-
Personalized Privacy Protection Mask Against Unauthorized Facial Recognition
Authors:
Ka-Ho Chow,
Sihao Hu,
Tiansheng Huang,
Ling Liu
Abstract:
Face recognition (FR) can be abused for privacy intrusion. Governments, private companies, or even individual attackers can collect facial images by web scraping to build an FR system identifying human faces without their consent. This paper introduces Chameleon, which learns to generate a user-centric personalized privacy protection mask, coined as P3-Mask, to protect facial images against unauth…
▽ More
Face recognition (FR) can be abused for privacy intrusion. Governments, private companies, or even individual attackers can collect facial images by web scraping to build an FR system identifying human faces without their consent. This paper introduces Chameleon, which learns to generate a user-centric personalized privacy protection mask, coined as P3-Mask, to protect facial images against unauthorized FR with three salient features. First, we use a cross-image optimization to generate one P3-Mask for each user instead of tailoring facial perturbation for each facial image of a user. It enables efficient and instant protection even for users with limited computing resources. Second, we incorporate a perceptibility optimization to preserve the visual quality of the protected facial images. Third, we strengthen the robustness of P3-Mask against unknown FR models by integrating focal diversity-optimized ensemble learning into the mask generation process. Extensive experiments on two benchmark datasets show that Chameleon outperforms three state-of-the-art methods with instant protection and minimal degradation of image quality. Furthermore, Chameleon enables cost-effective FR authorization using the P3-Mask as a personalized de-obfuscation key, and it demonstrates high resilience against adaptive adversaries.
△ Less
Submitted 18 July, 2024;
originally announced July 2024.
-
On the Robustness of Graph Reduction Against GNN Backdoor
Authors:
Yuxuan Zhu,
Michael Mandulak,
Kerui Wu,
George Slota,
Yuseok Jeon,
Ka-Ho Chow,
Lei Yu
Abstract:
Graph Neural Networks (GNNs) are gaining popularity across various domains due to their effectiveness in learning graph-structured data. Nevertheless, they have been shown to be susceptible to backdoor poisoning attacks, which pose serious threats to real-world applications. Meanwhile, graph reduction techniques, including coarsening and sparsification, which have long been employed to improve the…
▽ More
Graph Neural Networks (GNNs) are gaining popularity across various domains due to their effectiveness in learning graph-structured data. Nevertheless, they have been shown to be susceptible to backdoor poisoning attacks, which pose serious threats to real-world applications. Meanwhile, graph reduction techniques, including coarsening and sparsification, which have long been employed to improve the scalability of large graph computational tasks, have recently emerged as effective methods for accelerating GNN training on large-scale graphs. However, the current development and deployment of graph reduction techniques for large graphs overlook the potential risks of data poisoning attacks against GNNs. It is not yet clear how graph reduction interacts with existing backdoor attacks. This paper conducts a thorough examination of the robustness of graph reduction methods in scalable GNN training in the presence of state-of-the-art backdoor attacks. We performed a comprehensive robustness analysis across six coarsening methods and six sparsification methods for graph reduction, under three GNN backdoor attacks against three GNN architectures. Our findings indicate that the effectiveness of graph reduction methods in mitigating attack success rates varies significantly, with some methods even exacerbating the attacks. Through detailed analyses of triggers and poisoned nodes, we interpret our findings and enhance our understanding of how graph reduction influences robustness against backdoor attacks. These results highlight the critical need for incorporating robustness considerations in graph reduction for GNN training, ensuring that enhancements in computational efficiency do not compromise the security of GNN systems.
△ Less
Submitted 8 July, 2024; v1 submitted 2 July, 2024;
originally announced July 2024.
-
Visualizing the Shadows: Unveiling Data Poisoning Behaviors in Federated Learning
Authors:
Xueqing Zhang,
Junkai Zhang,
Ka-Ho Chow,
Juntao Chen,
Ying Mao,
Mohamed Rahouti,
Xiang Li,
Yuchen Liu,
Wenqi Wei
Abstract:
This demo paper examines the susceptibility of Federated Learning (FL) systems to targeted data poisoning attacks, presenting a novel system for visualizing and mitigating such threats. We simulate targeted data poisoning attacks via label flipping and analyze the impact on model performance, employing a five-component system that includes Simulation and Data Generation, Data Collection and Upload…
▽ More
This demo paper examines the susceptibility of Federated Learning (FL) systems to targeted data poisoning attacks, presenting a novel system for visualizing and mitigating such threats. We simulate targeted data poisoning attacks via label flipping and analyze the impact on model performance, employing a five-component system that includes Simulation and Data Generation, Data Collection and Upload, User-friendly Interface, Analysis and Insight, and Advisory System. Observations from three demo modules: label manipulation, attack timing, and malicious attack availability, and two analysis components: utility and analytical behavior of local model updates highlight the risks to system integrity and offer insight into the resilience of FL systems. The demo is available at https://github.com/CathyXueqingZhang/DataPoisoningVis.
△ Less
Submitted 26 May, 2024;
originally announced May 2024.
-
Parametrically-controlled microwave-photonic interface for the fluxonium
Authors:
Ke Nie,
Aayam Bista,
Kaicheung Chow,
Wolfgang Pfaff,
Angela Kou
Abstract:
Converting quantum information from stationary qubits to traveling photons enables both fast qubit initialization and efficient generation of flying qubits for redistribution of quantum information. This conversion can be performed using cavity sideband transitions. In the fluxonium, however, direct cavity sideband transitions are forbidden due to parity symmetry. Here we circumvent this parity se…
▽ More
Converting quantum information from stationary qubits to traveling photons enables both fast qubit initialization and efficient generation of flying qubits for redistribution of quantum information. This conversion can be performed using cavity sideband transitions. In the fluxonium, however, direct cavity sideband transitions are forbidden due to parity symmetry. Here we circumvent this parity selection rule by using a three-wave mixing element to couple the fluxonium to a resonator. We experimentally demonstrate a scheme for interfacing the fluxonium with traveling photons through microwave-induced parametric conversion. We perform fast reset on the fluxonium qubit, initializing it with > 95% ground state population. We then implement controlled release and temporal shaping of a flying photon, useful for quantum state transfer and remote entanglement. The simplicity and flexibility of our demonstrated scheme enables fluxonium-based remote entanglement architectures.
