Identifying the Machine Learning Family from Black-Box Models

[EN] We address the novel question of determining which kind of machine learning model is behind the predictions when we interact with a black-box model. This may allow us to identify families of techniques whose models exhibit similar vulnerabilities and strengths. In our method, we first consider how an adversary can systematically query a given black-box model (oracle) to label an artificially-generated dataset. This labelled dataset is then used for training different surrogate models (each one trying to imitate the oracle¿s behaviour). The method has two different approaches. First, we assume that the family of the surrogate model that achieves the maximum Kappa metric against the oracle labels corresponds to the family of the oracle model. The other approach, based on machine learning, consists in learning a meta-model that is able to predict the model family of a new black-box model. We compare these two approaches experimentally, giving us insight about how explanatory and predictable our concept of family is.This material is based upon work supported by the Air Force Office of Scientific Research under award number FA9550-17-1-0287, the EU (FEDER), and the Spanish MINECO under grant TIN 2015-69175-C4-1-R, the Generalitat Valenciana PROMETEOII/2015/013. F. Martinez-Plumed was also supported by INCIBE under grant INCIBEI-2015-27345 (Ayudas para la excelencia de los equipos de investigacion avanzada en ciberseguridad). J. H-Orallo also received a Salvador de Madariaga grant (PRX17/00467) from the Spanish MECD for a research stay at the CFI, Cambridge, and a BEST grant (BEST/2017/045) from the GVA for another research stay at the CFI.Fabra-Boluda, R.; Ferri Ramírez, C.; Hernández-Orallo, J.; Martínez-Plumed, F.; Ramírez Quintana, MJ. (2018). Identifying the Machine Learning Family from Black-Box Models. Lecture Notes in Computer Science. 11160:55-65. https://doi.org/10.1007/978-3-030-00374-6_6S556511160Angluin, D.: Queries and concept learning. Mach. Learn. 2(4), 319–342 (1988)Benedek, G.M., Itai, A.: Learnability with respect to fixed distributions. Theor. Comput. Sci. 86(2), 377–389 (1991)Biggio, B., et al.: Security Evaluation of support vector machines in adversarial environments. In: Ma, Y., Guo, G. (eds.) Support Vector Machines Applications, pp. 105–153. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-02300-7_4Blanco-Vega, R., Hernández-Orallo, J., Ramírez-Quintana, M.J.: Analysing the trade-off between comprehensibility and accuracy in mimetic models. In: Suzuki, E., Arikawa, S. (eds.) DS 2004. LNCS (LNAI), vol. 3245, pp. 338–346. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30214-8_29Dalvi, N., Domingos, P., Sanghai, S., Verma, D., et al.: Adversarial classification. In: Proceedings of the 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 99–108. ACM (2004)Dheeru, D., Karra Taniskidou, E.: UCI machine learning repository (2017). http://archive.ics.uci.edu/mlDomingos, P.: Knowledge discovery via multiple models. Intell. Data Anal. 2(3), 187–202 (1998)Duin, R.P.W., Loog, M., Pȩkalska, E., Tax, D.M.J.: Feature-based dissimilarity space classification. In: Ünay, D., Çataltepe, Z., Aksoy, S. (eds.) ICPR 2010. LNCS, vol. 6388, pp. 46–55. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17711-8_5Fernández-Delgado, M., Cernadas, E., Barro, S., Amorim, D.: Do we need hundreds of classifiers to solve real world classification problems. J. Mach. Learn. Res. 15(1), 3133–3181 (2014)Ferri, C., Hernández-Orallo, J., Modroiu, R.: An experimental comparison of performance measures for classification. Pattern Recognit. Lett. 30(1), 27–38 (2009)Giacinto, G., Perdisci, R., Del Rio, M., Roli, F.: Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Inf. Fusion 9(1), 69–82 (2008)Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B.I., Tygar, J.: Adversarial machine learning. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp. 43–58 (2011)Kuncheva, L.I., Whitaker, C.J.: Measures of diversity in classifier ensembles and their relationship with the ensemble accuracy. Mach. Learn. 51(2), 181–207 (2003)Landis, J.R., Koch, G.G.: An application of hierarchical kappa-type statistics in the assessment of majority agreement among multiple observers. Biometrics 33, 363–374 (1977)Lowd, D., Meek, C.: Adversarial learning. In: Proceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery in Data mining, pp. 641–647. ACM (2005)Martınez-Plumed, F., Prudêncio, R.B., Martınez-Usó, A., Hernández-Orallo, J.: Making sense of item response theory in machine learning. In: Proceedings of 22nd European Conference on Artificial Intelligence (ECAI). Frontiers in Artificial Intelligence and Applications, vol. 285, pp. 1140–1148 (2016)Papernot, N., McDaniel, P., Goodfellow, I.: Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277 (2016)Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 372–387. IEEE (2016)Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 582–597. IEEE (2016)Sesmero, M.P., Ledezma, A.I., Sanchis, A.: Generating ensembles of heterogeneous classifiers using stacked generalization. Wiley Interdiscip. Rev.: Data Min. Knowl. Discov. 5(1), 21–34 (2015)Smith, M.R., Martinez, T., Giraud-Carrier, C.: An instance level analysis of data complexity. Mach. Learn. 95(2), 225–256 (2014)Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: USENIX Security Symposium, pp. 601–618 (2016)Valiant, L.G.: A theory of the learnable. Commun. ACM 27(11), 1134–1142 (1984)Wallace, C.S., Boulton, D.M.: An information measure for classification. Comput. J. 11(2), 185–194 (1968)Wolpert, D.H.: Stacked generalization. Neural Netw. 5(2), 241–259 (1992

