD takes DNN executables and outputs full model specifications, including types of DNN operators, network topology, dimensions, and parameters that are (nearly) identical to those of the input models. BTD delivers a practical framework to process DNN executables compiled by different DL compilers and with full optimizations enabled on x86 platforms. It employs learning-based techniques to infer DNN operators, dynamic analysis to reveal network architectures, and symbolic execution to facilitate inferring dimensions and parameters of DNN operators. Our evaluation reveals that BTD enables accurate recovery of full specifications of complex DNNs with millions of parameters (e.g., ResNet). The recovered DNN specifications can be re-compiled into a new DNN executable exhibiting identical behavior to the input executable. We show that BTD can boost two representative attacks, adversarial example generation and knowledge stealing, against DNN executables. We also demonstrate cross-architecture legacy code reuse using BTD, and envision BTD being used for other critical downstream tasks like DNN security hardening and patching.Comment: The extended version of a paper to appear in the Proceedings of the 32nd USENIX Security Symposium, 2023, (USENIX Security '23), 25 page