1,107 research outputs found
Enhancing Deep Neural Networks Testing by Traversing Data Manifold
We develop DEEPTRAVERSAL, a feedback-driven framework to test DNNs.
DEEPTRAVERSAL first launches an offline phase to map media data of various
forms to manifolds. Then, in its online testing phase, DEEPTRAVERSAL traverses
the prepared manifold space to maximize DNN coverage criteria and trigger
prediction errors. In our evaluation, DNNs executing various tasks (e.g.,
classification, self-driving, machine translation) and media data of different
types (image, audio, text) were used. DEEPTRAVERSAL exhibits better performance
than prior methods with respect to popular DNN coverage criteria and it can
discover a larger number and higher quality of error-triggering inputs. The
tested DNN models, after being repaired with findings of DEEPTRAVERSAL, achieve
better accurac
MDPFuzz: Testing Models Solving Markov Decision Processes
The Markov decision process (MDP) provides a mathematical framework for
modeling sequential decision-making problems, many of which are crucial to
security and safety, such as autonomous driving and robot control. The rapid
development of artificial intelligence research has created efficient methods
for solving MDPs, such as deep neural networks (DNNs), reinforcement learning
(RL), and imitation learning (IL). However, these popular models for solving
MDPs are neither thoroughly tested nor rigorously reliable.
We present MDPFuzzer, the first blackbox fuzz testing framework for models
solving MDPs. MDPFuzzer forms testing oracles by checking whether the target
model enters abnormal and dangerous states. During fuzzing, MDPFuzzer decides
which mutated state to retain by measuring if it can reduce cumulative rewards
or form a new state sequence. We design efficient techniques to quantify the
"freshness" of a state sequence using Gaussian mixture models (GMMs) and
dynamic expectation-maximization (DynEM). We also prioritize states with high
potential of revealing crashes by estimating the local sensitivity of target
models over states.
MDPFuzzer is evaluated on five state-of-the-art models for solving MDPs,
including supervised DNN, RL, IL, and multi-agent RL. Our evaluation includes
scenarios of autonomous driving, aircraft collision avoidance, and two games
that are often used to benchmark RL. During a 12-hour run, we find over 80
crash-triggering state sequences on each model. We show inspiring findings that
crash-triggering states, though look normal, induce distinct neuron activation
patterns compared with normal states. We further develop an abnormal behavior
detector to harden all the evaluated models and repair them with the findings
of MDPFuzzer to significantly enhance their robustness without sacrificing
accuracy
The formation channels of multiphase gas in nearby early-type galaxies
The processes responsible for the assembly of cold and warm gas in early-type
galaxies (ETGs) are not well-understood. We report on the multiwavelength
properties of 15 non-central, nearby ( 0.00889) ETGs primarily through
Multi-Unit Spectroscopic Explorer (MUSE) and Chandra X-ray observations, to
address the origin of their multiphase gas. The MUSE data reveals 8/15 sources
contain warm ionized gas traced by the H emission line. The morphology
of this gas is found to be filamentary in 3/8 sources: NGC 1266, NGC 4374, and
NGC 4684 which is similar to that observed in many group and cluster-centered
galaxies. All H filamentary sources have X-ray luminosities exceeding
the expected emission from the stellar population, suggesting the presence of
diffuse hot gas which likely cooled to form the cooler phases. The morphology
of the remaining 5/8 sources are rotating gas disks, not as commonly observed
in higher mass systems. Chandra X-ray observations (when available) of the ETGs
with rotating H disks indicate that they are nearly void of hot gas. A
mixture of stellar mass loss and external accretion was likely the dominant
channel for the cool gas in NGC 4526 and NGC 4710. These ETGs show full
kinematic alignment between their stars and gas, and are fast rotators. The
H features within NGC 4191 (clumpy, potentially star-forming ring), NGC
4643 and NGC 5507 (extended structures) along with loosely overlapping stellar
and gas populations allow us to attribute external accretion to be the primary
formation channel of the cool gas in these systems.Comment: 16 pages, 7 figures, accepted for publication in MNRA
Decompiling x86 Deep Neural Network Executables
Due to their widespread use on heterogeneous hardware devices, deep learning
(DL) models are compiled into executables by DL compilers to fully leverage
low-level hardware primitives. This approach allows DL computations to be
undertaken at low cost across a variety of computing platforms, including CPUs,
GPUs, and various hardware accelerators.
We present BTD (Bin to DNN), a decompiler for deep neural network (DNN)
executables. BTD takes DNN executables and outputs full model specifications,
including types of DNN operators, network topology, dimensions, and parameters
that are (nearly) identical to those of the input models. BTD delivers a
practical framework to process DNN executables compiled by different DL
compilers and with full optimizations enabled on x86 platforms. It employs
learning-based techniques to infer DNN operators, dynamic analysis to reveal
network architectures, and symbolic execution to facilitate inferring
dimensions and parameters of DNN operators.
Our evaluation reveals that BTD enables accurate recovery of full
specifications of complex DNNs with millions of parameters (e.g., ResNet). The
recovered DNN specifications can be re-compiled into a new DNN executable
exhibiting identical behavior to the input executable. We show that BTD can
boost two representative attacks, adversarial example generation and knowledge
stealing, against DNN executables. We also demonstrate cross-architecture
legacy code reuse using BTD, and envision BTD being used for other critical
downstream tasks like DNN security hardening and patching.Comment: The extended version of a paper to appear in the Proceedings of the
32nd USENIX Security Symposium, 2023, (USENIX Security '23), 25 page
- …