457 research outputs found
A Formalization of Robustness for Deep Neural Networks
Deep neural networks have been shown to lack robustness to small input
perturbations. The process of generating the perturbations that expose the lack
of robustness of neural networks is known as adversarial input generation. This
process depends on the goals and capabilities of the adversary, In this paper,
we propose a unifying formalization of the adversarial input generation process
from a formal methods perspective. We provide a definition of robustness that
is general enough to capture different formulations. The expressiveness of our
formalization is shown by modeling and comparing a variety of adversarial
attack techniques
Recommended from our members
Exploring Computation and Communication Trade-offs in the Design of Automatic Video Surveillance Networks
Video surveillance is one of the fastest-growing class of networked embedded systems. An increasing number of cameras are networked to support various applications including security in city streets, emergency evacuation in large buildings and direct marketing in department stores. The large number of networked cameras motivates the need for automatic video analysis, which, as of today, relies mostly on centralized computation. Still, trends in embedded computing enable the cost-effective realization of smart camera nodes and, consequently, the distribution of part or all of the computation. Starting from a particular application of automatic video surveillance for building automation, we derive a system-level model of the main computational tasks that are necessary to process a collection of video streams together with their requirements in terms of computation and communication resources. Then, we define a set of alternative implementation platforms based on a detailed analysis of the possible choices in terms of off-the-shelf components and interconnection network technologies. Finally, we present a methodology and supporting CAD tool that assists us in evaluating alternative partitioning/mapping of the computational tasks onto the various platforms
Some Algebraic Aspects of Assume-Guarantee Reasoning
We present the algebra of assume-guarantee (AG) contracts. We define
contracts, provide new as well as known operations, and show how these
operations are related. Contracts are functorial: any Boolean algebra has an
associated contract algebra. We study monoid and semiring structures in
contract algebra -- and the mappings between such structures. We discuss the
actions of a Boolean algebra on its contract algebra
Beating Backdoor Attack at Its Own Game
Deep neural networks (DNNs) are vulnerable to backdoor attack, which does not
affect the network's performance on clean data but would manipulate the network
behavior once a trigger pattern is added. Existing defense methods have greatly
reduced attack success rate, but their prediction accuracy on clean data still
lags behind a clean model by a large margin. Inspired by the stealthiness and
effectiveness of backdoor attack, we propose a simple but highly effective
defense framework which injects non-adversarial backdoors targeting poisoned
samples. Following the general steps in backdoor attack, we detect a small set
of suspected samples and then apply a poisoning strategy to them. The
non-adversarial backdoor, once triggered, suppresses the attacker's backdoor on
poisoned data, but has limited influence on clean data. The defense can be
carried out during data preprocessing, without any modification to the standard
end-to-end training pipeline. We conduct extensive experiments on multiple
benchmarks with different architectures and representative attacks. Results
demonstrate that our method achieves state-of-the-art defense effectiveness
with by far the lowest performance drop on clean data. Considering the
surprising defense ability displayed by our framework, we call for more
attention to utilizing backdoor for backdoor defense. Code is available at
https://github.com/damianliumin/non-adversarial_backdoor.Comment: Accepted to ICCV 202
A One-Class Support Vector Machine Calibration Method for Time Series Change Point Detection
It is important to identify the change point of a system's health status,
which usually signifies an incipient fault under development. The One-Class
Support Vector Machine (OC-SVM) is a popular machine learning model for anomaly
detection and hence could be used for identifying change points; however, it is
sometimes difficult to obtain a good OC-SVM model that can be used on sensor
measurement time series to identify the change points in system health status.
In this paper, we propose a novel approach for calibrating OC-SVM models. The
approach uses a heuristic search method to find a good set of input data and
hyperparameters that yield a well-performing model. Our results on the C-MAPSS
dataset demonstrate that OC-SVM can also achieve satisfactory accuracy in
detecting change point in time series with fewer training data, compared to
state-of-the-art deep learning approaches. In our case study, the OC-SVM
calibrated by the proposed model is shown to be useful especially in scenarios
with limited amount of training data
Recommended from our members
Synthesis of On-Chip Interconnection Structures:From Point-to-Point Links to Networks-on-Chip
Packet-switched networks-on-chip (NOC) have been advocated as the solution to the challenge of organizing efficient and reliable communication structures among the components of a system-on-chip (SOC). A critical issue in designing a NOC is to determine its topology given the set of point-to-point communication requirements among these components. We present a novel approach to on-chip communication synthesis that is based on the iterative combination of two efficient computational steps: (1) an application of the k-Median algorithm to coarsely determine the global communication structure (which may turned out not be a network after all), and a (2) a variation of the shortest-path algorithm in order to finely tune the data flows on the communication channels. The application of our method to case studies taken from the literature shows that we can automatically synthesize optimal NOC topologies for multi-core on-chip processors and it offers new insights on why NOC are not necessarily a value proposition for some classes of applcation-specific SOCs
- …