-
Constrained Posterior Sampling: Time Series Generation with Hard Constraints
Authors:
Sai Shankar Narasimhan,
Shubhankar Agarwal,
Litu Rout,
Sanjay Shakkottai,
Sandeep P. Chinchali
Abstract:
Generating realistic time series samples is crucial for stress-testing models and protecting user privacy by using synthetic data. In engineering and safety-critical applications, these samples must meet certain hard constraints that are domain-specific or naturally imposed by physics or nature. Consider, for example, generating electricity demand patterns with constraints on peak demand times. Th…
▽ More
Generating realistic time series samples is crucial for stress-testing models and protecting user privacy by using synthetic data. In engineering and safety-critical applications, these samples must meet certain hard constraints that are domain-specific or naturally imposed by physics or nature. Consider, for example, generating electricity demand patterns with constraints on peak demand times. This can be used to stress-test the functioning of power grids during adverse weather conditions. Existing approaches for generating constrained time series are either not scalable or degrade sample quality. To address these challenges, we introduce Constrained Posterior Sampling (CPS), a diffusion-based sampling algorithm that aims to project the posterior mean estimate into the constraint set after each denoising update. Notably, CPS scales to a large number of constraints (~100) without requiring additional training. We provide theoretical justifications highlighting the impact of our projection step on sampling. Empirically, CPS outperforms state-of-the-art methods in sample quality and similarity to real time series by around 10% and 42%, respectively, on real-world stocks, traffic, and air quality datasets.
△ Less
Submitted 16 October, 2024;
originally announced October 2024.
-
SecureSpectra: Safeguarding Digital Identity from Deep Fake Threats via Intelligent Signatures
Authors:
Oguzhan Baser,
Kaan Kale,
Sandeep P. Chinchali
Abstract:
Advancements in DeepFake (DF) audio models pose a significant threat to voice authentication systems, leading to unauthorized access and the spread of misinformation. We introduce a defense mechanism, SecureSpectra, addressing DF threats by embedding orthogonal, irreversible signatures within audio. SecureSpectra leverages the inability of DF models to replicate high-frequency content, which we em…
▽ More
Advancements in DeepFake (DF) audio models pose a significant threat to voice authentication systems, leading to unauthorized access and the spread of misinformation. We introduce a defense mechanism, SecureSpectra, addressing DF threats by embedding orthogonal, irreversible signatures within audio. SecureSpectra leverages the inability of DF models to replicate high-frequency content, which we empirically identify across diverse datasets and DF models. Integrating differential privacy into the pipeline protects signatures from reverse engineering and strikes a delicate balance between enhanced security and minimal performance compromises. Our evaluations on Mozilla Common Voice, LibriSpeech, and VoxCeleb datasets showcase SecureSpectra's superior performance, outperforming recent works by up to 71% in detection accuracy. We open-source SecureSpectra to benefit the research community.
△ Less
Submitted 30 June, 2024;
originally announced July 2024.
-
Safe Networked Robotics with Probabilistic Verification
Authors:
Sai Shankar Narasimhan,
Sharachchandra Bhat,
Sandeep P. Chinchali
Abstract:
Autonomous robots must utilize rich sensory data to make safe control decisions. To process this data, compute-constrained robots often require assistance from remote computation, or the cloud, that runs compute-intensive deep neural network perception or control models. However, this assistance comes at the cost of a time delay due to network latency, resulting in past observations being used in…
▽ More
Autonomous robots must utilize rich sensory data to make safe control decisions. To process this data, compute-constrained robots often require assistance from remote computation, or the cloud, that runs compute-intensive deep neural network perception or control models. However, this assistance comes at the cost of a time delay due to network latency, resulting in past observations being used in the cloud to compute the control commands for the present robot state. Such communication delays could potentially lead to the violation of essential safety properties, such as collision avoidance. This paper develops methods to ensure the safety of robots operated over communication networks with stochastic latency. To do so, we use tools from formal verification to construct a shield, i.e., a run-time monitor, that provides a list of safe actions for any delayed sensory observation, given the expected and maximum network latency. Our shield is minimally intrusive and enables networked robots to satisfy key safety constraints, expressed as temporal logic specifications, with desired probability. We demonstrate our approach on a real F1/10th autonomous vehicle that navigates in indoor environments and transmits rich LiDAR sensory data over congested WiFi links.
△ Less
Submitted 3 December, 2024; v1 submitted 17 February, 2023;
originally announced February 2023.
-
Differentially Private Timeseries Forecasts for Networked Control
Authors:
Po-han Li,
Sandeep P. Chinchali,
Ufuk Topcu
Abstract:
We analyze a cost-minimization problem in which the controller relies on an imperfect timeseries forecast. Forecasting models generate imperfect forecasts because they use anonymization noise to protect input data privacy. However, this noise increases the control cost. We consider a scenario where the controller pays forecasting models incentives to reduce the noise and combines the forecasts int…
▽ More
We analyze a cost-minimization problem in which the controller relies on an imperfect timeseries forecast. Forecasting models generate imperfect forecasts because they use anonymization noise to protect input data privacy. However, this noise increases the control cost. We consider a scenario where the controller pays forecasting models incentives to reduce the noise and combines the forecasts into one. The controller then uses the forecast to make control decisions. Thus, forecasting models face a trade-off between accepting incentives and protecting privacy. We propose an approach to allocate economic incentives and minimize costs. We solve a biconvex optimization problem on linear quadratic regulators and compare our approach to a uniform incentive allocation scheme. The resulting solution reduces control costs by 2.5 and 2.7 times for the synthetic timeseries and the Uber demand forecast, respectively.
△ Less
Submitted 9 March, 2023; v1 submitted 1 October, 2022;
originally announced October 2022.
-
Adversarial Examples for Model-Based Control: A Sensitivity Analysis
Authors:
Po-han Li,
Ufuk Topcu,
Sandeep P. Chinchali
Abstract:
We propose a method to attack controllers that rely on external timeseries forecasts as task parameters. An adversary can manipulate the costs, states, and actions of the controllers by forging the timeseries, in this case perturbing the real timeseries. Since the controllers often encode safety requirements or energy limits in their costs and constraints, we refer to such manipulation as an adver…
▽ More
We propose a method to attack controllers that rely on external timeseries forecasts as task parameters. An adversary can manipulate the costs, states, and actions of the controllers by forging the timeseries, in this case perturbing the real timeseries. Since the controllers often encode safety requirements or energy limits in their costs and constraints, we refer to such manipulation as an adversarial attack. We show that different attacks on model-based controllers can increase control costs, activate constraints, or even make the control optimization problem infeasible. We use the linear quadratic regulator and convex model predictive controllers as examples of how adversarial attacks succeed and demonstrate the impact of adversarial attacks on a battery storage control task for power grid operators. As a result, our method increases control cost by $8500\%$ and energy constraints by $13\%$ on real electricity demand timeseries.
△ Less
Submitted 14 July, 2022;
originally announced July 2022.
