scholarly journals Dynamic Network Pruning with Interpretable Layerwise Channel Selection

2020 ◽  
Vol 34 (04) ◽  
pp. 6299-6306
Author(s):  
Yulong Wang ◽  
Xiaolu Zhang ◽  
Xiaolin Hu ◽  
Bo Zhang ◽  
Hang Su
Keyword(s):  
Prediction Accuracy ◽  
State Of The Art ◽  
Dynamic Network ◽  
Detection Algorithm ◽  
Network Pruning ◽  
Robust Model ◽  
Adversarial Examples ◽  
Adversarial Example ◽  
Decision Paths ◽  
Pruning Methods

Dynamic network pruning achieves runtime acceleration by dynamically determining the inference paths based on different inputs. However, previous methods directly generate continuous decision values for each weight channel, which cannot reflect a clear and interpretable pruning process. In this paper, we propose to explicitly model the discrete weight channel selections, which encourages more diverse weights utilization, and achieves more sparse runtime inference paths. Meanwhile, with the help of interpretable layerwise channel selections in the dynamic network, we can visualize the network decision paths explicitly for model interpretability. We observe that there are clear differences in the layerwise decisions between normal and adversarial examples. Therefore, we propose a novel adversarial example detection algorithm by discriminating the runtime decision features. Experiments show that our dynamic network achieves higher prediction accuracy under the similar computing budgets on CIFAR10 and ImageNet datasets compared to traditional static pruning methods and other dynamic pruning approaches. The proposed adversarial detection algorithm can significantly improve the state-of-the-art detection rate across multiple attacks, which provides an opportunity to build an interpretable and robust model.

scholarly journals Deepfake-Image Anti-Forensics with Adversarial Examples Attacks

2021 ◽  
Vol 13 (11) ◽  
pp. 288
Author(s):  
Li Fan ◽  
Wei Li ◽  
Xiaohui Cui
Keyword(s):  
State Of The Art ◽  
Poisson Noise ◽  
Future Research ◽  
Detection Accuracy ◽  
Generalization Performance ◽  
Image Forensic ◽  
Adversarial Examples ◽  
Adversarial Example ◽  
The Impact

Many deepfake-image forensic detectors have been proposed and improved due to the development of synthetic techniques. However, recent studies show that most of these detectors are not immune to adversarial example attacks. Therefore, understanding the impact of adversarial examples on their performance is an important step towards improving deepfake-image detectors. This study developed an anti-forensics case study of two popular general deepfake detectors based on their accuracy and generalization. Herein, we propose the Poisson noise DeepFool (PNDF), an improved iterative adversarial examples generation method. This method can simply and effectively attack forensics detectors by adding perturbations to images in different directions. Our attacks can reduce its AUC from 0.9999 to 0.0331, and the detection accuracy of deepfake images from 0.9997 to 0.0731. Compared with state-of-the-art studies, our work provides an important defense direction for future research on deepfake-image detectors, by focusing on the generalization performance of detectors and their resistance to adversarial example attacks.

scholarly journals Joint Character-Level Word Embedding and Adversarial Stability Training to Defend Adversarial Text

2020 ◽  
Vol 34 (05) ◽  
pp. 8384-8391
Author(s):  
Hui Liu ◽  
Yongzheng Zhang ◽  
Yipeng Wang ◽  
Zheng Lin ◽  
Yige Chen
Keyword(s):  
Language Processing ◽  
Text Classification ◽  
State Of The Art ◽  
Word Embedding ◽  
Data Sets ◽  
Basic Task ◽  
Gradient Based ◽  
Adversarial Examples ◽  
Stability Training ◽  
Adversarial Example