△ Less
Submitted 20 April, 2024; v1 submitted 17 April, 2024;
originally announced April 2024.
-
On the Efficiency of Privacy Attacks in Federated Learning
Authors:
Nawrin Tabassum,
Ka-Ho Chow,
Xuyu Wang,
Wenbin Zhang,
Yanzhao Wu
Abstract:
Recent studies have revealed severe privacy risks in federated learning, represented by Gradient Leakage Attacks. However, existing studies mainly aim at increasing the privacy attack success rate and overlook the high computation costs for recovering private data, making the privacy attack impractical in real applications. In this study, we examine privacy attacks from the perspective of efficien…
▽ More
Recent studies have revealed severe privacy risks in federated learning, represented by Gradient Leakage Attacks. However, existing studies mainly aim at increasing the privacy attack success rate and overlook the high computation costs for recovering private data, making the privacy attack impractical in real applications. In this study, we examine privacy attacks from the perspective of efficiency and propose a framework for improving the Efficiency of Privacy Attacks in Federated Learning (EPAFL). We make three novel contributions. First, we systematically evaluate the computational costs for representative privacy attacks in federated learning, which exhibits a high potential to optimize efficiency. Second, we propose three early-stopping techniques to effectively reduce the computational costs of these privacy attacks. Third, we perform experiments on benchmark datasets and show that our proposed method can significantly reduce computational costs and maintain comparable attack success rates for state-of-the-art privacy attacks in federated learning. We provide the codes on GitHub at https://github.com/mlsysx/EPAFL.
△ Less
Submitted 14 April, 2024;
originally announced April 2024.
-
Robust Few-Shot Ensemble Learning with Focal Diversity-Based Pruning
Authors:
Selim Furkan Tekin,
Fatih Ilhan,
Tiansheng Huang,
Sihao Hu,
Ka-Ho Chow,
Margaret L. Loper,
Ling Liu
Abstract:
This paper presents FusionShot, a focal diversity optimized few-shot ensemble learning approach for boosting the robustness and generalization performance of pre-trained few-shot models. The paper makes three original contributions. First, we explore the unique characteristics of few-shot learning to ensemble multiple few-shot (FS) models by creating three alternative fusion channels. Second, we i…
▽ More
This paper presents FusionShot, a focal diversity optimized few-shot ensemble learning approach for boosting the robustness and generalization performance of pre-trained few-shot models. The paper makes three original contributions. First, we explore the unique characteristics of few-shot learning to ensemble multiple few-shot (FS) models by creating three alternative fusion channels. Second, we introduce the concept of focal error diversity to learn the most efficient ensemble teaming strategy, rather than assuming that an ensemble of a larger number of base models will outperform those sub-ensembles of smaller size. We develop a focal-diversity ensemble pruning method to effectively prune out the candidate ensembles with low ensemble error diversity and recommend top-$K$ FS ensembles with the highest focal error diversity. Finally, we capture the complex non-linear patterns of ensemble few-shot predictions by designing the learn-to-combine algorithm, which can learn the diverse weight assignments for robust ensemble fusion over different member models. Extensive experiments on representative few-shot benchmarks show that the top-K ensembles recommended by FusionShot can outperform the representative SOTA few-shot models on novel tasks (different distributions and unknown at training), and can prevail over existing few-shot learners in both cross-domain settings and adversarial settings. For reproducibility purposes, FusionShot trained models, results, and code are made available at https://github.com/sftekin/fusionshot
△ Less
Submitted 5 April, 2024;
originally announced April 2024.
-
A Survey of Privacy Threats and Defense in Vertical Federated Learning: From Model Life Cycle Perspective
Authors:
Lei Yu,
Meng Han,
Yiming Li,
Changting Lin,
Yao Zhang,
Mingyang Zhang,
Yan Liu,
Haiqin Weng,
Yuseok Jeon,
Ka-Ho Chow,
Stacy Patterson
Abstract:
Vertical Federated Learning (VFL) is a federated learning paradigm where multiple participants, who share the same set of samples but hold different features, jointly train machine learning models. Although VFL enables collaborative machine learning without sharing raw data, it is still susceptible to various privacy threats. In this paper, we conduct the first comprehensive survey of the state-of…
▽ More
Vertical Federated Learning (VFL) is a federated learning paradigm where multiple participants, who share the same set of samples but hold different features, jointly train machine learning models. Although VFL enables collaborative machine learning without sharing raw data, it is still susceptible to various privacy threats. In this paper, we conduct the first comprehensive survey of the state-of-the-art in privacy attacks and defenses in VFL. We provide taxonomies for both attacks and defenses, based on their characterizations, and discuss open challenges and future research directions. Specifically, our discussion is structured around the model's life cycle, by delving into the privacy threats encountered during different stages of machine learning and their corresponding countermeasures. This survey not only serves as a resource for the research community but also offers clear guidance and actionable insights for practitioners to safeguard data privacy throughout the model's life cycle.
△ Less
Submitted 5 February, 2024;
originally announced February 2024.
