scholarly journals Adversarial Attack for Uncertainty Estimation: Identifying Critical Regions in Neural Networks

2021 ◽  
Author(s):  
Ismail Alarab ◽  
Simant Prakoonwit
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Model Uncertainty ◽  
Uncertainty Estimation ◽  
Decision Boundary ◽  
Uncertainty Estimates ◽  
Data Points ◽  
Novel Method ◽  
Adversarial Attack ◽  
Critical Regions

AbstractWe propose a novel method to capture data points near decision boundary in neural network that are often referred to a specific type of uncertainty. In our approach, we sought to perform uncertainty estimation based on the idea of adversarial attack method. In this paper, uncertainty estimates are derived from the input perturbations, unlike previous studies that provide perturbations on the model's parameters as in Bayesian approach. We are able to produce uncertainty with couple of perturbations on the inputs. Interestingly, we apply the proposed method to datasets derived from blockchain. We compare the performance of model uncertainty with the most recent uncertainty methods. We show that the proposed method has revealed a significant outperformance over other methods and provided less risk to capture model uncertainty in machine learning.

scholarly journals A Novel Method for Sea-Land Clutter Separation Using Regularized Randomized and Kernel Ridge Neural Networks

Sensors ◽  
2020 ◽  
Vol 20 (22) ◽  
pp. 6491
Author(s):  
Le Zhang ◽  
Jeyan Thiyagalingam ◽  
Anke Xue ◽  
Shuwen Xu
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Neural Networks ◽  
Classification Accuracy ◽  
Signal Amplitude ◽  
Statistical Characteristics ◽  
Support Vector ◽  
Amplitude Change ◽  
Novel Method

Classification of clutter, especially in the context of shore based radars, plays a crucial role in several applications. However, the task of distinguishing and classifying the sea clutter from land clutter has been historically performed using clutter models and/or coastal maps. In this paper, we propose two machine learning, particularly neural network, based approaches for sea-land clutter separation, namely the regularized randomized neural network (RRNN) and the kernel ridge regression neural network (KRR). We use a number of features, such as energy variation, discrete signal amplitude change frequency, autocorrelation performance, and other statistical characteristics of the respective clutter distributions, to improve the performance of the classification. Our evaluation based on a unique mixed dataset, which is comprised of partially synthetic clutter data for land and real clutter data from sea, offers improved classification accuracy. More specifically, the RRNN and KRR methods offer 98.50% and 98.75% accuracy, outperforming the conventional support vector machine and extreme learning based solutions.

scholarly journals Interpretation of Neural Networks Is Fragile

2019 ◽  
Vol 33 ◽  
pp. 3681-3688 ◽  
Author(s):  
Amirata Ghorbani ◽  
Abubakar Abid ◽  
James Zou
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Neural Networks ◽  
Input Data ◽  
Learning Algorithm ◽  
Hessian Matrix ◽  
Machine Learning Algorithm ◽  
Feature Importance ◽  
Adversarial Attack ◽  
Measurement Biases

In order for machine learning to be trusted in many applications, it is critical to be able to reliably explain why the machine learning algorithm makes certain predictions. For this reason, a variety of methods have been developed recently to interpret neural network predictions by providing, for example, feature importance maps. For both scientific robustness and security reasons, it is important to know to what extent can the interpretations be altered by small systematic perturbations to the input data, which might be generated by adversaries or by measurement biases. In this paper, we demonstrate how to generate adversarial perturbations that produce perceptively indistinguishable inputs that are assigned the same predicted label, yet have very different interpretations. We systematically characterize the robustness of interpretations generated by several widely-used feature importance interpretation methods (feature importance maps, integrated gradients, and DeepLIFT) on ImageNet and CIFAR-10. In all cases, our experiments show that systematic perturbations can lead to dramatically different interpretations without changing the label. We extend these results to show that interpretations based on exemplars (e.g. influence functions) are similarly susceptible to adversarial attack. Our analysis of the geometry of the Hessian matrix gives insight on why robustness is a general challenge to current interpretation approaches.

scholarly journals A NOVEL METHOD FOR PROTECTIVE FACE MASK DETECTION USING CONVOLUTIONAL NEURAL NETWORKS AND IMAGE HISTOGRAMS