Text classification is a basic task in natural language processing, but the small character perturbations in words can greatly decrease the effectiveness of text classification models, which is called character-level adversarial example attack. There are two main challenges in character-level adversarial examples defense, which are out-of-vocabulary words in word embedding model and the distribution difference between training and inference. Both of these two challenges make the character-level adversarial examples difficult to defend. In this paper, we propose a framework which jointly uses the character embedding and the adversarial stability training to overcome these two challenges. Our experimental results on five text classification data sets show that the models based on our framework can effectively defend character-level adversarial examples, and our models can defend 93.19% gradient-based adversarial examples and 94.83% natural adversarial examples, which outperforms the state-of-the-art defense models.

scholarly journals Robust Audio Adversarial Example for a Physical Attack

2019 ◽  
Author(s):  
Hiromu Yakura ◽  
Jun Sakuma
Keyword(s):  
Speech Recognition ◽  
Process Evaluation ◽  
State Of The Art ◽  
Physical World ◽  
Generation Process ◽  
Recognition Model ◽  
Physical Attack ◽  
Adversarial Examples ◽  
Adversarial Example ◽  
Listening Experiment

We propose a method to generate audio adversarial examples that can attack a state-of-the-art speech recognition model in the physical world. Previous work assumes that generated adversarial examples are directly fed to the recognition model, and is not able to perform such a physical attack because of reverberation and noise from playback environments. In contrast, our method obtains robust adversarial examples by simulating transformations caused by playback or recording in the physical world and incorporating the transformations into the generation process. Evaluation and a listening experiment demonstrated that our adversarial examples are able to attack without being noticed by humans. This result suggests that audio adversarial examples generated by the proposed method may become a real threat.

scholarly journals Curriculum Adversarial Training

2018 ◽  
Author(s):  
Qi-Zhi Cai ◽  
Chang Liu ◽  
Dawn Song
Keyword(s):  
Deep Learning ◽  
State Of The Art ◽  
The State ◽  
Complex Task ◽  
Worst Case ◽  
Large Margin ◽  
Robust Model ◽  
Wide Range ◽  
Adversarial Examples ◽  
Adversarial Training

Recently, deep learning has been applied to many security-sensitive applications, such as facial authentication. The existence of adversarial examples hinders such applications. The state-of-the-art result on defense shows that adversarial training can be applied to train a robust model on MNIST against adversarial examples; but it fails to achieve a high empirical worst-case accuracy on a more complex task, such as CIFAR-10 and SVHN. In our work, we propose curriculum adversarial training (CAT) to resolve this issue. The basic idea is to develop a curriculum of adversarial examples generated by attacks with a wide range of strengths. With two techniques to mitigate the catastrophic forgetting and the generalization issues, we demonstrate that CAT can improve the prior art's empirical worst-case accuracy by a large margin of 25% on CIFAR-10 and 35% on SVHN. At the same, the model's performance on non-adversarial inputs is comparable to the state-of-the-art models.

scholarly journals Weighted-Sampling Audio Adversarial Example Attack

2020 ◽  
Vol 34 (04) ◽  
pp. 4908-4915 ◽  
Author(s):  
Xiaolei Liu ◽  
Kun Wan ◽  
Yufei Ding ◽  
Xiaosong Zhang ◽  
Qingxin Zhu
Keyword(s):  
Automatic Speech Recognition ◽  
Loss Function ◽  
State Of The Art ◽  
Low Noise ◽  
Denoising Method ◽  
Adversarial Examples ◽  
Adversarial Attack ◽  
Recognition Systems ◽  
Level 1 ◽  
Adversarial Example

Recent studies have highlighted audio adversarial examples as a ubiquitous threat to state-of-the-art automatic speech recognition systems. Thorough studies on how to effectively generate adversarial examples are essential to prevent potential attacks. Despite many research on this, the efficiency and the robustness of existing works are not yet satisfactory. In this paper, we propose weighted-sampling audio adversarial examples, focusing on the numbers and the weights of distortion to reinforce the attack. Further, we apply a denoising method in the loss function to make the adversarial attack more imperceptible. Experiments show that our method is the first in the field to generate audio adversarial examples with low noise and high audio robustness at the minute time-consuming level 1.