-
Guidelines in Wastewater-based Epidemiology of SARS-CoV-2 with Diagnosis
Authors:
Madiha Fatima,
Zhihua Cao,
Aichun Huang,
Shengyuan Wu,
Xinxian Fan,
Yi Wang,
Liu Jiren,
Ziyun Zhu,
Qiongrou Ye,
Yuan Ma,
Joseph K. F Chow,
Peng Jia,
Yangshou Liu,
Yubin Lin,
Manjun Ye,
Tong Wu,
Zhixun Li,
Cong Cai,
Wenhai Zhang,
Cheris H. Q. Ding,
Yuanzhe Cai,
Feijuan Huang
Abstract:
With the global spread and increasing transmission rate of SARS-CoV-2, more and more laboratories and researchers are turning their attention to wastewater-based epidemiology (WBE), hoping it can become an effective tool for large-scale testing and provide more ac-curate predictions of the number of infected individuals. Based on the cases of sewage sampling and testing in some regions such as Hon…
▽ More
With the global spread and increasing transmission rate of SARS-CoV-2, more and more laboratories and researchers are turning their attention to wastewater-based epidemiology (WBE), hoping it can become an effective tool for large-scale testing and provide more ac-curate predictions of the number of infected individuals. Based on the cases of sewage sampling and testing in some regions such as Hong Kong, Brazil, and the United States, the feasibility of detecting the novel coronavirus in sewage is extremely high. This study re-views domestic and international achievements in detecting SARS-CoV-2 through WBE and summarizes four aspects of COVID-19, including sampling methods, virus decay rate cal-culation, standardized population coverage of the watershed, algorithm prediction, and provides ideas for combining field modeling with epidemic prevention and control. Moreover, we highlighted some diagnostic techniques for detection of the virus from sew-age sample. Our review is a new approach in identification of the research gaps in waste water-based epidemiology and diagnosis and we also predict the future prospect of our analysis.
△ Less
Submitted 26 December, 2023;
originally announced January 2024.
-
Imperio: Language-Guided Backdoor Attacks for Arbitrary Model Control
Authors:
Ka-Ho Chow,
Wenqi Wei,
Lei Yu
Abstract:
Natural language processing (NLP) has received unprecedented attention. While advancements in NLP models have led to extensive research into their backdoor vulnerabilities, the potential for these advancements to introduce new backdoor threats remains unexplored. This paper proposes Imperio, which harnesses the language understanding capabilities of NLP models to enrich backdoor attacks. Imperio p…
▽ More
Natural language processing (NLP) has received unprecedented attention. While advancements in NLP models have led to extensive research into their backdoor vulnerabilities, the potential for these advancements to introduce new backdoor threats remains unexplored. This paper proposes Imperio, which harnesses the language understanding capabilities of NLP models to enrich backdoor attacks. Imperio provides a new model control experience. Demonstrated through controlling image classifiers, it empowers the adversary to manipulate the victim model with arbitrary output through language-guided instructions. This is achieved using a language model to fuel a conditional trigger generator, with optimizations designed to extend its language understanding capabilities to backdoor instruction interpretation and execution. Our experiments across three datasets, five attacks, and nine defenses confirm Imperio's effectiveness. It can produce contextually adaptive triggers from text descriptions and control the victim model with desired outputs, even in scenarios not encountered during training. The attack reaches a high success rate across complex datasets without compromising the accuracy of clean inputs and exhibits resilience against representative defenses.
△ Less
Submitted 15 March, 2024; v1 submitted 2 January, 2024;
originally announced January 2024.
-
Hierarchical Pruning of Deep Ensembles with Focal Diversity
Authors:
Yanzhao Wu,
Ka-Ho Chow,
Wenqi Wei,
Ling Liu
Abstract:
Deep neural network ensembles combine the wisdom of multiple deep neural networks to improve the generalizability and robustness over individual networks. It has gained increasing popularity to study deep ensemble techniques in the deep learning community. Some mission-critical applications utilize a large number of deep neural networks to form deep ensembles to achieve desired accuracy and resili…
▽ More
Deep neural network ensembles combine the wisdom of multiple deep neural networks to improve the generalizability and robustness over individual networks. It has gained increasing popularity to study deep ensemble techniques in the deep learning community. Some mission-critical applications utilize a large number of deep neural networks to form deep ensembles to achieve desired accuracy and resilience, which introduces high time and space costs for ensemble execution. However, it still remains a critical challenge whether a small subset of the entire deep ensemble can achieve the same or better generalizability and how to effectively identify these small deep ensembles for improving the space and time efficiency of ensemble execution. This paper presents a novel deep ensemble pruning approach, which can efficiently identify smaller deep ensembles and provide higher ensemble accuracy than the entire deep ensemble of a large number of member networks. Our hierarchical ensemble pruning approach (HQ) leverages three novel ensemble pruning techniques. First, we show that the focal diversity metrics can accurately capture the complementary capacity of the member networks of an ensemble, which can guide ensemble pruning. Second, we design a focal diversity based hierarchical pruning approach, which will iteratively find high quality deep ensembles with low cost and high accuracy. Third, we develop a focal diversity consensus method to integrate multiple focal diversity metrics to refine ensemble pruning results, where smaller deep ensembles can be effectively identified to offer high accuracy, high robustness and high efficiency. Evaluated using popular benchmark datasets, we demonstrate that the proposed hierarchical ensemble pruning approach can effectively identify high quality deep ensembles with better generalizability while being more time and space efficient in ensemble decision making.
△ Less
Submitted 16 November, 2023;
originally announced November 2023.
-
Atlas: Hybrid Cloud Migration Advisor for Interactive Microservices
Authors:
Ka-Ho Chow,
Umesh Deshpande,
Veera Deenadhayalan,
Sangeetha Seshadri,
Ling Liu
Abstract:
Hybrid cloud provides an attractive solution to microservices for better resource elasticity. A subset of application components can be offloaded from the on-premises cluster to the cloud, where they can readily access additional resources. However, the selection of this subset is challenging because of the large number of possible combinations. A poor choice degrades the application performance,…
▽ More
Hybrid cloud provides an attractive solution to microservices for better resource elasticity. A subset of application components can be offloaded from the on-premises cluster to the cloud, where they can readily access additional resources. However, the selection of this subset is challenging because of the large number of possible combinations. A poor choice degrades the application performance, disrupts the critical services, and increases the cost to the extent of making the use of hybrid cloud unviable. This paper presents Atlas, a hybrid cloud migration advisor. Atlas uses a data-driven approach to learn how each user-facing API utilizes different components and their network footprints to drive the migration decision. It learns to accelerate the discovery of high-quality migration plans from millions and offers recommendations with customizable trade-offs among three quality indicators: end-to-end latency of user-facing APIs representing application performance, service availability, and cloud hosting costs. Atlas continuously monitors the application even after the migration for proactive recommendations. Our evaluation shows that Atlas can achieve 21% better API performance (latency) and 11% cheaper cost with less service disruption than widely used solutions.
