-
Adaptive Sensitivity Analysis for Robust Augmentation against Natural Corruptions in Image Segmentation
Authors:
Laura Zheng,
Wenjie Wei,
Tony Wu,
Jacob Clements,
Shreelekha Revankar,
Andre Harrison,
Yu Shen,
Ming C. Lin
Abstract:
Achieving robustness in image segmentation models is challenging due to the fine-grained nature of pixel-level classification. These models, which are crucial for many real-time perception applications, particularly struggle when faced with natural corruptions in the wild for autonomous systems. While sensitivity analysis can help us understand how input variables influence model outputs, its appl…
▽ More
Achieving robustness in image segmentation models is challenging due to the fine-grained nature of pixel-level classification. These models, which are crucial for many real-time perception applications, particularly struggle when faced with natural corruptions in the wild for autonomous systems. While sensitivity analysis can help us understand how input variables influence model outputs, its application to natural and uncontrollable corruptions in training data is computationally expensive. In this work, we present an adaptive, sensitivity-guided augmentation method to enhance robustness against natural corruptions. Our sensitivity analysis on average runs 10x faster and requires about 200x less storage than previous sensitivity analysis, enabling practical, on-the-fly estimation during training for a model-free augmentation policy. With minimal fine-tuning, our sensitivity-guided augmentation method achieves improved robustness on both real-world and synthetic datasets compared to state-of-the-art data augmentation techniques in image segmentation. Code implementation for this work can be found at: https://github.com/laurayuzheng/SensAug.
△ Less
Submitted 16 June, 2025; v1 submitted 3 June, 2024;
originally announced June 2024.
-
Sequential Deep Learning for Credit Risk Monitoring with Tabular Financial Data
Authors:
Jillian M. Clements,
Di Xu,
Nooshin Yousefi,
Dmitry Efimov
Abstract:
Machine learning plays an essential role in preventing financial losses in the banking industry. Perhaps the most pertinent prediction task that can result in billions of dollars in losses each year is the assessment of credit risk (i.e., the risk of default on debt). Today, much of the gains from machine learning to predict credit risk are driven by gradient boosted decision tree models. However,…
▽ More
Machine learning plays an essential role in preventing financial losses in the banking industry. Perhaps the most pertinent prediction task that can result in billions of dollars in losses each year is the assessment of credit risk (i.e., the risk of default on debt). Today, much of the gains from machine learning to predict credit risk are driven by gradient boosted decision tree models. However, these gains begin to plateau without the addition of expensive new data sources or highly engineered features. In this paper, we present our attempts to create a novel approach to assessing credit risk using deep learning that does not rely on new model inputs. We propose a new credit card transaction sampling technique to use with deep recurrent and causal convolution-based neural networks that exploits long historical sequences of financial data without costly resource requirements. We show that our sequential deep learning approach using a temporal convolutional network outperformed the benchmark non-sequential tree-based model, achieving significant financial savings and earlier detection of credit risk. We also demonstrate the potential for our approach to be used in a production environment, where our sampling technique allows for sequences to be stored efficiently in memory and used for fast online learning and inference.
△ Less
Submitted 30 December, 2020;
originally announced December 2020.
-
Dynamics of large scale networks following a merger
Authors:
John Clements,
Babak Farzad,
Henryk FukÅ›
Abstract:
We study the dynamic network of relationships among avatars in the massively multiplayer online game Planetside 2. In the spring of 2014, two separate servers of this game were merged, and as a result, two previously distinct networks were combined into one. We observed the evolution of this network in the seven month period following the merger and report our observations. We found that some stru…
▽ More
We study the dynamic network of relationships among avatars in the massively multiplayer online game Planetside 2. In the spring of 2014, two separate servers of this game were merged, and as a result, two previously distinct networks were combined into one. We observed the evolution of this network in the seven month period following the merger and report our observations. We found that some structures of original networks persist in the combined network for a long time after the merger. As the original avatars are gradually removed, these structures slowly dissolve, but they remain observable for a surprisingly long time. We present a number of visualizations illustrating the post-merger dynamics and discuss time evolution of selected quantities characterizing the topology of the network.
△ Less
Submitted 21 February, 2020;
originally announced February 2020.
-
Rallying Adversarial Techniques against Deep Learning for Network Security
Authors:
Joseph Clements,
Yuzhe Yang,
Ankur Sharma,
Hongxin Hu,
Yingjie Lao
Abstract:
Recent advances in artificial intelligence and the increasing need for powerful defensive measures in the domain of network security, have led to the adoption of deep learning approaches for use in network intrusion detection systems. These methods have achieved superior performance against conventional network attacks, which enable the deployment of practical security systems to unique and dynami…
▽ More
Recent advances in artificial intelligence and the increasing need for powerful defensive measures in the domain of network security, have led to the adoption of deep learning approaches for use in network intrusion detection systems. These methods have achieved superior performance against conventional network attacks, which enable the deployment of practical security systems to unique and dynamic sectors. Adversarial machine learning, unfortunately, has recently shown that deep learning models are inherently vulnerable to adversarial modifications on their input data. Because of this susceptibility, the deep learning models deployed to power a network defense could in fact be the weakest entry point for compromising a network system. In this paper, we show that by modifying on average as little as 1.38 of the input features, an adversary can generate malicious inputs which effectively fool a deep learning based NIDS. Therefore, when designing such systems, it is crucial to consider the performance from not only the conventional network security perspective but also the adversarial machine learning domain.
△ Less
Submitted 24 October, 2021; v1 submitted 27 March, 2019;
originally announced March 2019.