scholarly journals Robust CNN Compression Framework for Security-Sensitive Embedded Systems

2021 ◽  
Vol 11 (3) ◽  
pp. 1093
Author(s):  
Jeonghyun Lee ◽  
Sangkyun Lee
Keyword(s):  
Embedded Systems ◽  
Optimization Problem ◽  
State Of The Art ◽  
Classification Problems ◽  
Proximal Gradient Method ◽  
Knowledge Distillation ◽  
New Type ◽  
Adversarial Examples ◽  
Adversarial Training ◽  
Memory Efficient

Convolutional neural networks (CNNs) have achieved tremendous success in solving complex classification problems. Motivated by this success, there have been proposed various compression methods for downsizing the CNNs to deploy them on resource-constrained embedded systems. However, a new type of vulnerability of compressed CNNs known as the adversarial examples has been discovered recently, which is critical for security-sensitive systems because the adversarial examples can cause malfunction of CNNs and can be crafted easily in many cases. In this paper, we proposed a compression framework to produce compressed CNNs robust against such adversarial examples. To achieve the goal, our framework uses both pruning and knowledge distillation with adversarial training. We formulate our framework as an optimization problem and provide a solution algorithm based on the proximal gradient method, which is more memory-efficient than the popular ADMM-based compression approaches. In experiments, we show that our framework can improve the trade-off between adversarial robustness and compression rate compared to the existing state-of-the-art adversarial pruning approach.

scholarly journals Machine Learning Techniques to Predict Soybean Plant Density Using UAV and Satellite-Based Remote Sensing

2021 ◽  
Vol 13 (13) ◽  
pp. 2548
Author(s):  
Luthfan Nur Habibi ◽  
Tomoya Watanabe ◽  
Tsutomu Matsui ◽  
Takashi S. T. Tanaka
Keyword(s):  
Spatial Variability ◽  
Prediction Accuracy ◽  
Regression Models ◽  
Plant Density ◽  
Density Measurement ◽  
Critical Factor ◽  
Detection Algorithm ◽  
Machine Learning Techniques ◽  
Soybean Plant ◽  
Climate Data

The plant density of soybean is a critical factor affecting plant canopy structure and yield. Predicting the spatial variability of plant density would be valuable for improving agronomic practices. The objective of this study was to develop a model for plant density measurement using several data sets with different spatial resolutions, including unmanned aerial vehicle (UAV) imagery, PlanetScope satellite imagery, and climate data. The model establishment process includes (1) performing the high-throughput measurement of actual plant density from UAV imagery with the You Only Look Once version 3 (YOLOv3) object detection algorithm, which was further treated as a response variable of the estimation models in the next step, and (2) developing regression models to estimate plant density in the extended areas using various combinations of predictors derived from PlanetScope imagery and climate data. Our results showed that the YOLOv3 model can accurately measure actual soybean plant density from UAV imagery data with a root mean square error (RMSE) value of 0.96 plants m−2. Furthermore, the two regression models, partial least squares and random forest (RF), successfully expanded the plant density prediction areas with RMSE values ranging from 1.78 to 3.67 plant m−2. Model improvement was conducted using the variable importance feature in RF, which improved prediction accuracy with an RMSE value of 1.72 plant m−2. These results demonstrated that the established model had an acceptable prediction accuracy for estimating plant density. Although the model could not often evaluate the within-field spatial variability of soybean plant density, the predicted values were sufficient for informing the field-specific status.

scholarly journals Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT

2021 ◽  
Vol 1 (2) ◽  
pp. 252-273
Author(s):  
Pavlos Papadopoulos ◽  
Oliver Thornewill von Essen ◽  
Nikolaos Pitropakis ◽  
Christos Chrysoulas ◽  
Alexios Mylonas ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Learning Models ◽  
Detection Systems ◽  
Network Intrusion ◽  
Robust Model ◽  
Significant Probability ◽  
Adversarial Examples ◽  
Attack Surface

As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models’ robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability.