△ Less
Submitted 12 November, 2023;
originally announced November 2023.
-
Exploring Model Learning Heterogeneity for Boosting Ensemble Robustness
Authors:
Yanzhao Wu,
Ka-Ho Chow,
Wenqi Wei,
Ling Liu
Abstract:
Deep neural network ensembles hold the potential of improving generalization performance for complex learning tasks. This paper presents formal analysis and empirical evaluation to show that heterogeneous deep ensembles with high ensemble diversity can effectively leverage model learning heterogeneity to boost ensemble robustness. We first show that heterogeneous DNN models trained for solving the…
▽ More
Deep neural network ensembles hold the potential of improving generalization performance for complex learning tasks. This paper presents formal analysis and empirical evaluation to show that heterogeneous deep ensembles with high ensemble diversity can effectively leverage model learning heterogeneity to boost ensemble robustness. We first show that heterogeneous DNN models trained for solving the same learning problem, e.g., object detection, can significantly strengthen the mean average precision (mAP) through our weighted bounding box ensemble consensus method. Second, we further compose ensembles of heterogeneous models for solving different learning problems, e.g., object detection and semantic segmentation, by introducing the connected component labeling (CCL) based alignment. We show that this two-tier heterogeneity driven ensemble construction method can compose an ensemble team that promotes high ensemble diversity and low negative correlation among member models of the ensemble, strengthening ensemble robustness against both negative examples and adversarial attacks. Third, we provide a formal analysis of the ensemble robustness in terms of negative correlation. Extensive experiments validate the enhanced robustness of heterogeneous ensembles in both benign and adversarial settings. The source codes are available on GitHub at https://github.com/git-disl/HeteRobust.
△ Less
Submitted 3 October, 2023;
originally announced October 2023.
-
Securing Distributed SGD against Gradient Leakage Threats
Authors:
Wenqi Wei,
Ling Liu,
Jingya Zhou,
Ka-Ho Chow,
Yanzhao Wu
Abstract:
This paper presents a holistic approach to gradient leakage resilient distributed Stochastic Gradient Descent (SGD). First, we analyze two types of strategies for privacy-enhanced federated learning: (i) gradient pruning with random selection or low-rank filtering and (ii) gradient perturbation with additive random noise or differential privacy noise. We analyze the inherent limitations of these a…
▽ More
This paper presents a holistic approach to gradient leakage resilient distributed Stochastic Gradient Descent (SGD). First, we analyze two types of strategies for privacy-enhanced federated learning: (i) gradient pruning with random selection or low-rank filtering and (ii) gradient perturbation with additive random noise or differential privacy noise. We analyze the inherent limitations of these approaches and their underlying impact on privacy guarantee, model accuracy, and attack resilience. Next, we present a gradient leakage resilient approach to securing distributed SGD in federated learning, with differential privacy controlled noise as the tool. Unlike conventional methods with the per-client federated noise injection and fixed noise parameter strategy, our approach keeps track of the trend of per-example gradient updates. It makes adaptive noise injection closely aligned throughout the federated model training. Finally, we provide an empirical privacy analysis on the privacy guarantee, model utility, and attack resilience of the proposed approach. Extensive evaluation using five benchmark datasets demonstrates that our gradient leakage resilient approach can outperform the state-of-the-art methods with competitive accuracy performance, strong differential privacy guarantee, and high resilience against gradient leakage attacks. The code associated with this paper can be found: https://github.com/git-disl/Fed-alphaCDP.
△ Less
Submitted 10 May, 2023;
originally announced May 2023.
-
STDLens: Model Hijacking-Resilient Federated Learning for Object Detection
Authors:
Ka-Ho Chow,
Ling Liu,
Wenqi Wei,
Fatih Ilhan,
Yanzhao Wu
Abstract:
Federated Learning (FL) has been gaining popularity as a collaborative learning framework to train deep learning-based object detection models over a distributed population of clients. Despite its advantages, FL is vulnerable to model hijacking. The attacker can control how the object detection system should misbehave by implanting Trojaned gradients using only a small number of compromised client…
▽ More
Federated Learning (FL) has been gaining popularity as a collaborative learning framework to train deep learning-based object detection models over a distributed population of clients. Despite its advantages, FL is vulnerable to model hijacking. The attacker can control how the object detection system should misbehave by implanting Trojaned gradients using only a small number of compromised clients in the collaborative learning process. This paper introduces STDLens, a principled approach to safeguarding FL against such attacks. We first investigate existing mitigation mechanisms and analyze their failures caused by the inherent errors in spatial clustering analysis on gradients. Based on the insights, we introduce a three-tier forensic framework to identify and expel Trojaned gradients and reclaim the performance over the course of FL. We consider three types of adaptive attacks and demonstrate the robustness of STDLens against advanced adversaries. Extensive experiments show that STDLens can protect FL against different model hijacking attacks and outperform existing methods in identifying and removing Trojaned gradients with significantly higher precision and much lower false-positive rates.
△ Less
Submitted 19 May, 2023; v1 submitted 20 March, 2023;
originally announced March 2023.