Cenozoic granitoids in the Dinarides of southern Serbia: age of intrusion, isotope geochemistry, exhumation history and significance for the geodynamic evolution of the Balkan Peninsula

Two age groups were determined for the Cenozoic granitoids in the Dinarides of southern Serbia by high-precision single grain U–Pb dating of thermally annealed and chemically abraded zircons: (1) Oligocene ages (Kopaonik, Drenje, Z ˇ eljin) ranging from 31.7 to 30.6 Ma (2) Miocene ages (Golija and Polumir) at 20.58–20.17 and 18.06–17.74 Ma, respectively. Apatite fission-track central ages, modelling combined with zircon central ages and additionally, local structural observations constrain the subsequent exhumation history of the magmatic rocks. They indicate rapid cooling from above 300°C to ca. 80°C between 16 and 10 Ma for both age groups,  induced by extensional exhumation of the plutons located in the footwall of core complexes. Hence, Miocene magmatism and core-complex formation not only affected the Pannonian basin but also a part of the mountainous areas of the internal Dinarides. Based on an extensive set of existing age data combined with our own analyses, we propose a geodynamical model for the Balkan Peninsula: The Late Eocene to Oligocene magmatism, which affects the Adria derived lower plate units of the internal Dinarides, was caused by delamination of the Adriatic mantle from the overlying crust, associated with post-collisional convergence that propagated outward into the external Dinarides.  Miocene magmatism, on the other hand, is associated with core-complex formation along the southern margin of the Pannonian basin, probably associated with the W-directed subduction of the European lithosphere beneath the Carpathians and interfering with ongoing Dinaridic–Hellenic back-arc extension

Increased Expression of Claudin-1 and Claudin-7 in Liver Cirrhosis and Hepatocellular Carcinoma.