A robust framework for shoulder implant X-ray image classification

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Minh Thanh Vo ◽  
Anh H. Vo ◽  
Tuong Le
Keyword(s):  
Image Classification ◽  
Performance Metrics ◽  
State Of The Art ◽  
Area Under The Curve ◽  
Predictive Performance ◽  
Extraction Process ◽  
Content Type ◽  
X Ray ◽  
Robust Model ◽  
Input Dataset

PurposeMedical images are increasingly popular; therefore, the analysis of these images based on deep learning helps diagnose diseases become more and more essential and necessary. Recently, the shoulder implant X-ray image classification (SIXIC) dataset that includes X-ray images of implanted shoulder prostheses produced by four manufacturers was released. The implant's model detection helps to select the correct equipment and procedures in the upcoming surgery.Design/methodology/approachThis study proposes a robust model named X-Net to improve the predictability for shoulder implants X-ray image classification in the SIXIC dataset. The X-Net model utilizes the Squeeze and Excitation (SE) block integrated into Residual Network (ResNet) module. The SE module aims to weigh each feature map extracted from ResNet, which aids in improving the performance. The feature extraction process of X-Net model is performed by both modules: ResNet and SE modules. The final feature is obtained by incorporating the extracted features from the above steps, which brings more important characteristics of X-ray images in the input dataset. Next, X-Net uses this fine-grained feature to classify the input images into four classes (Cofield, Depuy, Zimmer and Tornier) in the SIXIC dataset.FindingsExperiments are conducted to show the proposed approach's effectiveness compared with other state-of-the-art methods for SIXIC. The experimental results indicate that the approach outperforms the various experimental methods in terms of several performance metrics. In addition, the proposed approach provides the new state of the art results in all performance metrics, such as accuracy, precision, recall, F1-score and area under the curve (AUC), for the experimental dataset.Originality/valueThe proposed method with high predictive performance can be used to assist in the treatment of injured shoulder joints.

scholarly journals Improving Lidar Windshear Detection Efficiency by Removal of “Gentle Ramps”

Atmosphere ◽  
2021 ◽  
Vol 12 (11) ◽  
pp. 1539
Author(s):  
Kai Kwong Hon ◽  
Pak Wai Chan
Keyword(s):  
Detection Efficiency ◽  
State Of The Art ◽  
Detection Algorithm ◽  
Doppler Lidar ◽  
Hit Rate ◽  
Glide Path ◽  
The World ◽  
Alerting System ◽  
The Difference ◽  
Hong Kong International Airport

The Doppler Lidar windshear alerting system at the Hong Kong International Airport (HKIA), the first of its kind in the world, has been in operation since 2006. This paper reports on an enhancement to the automatic windshear detection algorithm at HKIA, which aims at filtering out alerts associated with smoother headwind changes spread over longer distances along the aircraft glide path (called “gentle ramps”) which may nonetheless exceed the well-established alerting threshold. Real-time statistics are examined over a 46-month study period between March 2016 and December 2019, covering a total of 2,017,440 min and over 1500 quality-controlled pilot reports of windshear (PIREP). The “gentle ramp removal” (GRR) function is able to effectively cut down the alert duration over the 5 major runway corridors, inclusive of both landing and take-off, which together account for over 98% of the PIREP received at HKIA during the study period. In all 5 runway corridors this is achieved with a proportionately smaller decrease—even with no changes in 2 cases—in the hit rate, highlighting the efficiency of the GRR function. The difference in statistical behaviour across the runway corridors also echo literature findings about the differences in length scale of wind disturbances at different locations within HKIA. This study serves as a unique documentation of the state-of-the-art in operational Lidar windshear detection and can provide useful reference to airports and aviation meteorologists around the world.

Sign in / Sign up

Export Citation Format

Share Document