-
Probing Near-Field Thermal Emission of Localized Surface Phonons from Silicon Carbide Nanopillars
Authors:
Saman Zare,
Ramin Pouria,
Philippe K. Chow,
Tom Tiwald,
Carl P. Tripp,
Sheila Edalatpour
Abstract:
Thermal emission of localized surface phonons (LSPhs) from nanostructures of polaritonic materials is a promising mechanism for tuning the spectrum of near-field thermal radiation. Previous studies have theoretically shown that thermal emission of LSPhs results in narrow-band peaks in the near-field spectra, whose spectral locations can be modulated by changing the dimensions of the nanostructure.…
▽ More
Thermal emission of localized surface phonons (LSPhs) from nanostructures of polaritonic materials is a promising mechanism for tuning the spectrum of near-field thermal radiation. Previous studies have theoretically shown that thermal emission of LSPhs results in narrow-band peaks in the near-field spectra, whose spectral locations can be modulated by changing the dimensions of the nanostructure. However, near-field thermal emission of LSPhs has not been experimentally explored yet. In this study, we measure the spectrum of near-field thermal radiation from arrays of 6H-silicon carbide (6H-SiC) nanopillars using an internal-reflection-element based spectroscopy technique. We present an experimental demonstration of thermal emission of the transverse dipole, quadrupole, and octupole, as well as longitudinal monopole from 6H-SiC nanopillars at a near-field distance from the array. We show that the spectral location of the longitudinal monopole and transverse dipole are significantly affected by the near-field coupling between neighboring nanopillars as well as the intercoupling of the nanopillars and the substrate. We also experimentally demonstrate that the spectrum of near-field thermal radiation from 6H-SiC nanopillar arrays can be tuned by varying the dimensions of the nanopillars, providing an opportunity for designing emitters with tailored near-field thermal radiation.
△ Less
Submitted 2 February, 2023;
originally announced February 2023.
-
Adaptive Deep Neural Network Inference Optimization with EENet
Authors:
Fatih Ilhan,
Ka-Ho Chow,
Sihao Hu,
Tiansheng Huang,
Selim Tekin,
Wenqi Wei,
Yanzhao Wu,
Myungjin Lee,
Ramana Kompella,
Hugo Latapie,
Gaowen Liu,
Ling Liu
Abstract:
Well-trained deep neural networks (DNNs) treat all test samples equally during prediction. Adaptive DNN inference with early exiting leverages the observation that some test examples can be easier to predict than others. This paper presents EENet, a novel early-exiting scheduling framework for multi-exit DNN models. Instead of having every sample go through all DNN layers during prediction, EENet…
▽ More
Well-trained deep neural networks (DNNs) treat all test samples equally during prediction. Adaptive DNN inference with early exiting leverages the observation that some test examples can be easier to predict than others. This paper presents EENet, a novel early-exiting scheduling framework for multi-exit DNN models. Instead of having every sample go through all DNN layers during prediction, EENet learns an early exit scheduler, which can intelligently terminate the inference earlier for certain predictions, which the model has high confidence of early exit. As opposed to previous early-exiting solutions with heuristics-based methods, our EENet framework optimizes an early-exiting policy to maximize model accuracy while satisfying the given per-sample average inference budget. Extensive experiments are conducted on four computer vision datasets (CIFAR-10, CIFAR-100, ImageNet, Cityscapes) and two NLP datasets (SST-2, AgNews). The results demonstrate that the adaptive inference by EENet can outperform the representative existing early exit techniques. We also perform a detailed visualization analysis of the comparison results to interpret the benefits of EENet.
△ Less
Submitted 1 December, 2023; v1 submitted 14 January, 2023;
originally announced January 2023.
-
Deepfake Detection: A Comprehensive Study from the Reliability Perspective
Authors:
Tianyi Wang,
Xin Liao,
Kam Pui Chow,
Xiaodong Lin,
Yinglong Wang
Abstract:
The mushroomed Deepfake synthetic materials circulated on the internet have raised serious social impact to politicians, celebrities, and every human being on earth. In this survey, we provide a thorough review of the existing Deepfake detection studies from the reliability perspective. Reliability-oriented research challenges of the current Deepfake detection research domain are defined in three…
▽ More
The mushroomed Deepfake synthetic materials circulated on the internet have raised serious social impact to politicians, celebrities, and every human being on earth. In this survey, we provide a thorough review of the existing Deepfake detection studies from the reliability perspective. Reliability-oriented research challenges of the current Deepfake detection research domain are defined in three aspects, namely, transferability, interpretability, and robustness. While solutions have been frequently addressed regarding the three challenges, the general reliability of a detection model has been barely considered, leading to the lack of reliable evidence in real-life usages and even for prosecutions on Deepfake-related cases in court. We, therefore, introduce a model reliability study metric using statistical random sampling knowledge and the publicly available benchmark datasets to review the reliability of the existing detection models on arbitrary Deepfake candidate suspects. Case studies are further executed to justify the real-life Deepfake cases including different groups of victims with the help of the reliably qualified detection models as reviewed in this survey. Reviews and experiments upon the existing approaches provide informative discussions and future research directions of Deepfake detection.
△ Less
Submitted 14 February, 2023; v1 submitted 20 November, 2022;
originally announced November 2022.
-
Properties of the Concrete distribution
Authors:
David D. K. Chow
Abstract:
We examine properties of the Concrete (or Gumbel-softmax) distribution on the simplex. Using the natural vector space structure of the simplex, the Concrete distribution can be regarded as a transformation of the uniform distribution through a reflection and a location-scale transformation. The Fisher information is computed and the corresponding information metric is hyperbolic space. We explicit…
▽ More
We examine properties of the Concrete (or Gumbel-softmax) distribution on the simplex. Using the natural vector space structure of the simplex, the Concrete distribution can be regarded as a transformation of the uniform distribution through a reflection and a location-scale transformation. The Fisher information is computed and the corresponding information metric is hyperbolic space. We explicitly give an explicit transformation of the parameters of the distribution to Poincaré half-space coordinates, which correspond to an orthogonal parameterization, and the Fisher-Rao geodesic distance is computed.
△ Less
Submitted 2 November, 2022;
originally announced November 2022.