-
Optimal Sabotage Attack on Composite Material Parts
Authors:
Bikash Ranabhat,
Joseph Clements,
Jacob Gatlin,
Kuang-Ting Hsiao,
Mark Yampolskiy
Abstract:
Industry 4.0 envisions a fully automated manufacturing environment, in which computerized manufacturing equipment--Cyber-Physical Systems (CPS)--performs all tasks. These machines are open to a variety of cyber and cyber-physical attacks, including sabotage. In the manufacturing context, sabotage attacks aim to damage equipment or degrade a manufactured part's mechanical properties. In this paper,…
▽ More
Industry 4.0 envisions a fully automated manufacturing environment, in which computerized manufacturing equipment--Cyber-Physical Systems (CPS)--performs all tasks. These machines are open to a variety of cyber and cyber-physical attacks, including sabotage. In the manufacturing context, sabotage attacks aim to damage equipment or degrade a manufactured part's mechanical properties. In this paper, we focus on the latter, specifically for composite materials. Composite material parts are predominantly used in safety-critical systems, e.g., as load-bearing parts of aircraft. Further, we distinguish between the methods to compromise various manufacturing equipment, and the malicious manipulations that will sabotage a part. As the research literature has numerous examples of the former, in this paper we assume that the equipment is already compromised, our discussion is solely on manipulations.
We develop a simulation approach to designing sabotage attacks against composite material parts. The attack can be optimized by two criteria, minimizing the "footprint" of manipulations. We simulate two optimal attacks against the design of a spar, a load bearing component of an airplane wing. Our simulation identifies the minimal manipulations needed to degrade its strength to three desired levels, as well as the resulting failure characteristics. Last but not least, we outline an approach to identifying sabotaged parts.
△ Less
Submitted 6 October, 2018;
originally announced October 2018.
-
Hardware Trojan Attacks on Neural Networks
Authors:
Joseph Clements,
Yingjie Lao
Abstract:
With the rising popularity of machine learning and the ever increasing demand for computational power, there is a growing need for hardware optimized implementations of neural networks and other machine learning models. As the technology evolves, it is also plausible that machine learning or artificial intelligence will soon become consumer electronic products and military equipment, in the form o…
▽ More
With the rising popularity of machine learning and the ever increasing demand for computational power, there is a growing need for hardware optimized implementations of neural networks and other machine learning models. As the technology evolves, it is also plausible that machine learning or artificial intelligence will soon become consumer electronic products and military equipment, in the form of well-trained models. Unfortunately, the modern fabless business model of manufacturing hardware, while economic, leads to deficiencies in security through the supply chain. In this paper, we illuminate these security issues by introducing hardware Trojan attacks on neural networks, expanding the current taxonomy of neural network security to incorporate attacks of this nature. To aid in this, we develop a novel framework for inserting malicious hardware Trojans in the implementation of a neural network classifier. We evaluate the capabilities of the adversary in this setting by implementing the attack algorithm on convolutional neural networks while controlling a variety of parameters available to the adversary. Our experimental results show that the proposed algorithm could effectively classify a selected input trigger as a specified class on the MNIST dataset by injecting hardware Trojans into $0.03\%$, on average, of neurons in the 5th hidden layer of arbitrary 7-layer convolutional neural networks, while undetectable under the test data. Finally, we discuss the potential defenses to protect neural networks against hardware Trojan attacks.
△ Less
Submitted 14 June, 2018;
originally announced June 2018.
-
Generating 56-bit passwords using Markov Models (and Charles Dickens)
Authors:
John Clements
Abstract:
We describe a password generation scheme based on Markov models built from English text (specifically, Charles Dickens' *A Tale Of Two Cities*). We show a (linear-running-time) bijection between random bitstrings of any desired length and generated text, ensuring that all passwords are generated with equal probability. We observe that the generated passwords appear to strike a reasonable balance b…
▽ More
We describe a password generation scheme based on Markov models built from English text (specifically, Charles Dickens' *A Tale Of Two Cities*). We show a (linear-running-time) bijection between random bitstrings of any desired length and generated text, ensuring that all passwords are generated with equal probability. We observe that the generated passwords appear to strike a reasonable balance between memorability and security. Using the system, we get 56-bit passwords like 'The cusay is wither?" t', rather than passwords like 'tQ$%Xc4Ef'.
△ Less
Submitted 26 February, 2015;
originally announced February 2015.
-
Stepping Lazy Programs
Authors:
Stephen Chang,
John Clements,
Eli Barzilay,
Matthias Felleisen
Abstract:
Debugging lazy functional programs poses serious challenges. In support of the "stop, examine, and resume" debugging style of imperative languages, some debugging tools abandon lazy evaluation. Other debuggers preserve laziness but present it in a way that may confuse programmers because the focus of evaluation jumps around in a seemingly random manner.
In this paper, we introduce a supplemental…
▽ More
Debugging lazy functional programs poses serious challenges. In support of the "stop, examine, and resume" debugging style of imperative languages, some debugging tools abandon lazy evaluation. Other debuggers preserve laziness but present it in a way that may confuse programmers because the focus of evaluation jumps around in a seemingly random manner.
In this paper, we introduce a supplemental tool, the algebraic program stepper. An algebraic stepper shows computation as a mathematical calculation. Algebraic stepping could be particularly useful for novice programmers or programmers new to lazy programming. Mathematically speaking, an algebraic stepper renders computation as the standard rewriting sequence of a lazy lambda-calculus. Our novel lazy semantics introduces lazy evaluation as a form of parallel program rewriting. It represents a compromise between Launchbury's store-based semantics and a simple, axiomatic description of lazy computation as sharing-via-parameters. Finally, we prove that the stepper's run-time machinery correctly reconstructs the standard rewriting sequence.
△ Less
Submitted 23 August, 2011;
originally announced August 2011.