2021 ◽  
Vol XLIV-2/W1-2021 ◽  
pp. 177-182
Author(s):  
E. Ryumina ◽  
D. Ryumin ◽  
D. Ivanko ◽  
A. Karpov
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Hybrid Method ◽  
Face Mask ◽  
Corpus Analysis ◽  
Visual Features ◽  
Pixel Intensity ◽  
Novel Method ◽  
Protective Mask ◽  
Detection And Recognition

Abstract. This paper proposes a new hybrid method for automatic detection and recognition of the presence/absence of a protective mask on human's face. It combines visual features extracted using Convolutional Neural Network (CNN) with image histograms that convey information about pixel intensity. Several pre-trained models for building feature extraction systems using a CNN and several types of image histograms are considered in this paper. We test our approach on the Medical Mask Dataset and perform cross-corpus analysis on two other databases named Masked Faces (MAFA) and Real-World Masked Face Dataset (RMFD). We demonstrate that the proposed hybrid method increases the Unweighted Average Recalls (UARs) of recognition of the presence/absence of a protective mask on human's face in comparison with traditional CNNs on the MAFA and RMFD databases by 0.96% and 1.32%, respectively. The proposed method can be generalized and used for other tasks of biometry, computer vision, machine learning and automatic face recognition.

scholarly journals Suspicion-Free Adversarial Attacks on Clustering Algorithms

2020 ◽  
Vol 34 (04) ◽  
pp. 3625-3632
Author(s):  
Anshuman Chhabra ◽  
Abhishek Roy ◽  
Prasant Mohapatra
Keyword(s):  
Machine Learning ◽  
Supervised Learning ◽  
Clustering Algorithms ◽  
Black Box ◽  
Single Sample ◽  
Decision Boundary ◽  
Empirical Results ◽  
Adversarial Attack ◽  
Modern Machine

Clustering algorithms are used in a large number of applications and play an important role in modern machine learning– yet, adversarial attacks on clustering algorithms seem to be broadly overlooked unlike supervised learning. In this paper, we seek to bridge this gap by proposing a black-box adversarial attack for clustering models for linearly separable clusters. Our attack works by perturbing a single sample close to the decision boundary, which leads to the misclustering of multiple unperturbed samples, named spill-over adversarial samples. We theoretically show the existence of such adversarial samples for the K-Means clustering. Our attack is especially strong as (1) we ensure the perturbed sample is not an outlier, hence not detectable, and (2) the exact metric used for clustering is not known to the attacker. We theoretically justify that the attack can indeed be successful without the knowledge of the true metric. We conclude by providing empirical results on a number of datasets, and clustering algorithms. To the best of our knowledge, this is the first work that generates spill-over adversarial samples without the knowledge of the true metric ensuring that the perturbed sample is not an outlier, and theoretically proves the above.

scholarly journals Real-Time Adversarial Attacks

2019 ◽  
Author(s):  
Yuan Gong ◽  
Boyang Li ◽  
Christian Poellabauer ◽  
Yiyu Shi
Keyword(s):  
Machine Learning ◽  
Real Time ◽  
Machine Learning Algorithms ◽  
Original Sample ◽  
Target Model ◽  
Data Points ◽  
Past Data ◽  
Adversarial Attack ◽  
Modern Machine ◽  
Machine Learning Models

In recent years, many efforts have demonstrated that modern machine learning algorithms are vulnerable to adversarial attacks, where small, but carefully crafted, perturbations on the input can make them fail. While these attack methods are very effective, they only focus on scenarios where the target model takes static input, i.e., an attacker can observe the entire original sample and then add a perturbation at any point of the sample. These attack approaches are not applicable to situations where the target model takes streaming input, i.e., an attacker is only able to observe past data points and add perturbations to the remaining (unobserved) data points of the input. In this paper, we propose a real-time adversarial attack scheme for machine learning models with streaming inputs.

scholarly journals Calibrated Uncertainty for Molecular Property Prediction using Ensembles of Message Passing Neural Networks

2021 ◽  
Author(s):  
Jonas Busk ◽  
Peter Bjørn Jørgensen ◽  
Arghya Bhowmik ◽  
Mikkel N. Schmidt ◽  
Ole Winther ◽  
...  
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Message Passing ◽  
Epistemic Uncertainty ◽  
Computer Experiments ◽  
Predictive Distribution ◽  
Training Data ◽  
Unified Framework ◽  
Unseen Data ◽  
Uncertainty Estimates