-
Deep Convolutional Pooling Transformer for Deepfake Detection
Authors:
Tianyi Wang,
Harry Cheng,
Kam Pui Chow,
Liqiang Nie
Abstract:
Recently, Deepfake has drawn considerable public attention due to security and privacy concerns in social media digital forensics. As the wildly spreading Deepfake videos on the Internet become more realistic, traditional detection techniques have failed in distinguishing between real and fake. Most existing deep learning methods mainly focus on local features and relations within the face image u…
▽ More
Recently, Deepfake has drawn considerable public attention due to security and privacy concerns in social media digital forensics. As the wildly spreading Deepfake videos on the Internet become more realistic, traditional detection techniques have failed in distinguishing between real and fake. Most existing deep learning methods mainly focus on local features and relations within the face image using convolutional neural networks as a backbone. However, local features and relations are insufficient for model training to learn enough general information for Deepfake detection. Therefore, the existing Deepfake detection methods have reached a bottleneck to further improve the detection performance. To address this issue, we propose a deep convolutional Transformer to incorporate the decisive image features both locally and globally. Specifically, we apply convolutional pooling and re-attention to enrich the extracted features and enhance efficacy. Moreover, we employ the barely discussed image keyframes in model training for performance improvement and visualize the feature quantity gap between the key and normal image frames caused by video compression. We finally illustrate the transferability with extensive experiments on several Deepfake benchmark datasets. The proposed solution consistently outperforms several state-of-the-art baselines on both within- and cross-dataset experiments.
△ Less
Submitted 28 March, 2023; v1 submitted 12 September, 2022;
originally announced September 2022.
-
Schlömilch integrals and probability distributions on the simplex
Authors:
David D. K. Chow
Abstract:
The Schlömilch integral, a generalization of the Dirichlet integral on the simplex, and related probability distributions are reviewed. A distribution that unifies several generalizations of the Dirichlet distribution is presented, with special cases including the scaled Dirichlet distribution and certain Dirichlet mixture distributions. Moments and log-ratio covariances are found, where tractable…
▽ More
The Schlömilch integral, a generalization of the Dirichlet integral on the simplex, and related probability distributions are reviewed. A distribution that unifies several generalizations of the Dirichlet distribution is presented, with special cases including the scaled Dirichlet distribution and certain Dirichlet mixture distributions. Moments and log-ratio covariances are found, where tractable. The normalization of the distribution motivates a definition, in terms of a simplex integral representation, of complete homogeneous symmetric polynomials of fractional degree.
△ Less
Submitted 2 November, 2022; v1 submitted 26 January, 2022;
originally announced January 2022.
-
Spontaneous Generated Convective Anticyclones in Low Latitude -- A Model for the Great Red Spot
Authors:
Tao Cai,
Kwing L. Chan,
Kim-Chiu Chow
Abstract:
The Great Red Spot at about latitude $22^{\circ}S$ of Jupiter has been observed for hundreds of years, yet the driving mechanism on the formation of this giant anticyclone still remains unclear. Two scenarios were proposed to explain its formation. One is a shallow model suggesting that it might be a weather feature formed through a merging process of small shallow storms generated by moist convec…
▽ More
The Great Red Spot at about latitude $22^{\circ}S$ of Jupiter has been observed for hundreds of years, yet the driving mechanism on the formation of this giant anticyclone still remains unclear. Two scenarios were proposed to explain its formation. One is a shallow model suggesting that it might be a weather feature formed through a merging process of small shallow storms generated by moist convection, while the other is a deep model suggesting that it might be a deeply rooted anticyclone powered by the internal heat of Jupiter. In this work, we present numerical simulations showing that the Great Red Spot could be naturally generated in a deep rotating turbulent flow and survive for a long time, when the convective Rossby number is smaller than a certain critical value. From this critical value, we predict that the Great Red Spot extends at least about 500 kilometers deep into the Jovian atmosphere. Our results demonstrate that the Great Red Spot is likely to be a feature deep-seated in the Jovian atmosphere.
△ Less
Submitted 22 November, 2021;
originally announced November 2021.
-
TraVLR: Now You See It, Now You Don't! A Bimodal Dataset for Evaluating Visio-Linguistic Reasoning
Authors:
Keng Ji Chow,
Samson Tan,
Min-Yen Kan
Abstract:
Numerous visio-linguistic (V+L) representation learning methods have been developed, yet existing datasets do not adequately evaluate the extent to which they represent visual and linguistic concepts in a unified space. We propose several novel evaluation settings for V+L models, including cross-modal transfer. Furthermore, existing V+L benchmarks often report global accuracy scores on the entire…
▽ More
Numerous visio-linguistic (V+L) representation learning methods have been developed, yet existing datasets do not adequately evaluate the extent to which they represent visual and linguistic concepts in a unified space. We propose several novel evaluation settings for V+L models, including cross-modal transfer. Furthermore, existing V+L benchmarks often report global accuracy scores on the entire dataset, making it difficult to pinpoint the specific reasoning tasks that models fail and succeed at. We present TraVLR, a synthetic dataset comprising four V+L reasoning tasks. TraVLR's synthetic nature allows us to constrain its training and testing distributions along task-relevant dimensions, enabling the evaluation of out-of-distribution generalisation. Each example in TraVLR redundantly encodes the scene in two modalities, allowing either to be dropped or added during training or testing without losing relevant information. We compare the performance of four state-of-the-art V+L models, finding that while they perform well on test examples from the same modality, they all fail at cross-modal transfer and have limited success accommodating the addition or deletion of one modality. We release TraVLR as an open challenge for the research community.
△ Less
Submitted 15 April, 2023; v1 submitted 21 November, 2021;
originally announced November 2021.
-
Can a Tesla Turbine be Utilised as a Non-Magnetic Actuator for MRI-Guided Robotic Interventions?
Authors:
David Navarro-Alarcon,
Luiza Labazanova,
Man Kiu Chow,
Kwun Wang Ng,
Derek Kwok
Abstract:
This paper introduces a new type of nonmagnetic actuator for MRI interventions. Ultrasonic and piezoelectric motors are one the most commonly used actuators in MRI applications. However, most of these actuators are only MRI-safe, which means they cannot be operated while imaging as they cause significant visual artifacts. To cope with this issue, we developed a new pneumatic rotary servo-motor (ba…
▽ More
This paper introduces a new type of nonmagnetic actuator for MRI interventions. Ultrasonic and piezoelectric motors are one the most commonly used actuators in MRI applications. However, most of these actuators are only MRI-safe, which means they cannot be operated while imaging as they cause significant visual artifacts. To cope with this issue, we developed a new pneumatic rotary servo-motor (based on the Tesla turbine) that can be effectively used during continuous MR imaging. We thoroughly tested the performance and magnetic properties of our MRI-compatible actuator with several experiments, both inside and outside an MRI scanner. The reported results confirm the feasibility to use this motor for MRI-guided robotic interventions.
