Uncertainty as a Swiss army knife: new adversarial attack and defense ideas based on epistemic uncertainty

Although state-of-the-art deep neural network models are known to be robust to random perturbations, it was verified that these architectures are indeed quite vulnerable to deliberately crafted perturbations, albeit being quasi-imperceptible. These vulnerabilities make it challenging to deploy deep neural network models in the areas where security is a critical concern. In recent years, many research studies have been conducted to develop new attack methods and come up with new defense techniques that enable more robust and reliable models. In this study, we use the quantified epistemic uncertainty obtained from the model’s final probability outputs, along with the model’s own loss function, to generate more effective adversarial samples. And we propose a novel defense approach against attacks like Deepfool which result in adversarial samples located near the model’s decision boundary. We have verified the effectiveness of our attack method on MNIST (Digit), MNIST (Fashion) and CIFAR-10 datasets. In our experiments, we showed that our proposed uncertainty-based reversal method achieved a worst case success rate of around 95% without compromising clean accuracy.publishedVersio

Exploiting epistemic uncertainty of the deep learning models to generate adversarial samples

Deep neural network (DNN) architectures are considered to be robust to random perturbations. Nevertheless, it was shown that they could be severely vulnerable to slight but carefully crafted perturbations of the input, termed as adversarial samples. In recent years, numerous studies have been conducted in this new area called ``Adversarial Machine Learning” to devise new adversarial attacks and to defend against these attacks with more robust DNN architectures. However, most of the current research has concentrated on utilising model loss function to craft adversarial examples or to create robust models. This study explores the usage of quantified epistemic uncertainty obtained from Monte-Carlo Dropout Sampling for adversarial attack purposes by which we perturb the input to the shifted-domain regions where the model has not been trained on. We proposed new attack ideas by exploiting the difficulty of the target model to discriminate between samples drawn from original and shifted versions of the training data distribution by utilizing epistemic uncertainty of the model. Our results show that our proposed hybrid attack approach increases the attack success rates from 82.59% to 85.14%, 82.96% to 90.13% and 89.44% to 91.06% on MNIST Digit, MNIST Fashion and CIFAR-10 datasets, respectively.publishedVersio

Unreasonable Effectiveness of Last Hidden Layer Activations for Adversarial Robustness

In standard Deep Neural Network (DNN) based classifiers, the general convention is to omit the activation function in the last (output) layer and directly apply the softmax function on the logits to get the probability scores of each class. In this type of architectures, the loss value of the classifier against any output class is directly proportional to the difference between the final probability score and the label value of the associated class. Standard White-box adversarial evasion attacks, whether targeted or untargeted, mainly try to exploit the gradient of the model loss function to craft adversarial samples and fool the model. In this study, we show both mathematically and experimentally that using some widely known activation functions in the output layer of the model with high temperature values has the effect of zeroing out the gradients for both targeted and untargeted attack cases, preventing attackers from exploiting the model's loss function to craft adversarial samples. We've experimentally verified the efficacy of our approach on MNIST (Digit), CIFAR10 datasets. Detailed experiments confirmed that our approach substantially improves robustness against gradient-based targeted and untargeted attack threats. And, we showed that the increased non-linearity at the output layer has some additional benefits against some other attack methods like Deepfool attack.Comment: IEEE COMPSAC 2022 publication full versio

Optical alignment procedure utilizing neural networks combined with Shack-Hartmann wavefront sensor

In the design of pilot helmets with night vision capability, to not limit or block the sight of the pilot, a transparent visor is used. The reflected image from the coated part of the visor must coincide with the physical human sight image seen through the nonreflecting regions of the visor. This makes the alignment of the visor halves critical. In essence, this is an alignment problem of two optical parts that are assembled together during the manufacturing process. Shack-Hartmann wavefront sensor is commonly used for the determination of the misalignments through wavefront measurements, which are quantified in terms of the Zernike polynomials. Although the Zernike polynomials provide very useful feedback about the misalignments, the corrective actions are basically ad hoc. This stems from the fact that there exists no easy inverse relation between the misalignment measurements and the physical causes of the misalignments. This study aims to construct this inverse relation by making use of the expressive power of the neural networks in such complex relations. For this purpose, a neural network is designed and trained in MATLAB (R) regarding which types of misalignments result in which wavefront measurements, quantitatively given by Zernike polynomials. This way, manual and iterative alignment processes relying on trial and error will be replaced by the trained guesses of a neural network, so the alignment process is reduced to applying the counter actions based on the misalignment causes. Such a training requires data containing misalignment and measurement sets in fine detail, which is hard to obtain manually on a physical setup. For that reason, the optical setup is completely modeled in Zemax (R) software, and Zernike polynomials are generated for misalignments applied in small steps. The performance of the neural network is experimented and found promising in the actual physical setup. (C) 2017 Society of PhotoOptical Instrumentation Engineer