Abstract Data-driven methods based on machine learning have the potential to accelerate computational analysis of atomic structures. In this context, reliable uncertainty estimates are important for assessing confidence in predictions and enabling decision making. However, machine learning models can produce badly calibrated uncertainty estimates and it is therefore crucial to detect and handle uncertainty carefully. In this work we extend a message passing neural network designed specifically for predicting properties of molecules and materials with a calibrated probabilistic predictive distribution. The method presented in this paper differs from previous work by considering both aleatoric and epistemic uncertainty in a unified framework, and by recalibrating the predictive distribution on unseen data. Through computer experiments, we show that our approach results in accurate models for predicting molecular formation energies with well calibrated uncertainty in and out of the training data distribution on two public molecular benchmark datasets, QM9 and PC9. The proposed method provides a general framework for training and evaluating neural network ensemble models that are able to produce accurate predictions of properties of molecules with well calibrated uncertainty estimates.

scholarly journals Forecasting number of vulnerabilities using long short-term neural memory network

2021 ◽  
Vol 11 (5) ◽  
pp. 4381
Author(s):  
Mohammad Shamsul Hoque ◽  
Norziana Jamil ◽  
Nowshad Amin ◽  
Azril Azam Abdul Rahim ◽  
Razali B. Jidin
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Time Series ◽  
Short Term Memory ◽  
Short Term ◽  
Term Memory ◽  
Data Points ◽  
Memory Network ◽  
Past Data ◽  
Long Short Term Memory

Cyber-attacks are launched through the exploitation of some existing vulnerabilities in the software, hardware, system and/or network. Machine learning algorithms can be used to forecast the number of post release vulnerabilities. Traditional neural networks work like a black box approach; hence it is unclear how reasoning is used in utilizing past data points in inferring the subsequent data points. However, the long short-term memory network (LSTM), a variant of the recurrent neural network, is able to address this limitation by introducing a lot of loops in its network to retain and utilize past data points for future calculations. Moving on from the previous finding, we further enhance the results to predict the number of vulnerabilities by developing a time series-based sequential model using a long short-term memory neural network. Specifically, this study developed a supervised machine learning based on the non-linear sequential time series forecasting model with a long short-term memory neural network to predict the number of vulnerabilities for three vendors having the highest number of vulnerabilities published in the national vulnerability database (NVD), namely microsoft, IBM and oracle. Our proposed model outperforms the existing models with a prediction result root mean squared error (RMSE) of as low as 0.072.

Exchange Spin Coupling from Gaussian Process Regression

2020 ◽  
Author(s):  
Marc Philipp Bahlke ◽  
Natnael Mogos ◽  
Jonny Proppe ◽  
Carmen Herrmann
Keyword(s):  
Machine Learning ◽  
Gaussian Process ◽  
Gaussian Process Regression ◽  
Molecular Magnets ◽  
Molecular Structures ◽  
Spin Coupling ◽  
Structure Property ◽  
Data Set ◽  
Uncertainty Estimates

Heisenberg exchange spin coupling between metal centers is essential for describing and understanding the electronic structure of many molecular catalysts, metalloenzymes, and molecular magnets for potential application in information technology. We explore the machine-learnability of exchange spin coupling, which has not been studied yet. We employ Gaussian process regression since it can potentially deal with small training sets (as likely associated with the rather complex molecular structures required for exploring spin coupling) and since it provides uncertainty estimates (“error bars”) along with predicted values. We compare a range of descriptors and kernels for 257 small dicopper complexes and find that a simple descriptor based on chemical intuition, consisting only of copper-bridge angles and copper-copper distances, clearly outperforms several more sophisticated descriptors when it comes to extrapolating towards larger experimentally relevant complexes. Exchange spin coupling is similarly easy to learn as the polarizability, while learning dipole moments is much harder. The strength of the sophisticated descriptors lies in their ability to linearize structure-property relationships, to the point that a simple linear ridge regression performs just as well as the kernel-based machine-learning model for our small dicopper data set. The superior extrapolation performance of the simple descriptor is unique to exchange spin coupling, reinforcing the crucial role of choosing a suitable descriptor, and highlighting the interesting question of the role of chemical intuition vs. systematic or automated selection of features for machine learning in chemistry and material science.

Sign in / Sign up

Export Citation Format

Share Document