△ Less
Submitted 19 August, 2021;
originally announced August 2021.
-
Multi-Slice Dense-Sparse Learning for Efficient Liver and Tumor Segmentation
Authors:
Ziyuan Zhao,
Zeyu Ma,
Yanjie Liu,
Zeng Zeng,
Pierce KH Chow
Abstract:
Accurate automatic liver and tumor segmentation plays a vital role in treatment planning and disease monitoring. Recently, deep convolutional neural network (DCNNs) has obtained tremendous success in 2D and 3D medical image segmentation. However, 2D DCNNs cannot fully leverage the inter-slice information, while 3D DCNNs are computationally expensive and memory intensive. To address these issues, w…
▽ More
Accurate automatic liver and tumor segmentation plays a vital role in treatment planning and disease monitoring. Recently, deep convolutional neural network (DCNNs) has obtained tremendous success in 2D and 3D medical image segmentation. However, 2D DCNNs cannot fully leverage the inter-slice information, while 3D DCNNs are computationally expensive and memory intensive. To address these issues, we first propose a novel dense-sparse training flow from a data perspective, in which, densely adjacent slices and sparsely adjacent slices are extracted as inputs for regularizing DCNNs, thereby improving the model performance. Moreover, we design a 2.5D light-weight nnU-Net from a network perspective, in which, depthwise separable convolutions are adopted to improve the efficiency. Extensive experiments on the LiTS dataset have demonstrated the superiority of the proposed method.
△ Less
Submitted 15 August, 2021;
originally announced August 2021.
-
The XMM-SERVS survey: XMM-Newton point-source catalogs for the W-CDF-S and ELAIS-S1 fields
Authors:
Q. Ni,
W. N. Brandt,
C. -T. Chen,
B. Luo,
K. Nyland,
G. Yang,
F. Zou,
J. Aird,
D. M. Alexander,
F. E. Bauer,
M. Lacy,
B. D. Lehmer,
L. Mallick,
M. Salvato,
D. P. Schneider,
P. Tozzi,
I. Traulsen,
M. Vaccari,
C. Vignali,
F. Vito,
Y. Xue,
M. Banerji,
K. Chow,
A. Comastri,
A. Del Moro
, et al. (8 additional authors not shown)
Abstract:
We present the X-ray point-source catalogs in two of the XMM-Spitzer Extragalactic Representative Volume Survey (XMM-SERVS) fields, W-CDF-S (4.6 deg$^2$) and ELAIS-S1 (3.2 deg$^2$), aiming to fill the gap between deep pencil-beam X-ray surveys and shallow X-ray surveys over large areas. The W-CDF-S and ELAIS-S1 regions were targeted with 2.3 Ms and 1.0 Ms of XMM-Newton observations, respectively;…
▽ More
We present the X-ray point-source catalogs in two of the XMM-Spitzer Extragalactic Representative Volume Survey (XMM-SERVS) fields, W-CDF-S (4.6 deg$^2$) and ELAIS-S1 (3.2 deg$^2$), aiming to fill the gap between deep pencil-beam X-ray surveys and shallow X-ray surveys over large areas. The W-CDF-S and ELAIS-S1 regions were targeted with 2.3 Ms and 1.0 Ms of XMM-Newton observations, respectively; 1.8 Ms and 0.9 Ms exposures remain after flare filtering. The survey in W-CDF-S has a flux limit of 1.0 $\times$ 10$^{-14}$ erg cm$^{-2}$ s$^{-1}$ over 90% of its area in the 0.5-10 keV band; 4053 sources are detected in total. The survey in ELAIS-S1 has a flux limit of 1.3 $\times$ 10$^{-14}$ erg cm$^{-2}$ s$^{-1}$ over 90% of its area in the 0.5-10 keV band; 2630 sources are detected in total. Reliable optical-to-IR multiwavelength counterpart candidates are identified for $\approx$ 89% of the sources in W-CDF-S and $\approx$ 87% of the sources in ELAIS-S1. 3186 sources in W-CDF-S and 1985 sources in ELAIS-S1 are classified as AGNs. We also provide photometric redshifts for X-ray sources; $\approx$ 84% of the 3319/2001 sources in W-CDF-S/ELAIS-S1 with optical-to-NIR forced photometry available have either spectroscopic redshifts or high-quality photometric redshifts. The completion of the XMM-Newton observations in the W-CDF-S and ELAIS-S1 fields marks the end of the XMM-SERVS survey data gathering. The $\approx$ 12,000 point-like X-ray sources detected in the whole $\approx$ 13 deg$^2$ XMM-SERVS survey will benefit future large-sample AGN studies.
△ Less
Submitted 19 June, 2021;
originally announced June 2021.
-
Linearly Stabilized Schemes for the Time Integration of Stiff Nonlinear PDEs
Authors:
Kevin Chow,
Steven J. Ruuth
Abstract:
In many applications, the governing PDE to be solved numerically contains a stiff component. When this component is linear, an implicit time stepping method that is unencumbered by stability restrictions is often preferred. On the other hand, if the stiff component is nonlinear, the complexity and cost per step of using an implicit method is heightened, and explicit methods may be preferred for th…
▽ More
In many applications, the governing PDE to be solved numerically contains a stiff component. When this component is linear, an implicit time stepping method that is unencumbered by stability restrictions is often preferred. On the other hand, if the stiff component is nonlinear, the complexity and cost per step of using an implicit method is heightened, and explicit methods may be preferred for their simplicity and ease of implementation. In this article, we analyze new and existing linearly stabilized schemes for the purpose of integrating stiff nonlinear PDEs in time. These schemes compute the nonlinear term explicitly and, at the cost of solving a linear system with a matrix that is fixed throughout, are unconditionally stable, thus combining the advantages of explicit and implicit methods. Applications are presented to illustrate the use of these methods.