Claudins have been reported to be differentially regulated in malignancies and implicated in the process of carcinogenesis and tumor progression. Claudin-1 has been described as key factor in the entry of hepatitis C virus (HCV) into hepatocytes and as promoter of epithelial-mesenchymal transition in liver cells. The objective of the current study was to characterize claudin expression in hepatocellular carcinoma (HCC) as well as HCC-surrounding and normal liver samples with respect to cirrhosis and HCV infection. Expression of claudin-1, -2, -3, -4, and -7 was measured by morphometric analysis of immunohistochemistry, and Western blotting in 30 HCCs with 30 corresponding non-tumorous tissues and 6 normal livers. Claudin-1 and -7 protein expression was found significantly elevated in cirrhosis when compared with non-cirrhotic liver. HCCs developed in cirrhotic livers showed even higher expression of claudin-1 contrary to decreased claudin-7 expression when compared with cirrhosis. With reference to HCV status, HCCs or surrounding livers of HCV-infected samples did not show significant alterations in claudin expression when compared with HCV-negative specimens. Cirrhotic transformation associates with elevated claudin-1 and -7 expressions in both non-tumorous liver and HCC. The fact that no significant differences in claudin expression were found regarding HCV-positivity in our sample set suggests that HCV infection alone does not induce a major increase in the total amount of its entry co-factor claudin-1. Increased expression of claudin-1 seems to be a consequence of cirrhotic transformation and might contribute to a more effective HCV entry and malignant transformation

Pilot study of the multicentre DISCHARGE Trial: image quality and protocol adherence results of computed tomography and invasive coronary angiography

Objective To implement detailed EU cardiac computed tomography angiography (CCTA) quality criteria in the multicentre DISCHARGE trial (FP72007-2013, EC-GA 603266), we reviewed image quality and adherence to CCTA protocol and to the recommendations of invasive coronary angiography (ICA) in a pilot study. Materials and methods From every clinical centre, imaging datasets of three patients per arm were assessed for adherence to the inclusion/exclusion criteria of the pilot study, predefined standards for the CCTA protocol and ICA recommendations, image quality and non-diagnostic (NDX) rate. These parameters were compared via multinomial regression and ANOVA. If a site did not reach the minimum quality level, additional datasets had to be sent before entering into the final accepted database (FADB). Results We analysed 226 cases (150 CCTA/76 ICA). The inclusion/exclusion criteria were not met by 6 of the 226 (2.7%) datasets. The predefined standard was not met by 13 of 76 ICA datasets (17.1%). This percentage decreased between the initial CCTA database and the FADB (multinomial regression, 53 of 70 vs 17 of 75 [76%] vs [23%]). The signal-to-noise ratio and contrast-to-noise ratio of the FADB did not improve significantly (ANOVA, p = 0.20; p = 0.09). The CTA NDX rate was reduced, but not significantly (initial CCTA database 15 of 70 [21.4%]) and FADB 9 of 75 [12%]; p = 0.13). Conclusion We were able to increase conformity to the inclusion/exclusion criteria and CCTA protocol, improve image quality and decrease the CCTA NDX rate by implementing EU CCTA quality criteria and ICA recommendations

Computed tomography versus invasive coronary angiography: design and methods of the pragmatic randomised multicentre DISCHARGE trial

Objectives More than 3.5 million invasive coronary angiographies (ICA) are performed in Europe annually. Approximately 2 million of these invasive procedures might be reduced by noninvasive tests because no coronary intervention is performed. Computed tomography (CT) is the most accurate noninvasive test for detection and exclusion of coronary artery disease (CAD). To investigate the comparative effectiveness of CT and ICA, we designed the European pragmatic multicentre DISCHARGE trial funded by the 7th Framework Programme of the European Union (EC-GA 603266). Methods In this trial, patients with a low-to-intermediate pretest probability (10–60 %) of suspected CAD and a clinical indication for ICA because of stable chest pain will be randomised in a 1-to-1 ratio to CT or ICA. CT and ICA findings guide subsequent management decisions by the local heart teams according to current evidence and European guidelines. Results Major adverse cardiovascular events (MACE) defined as cardiovascular death, myocardial infarction and stroke as a composite endpoint will be the primary outcome measure. Secondary and other outcomes include cost-effectiveness, radiation exposure, health-related quality of life (HRQoL), socioeconomic status, lifestyle, adverse events related to CT/ICA, and gender differences. Conclusions The DISCHARGE trial will assess the comparative effectiveness of CT and ICA