Predictors of response to pegylated interferon treatment in HBeAg-negative patients with chronic hepatitis B

Introduction: Although pegylated interferons (pegIFNs) alpha-2a and alpha-2b have been used in chronic hepatitis B (CHB) treatment for many years, there are few studies concerning predictors of sustained virologic response (SVR) to pegIFN therapy. In this study, we aimed to investigate the predictors of response to pegIFN treatment in cases with HBeAg-negative CHB infection. Methodology: Seventeen tertiary care hospitals in Turkey were included in this study. Data from consecutively treated HBeAg-negative CHB patients, who received either pegIFN alpha-2a or alpha-2b, were collected retrospectively. SVR is defined as an HBV DNA concentration of less than 2,000 IU/mL six months after the completion of therapy Results: SVR was achieved in 40 (25%) of the 160 HBeAg-negative CHB patients. Viral loads in patients with SVR were lower compared to those with no SVR, beginning in the third month of treatment (p < 0.05). The number of cases with a decline of 1 log(10) IU/mL in viral load after the first month of treatment and with a serum HBV DNA level under 2,000 IU/mL after the third month of treatment was higher in cases with SVR (p < 0.05). The number of patients who had undetectable HBV DNA levels at week 48 among responders was significantly greater than among post-treatment virological relapsers (p < 0.05). Conclusions: Detection of a 1 log(10) decline in serum HBV DNA level at the first month of treatment and a serum HBV DNA level < 2000 IU/mL at the third month of therapy may be predictors of SVR

Magnetic Nanoparticle-Based Electrochemical Sensing Platform Using Ferrocene-Labelled Peptide Nucleic Acid for the Early Diagnosis of Colorectal Cancer

Diagnostic biomarkers based on epigenetic changes such as DNA methylation are promising tools for early cancer diagnosis. However, there are significant difficulties in directly and specifically detecting methylated DNA regions. Here, we report an electrochemical sensing system based on magnetic nanoparticles that enable a quantitative and selective analysis of the methylated septin9 (mSEPT9) gene, which is considered a diagnostic marker in early stage colorectal cancer (CRC). Methylation levels of SEPT9 in CRC samples were successfully followed by the selective recognition ability of a related peptide nucleic acid (PNA) after hybridization with DNA fragments in human patients&rsquo; serums and plasma (n = 10). Moreover, this system was also adapted into a point-of-care (POC) device for a one-step detection platform. The detection of mSEPT9 demonstrated a limit of detection (LOD) value of 0.37% and interference-free measurement in the presence of branched-chain amino acid transaminase 1 (BCAT1) and SRY box transcription factor 21 antisense divergent transcript 1 (SOX21-AS1). The currently proposed functional platform has substantial prospects in translational applications of early CRC detection

Impact of antimicrobial drug restrictions on doctors' behaviors

Conclusion: This study indicated that the AR policy was supported by most of the specialists. Physicians supported this restriction policy more so than surgeons did

Impact of antimicrobial drug restrictions on doctors' behaviors

WOS: 000368558600006PubMed ID: 27511346Background/aim: Broad-spectrum antibiotics have become available for use only with the approval of infectious disease specialists (IDSs) since 2003 in Turkey. This study aimed to analyze the tendencies of doctors who are not disease specialists (non-IDSs) towards the restriction of antibiotics. Materials and methods: A questionnaire form was prepared, which included a total of 22 questions about the impact of antibiotic restriction (AR) policy, the role of IDSs in the restriction, and the perception of this change in antibiotic consumption. The questionnaire was completed by each participating physician. Results: A total of 1906 specialists from 20 cities in Turkey participated in the study. Of those who participated, 1271 (67.5%) had 5 years of occupational experience in their branch expressed that they followed the antibiotic guidelines more strictly than the JSs (P < 0.05) and 755 of physicians (88%) and 720 of surgeons (84.6%) thought that the AR policy was necessary and useful (P < 0.05). Conclusion: This study indicated that the AR policy was supported by most of the specialists. Physicians supported this restriction policy more so than surgeons did