△ Less
Submitted 26 April, 2021;
originally announced April 2021.
-
Quantum State Discrimination for Supervised Classification
Authors:
Roberto Giuntini,
Hector Freytes,
Daniel K. Park,
Carsten Blank,
Federico Holik,
Keng Loon Chow,
Giuseppe Sergioli
Abstract:
In this paper we investigate the connection between quantum information theory and machine learning. In particular, we show how quantum state discrimination can represent a useful tool to address the standard classification problem in machine learning. Previous studies have shown that the optimal quantum measurement theory developed in the context of quantum information theory and quantum communic…
▽ More
In this paper we investigate the connection between quantum information theory and machine learning. In particular, we show how quantum state discrimination can represent a useful tool to address the standard classification problem in machine learning. Previous studies have shown that the optimal quantum measurement theory developed in the context of quantum information theory and quantum communication can inspire a new binary classification algorithm that can achieve higher inference accuracy for various datasets. Here we propose a model for arbitrary multiclass classification inspired by quantum state discrimination, which is enabled by encoding the data in the space of linear operators on a Hilbert space. While our algorithm is quantum-inspired, it can be implemented on classical hardware, thereby permitting immediate applications.
△ Less
Submitted 2 April, 2021;
originally announced April 2021.
-
Improved Accuracy and Precision In Simultaneous Myocardial T1 and T2 mapping with Multi-Parametric SASHA (mSASHA)
Authors:
Kelvin Chow,
Genevieve Hayes,
Jacqueline A Flewitt,
Patricia Feuchter,
Carmen Lydell,
Andrew Howarth,
Joseph J Pagano,
Richard B Thompson,
Peter Kellman,
James A White
Abstract:
Purpose: To develop and validate a multi-parametric SAturation-recovery single-SHot Acquisition (mSASHA) cardiac T1 and T2 mapping technique with high accuracy and precision in a single breath-hold.
Methods: The mSASHA acquisition consists of 9 images in an 11 heartbeat breath-hold -- the first without preparation, 6 images with saturation recovery preparation, and 2 images with both saturation…
▽ More
Purpose: To develop and validate a multi-parametric SAturation-recovery single-SHot Acquisition (mSASHA) cardiac T1 and T2 mapping technique with high accuracy and precision in a single breath-hold.
Methods: The mSASHA acquisition consists of 9 images in an 11 heartbeat breath-hold -- the first without preparation, 6 images with saturation recovery preparation, and 2 images with both saturation recovery and T2-preparation. T1 and T2 values were calculated using a 3-parameter model. mSASHA was validated in simulations and phantoms on a Siemens 3T Prisma scanner with comparison to a joint T1-T2 technique with a 4-parameter model. mSASHA values were compared to reference MOLLI, SASHA and T2p-bSSFP sequences in 10 healthy volunteers.
Results: mSASHA had high accuracy compared to reference spin-echo measurements, with an average of -0.7+/-0.4% T1 error and -1.3+/-1.3% T2 error. mSASHA coefficient of variation (CoV) in phantoms for T1 was lower than MOLLI (0.7+/-0.1% vs 0.9+/-0.2%, p<0.01) and similar to reference T2p-bSSFP for T2 (1.4+/-0.6% vs 1.5+/-0.5%, p>0.05). In simulations, 3-parameter mSASHA fitting had higher precision than 4-parameter joint T1-T2 fitting for both T1 and T2. In-vivo myocardial mSASHA T1 was similar to conventional SASHA (1523+/-18 ms vs 1520+/-18 ms, p>0.05) with similar CoV to both MOLLI and SASHA (3.3+/-0.6% vs 3.1+/-0.6% and 3.3+/-0.5% respectively, p>0.05 for both). Myocardial mSASHA T2 values were 37.1+/-1.1 ms with similar precision to T2p-bSSFP (6.7+/-1.7% vs 6.0+/-1.6%, p>0.05).
Conclusion: mSASHA provides high accuracy cardiac T1 and T2 quantification in a single breath-hold, with similar precision to reference MOLLI and linear T2p-bSSFP reference techniques.
△ Less
Submitted 1 April, 2021;
originally announced April 2021.
-
Australian Square Kilometre Array Pathfinder: I. System Description
Authors:
A. W. Hotan,
J. D. Bunton,
A. P. Chippendale,
M. Whiting,
J. Tuthill,
V. A. Moss,
D. McConnell,
S. W. Amy,
M. T. Huynh,
J. R. Allison,
C. S. Anderson,
K. W. Bannister,
E. Bastholm,
R. Beresford,
D. C. -J. Bock,
R. Bolton,
J. M. Chapman,
K. Chow,
J. D. Collier,
F. R. Cooray,
T. J. Cornwell,
P. J. Diamond,
P. G. Edwards,
I. J. Feain,
T. M. O. Franzen
, et al. (41 additional authors not shown)
Abstract:
In this paper we describe the system design and capabilities of the Australian Square Kilometre Array Pathfinder (ASKAP) radio telescope at the conclusion of its construction project and commencement of science operations. ASKAP is one of the first radio telescopes to deploy phased array feed (PAF) technology on a large scale, giving it an instantaneous field of view that covers 31 square degrees…
▽ More
In this paper we describe the system design and capabilities of the Australian Square Kilometre Array Pathfinder (ASKAP) radio telescope at the conclusion of its construction project and commencement of science operations. ASKAP is one of the first radio telescopes to deploy phased array feed (PAF) technology on a large scale, giving it an instantaneous field of view that covers 31 square degrees at 800 MHz. As a two-dimensional array of 36x12m antennas, with baselines ranging from 22m to 6km, ASKAP also has excellent snapshot imaging capability and 10 arcsecond resolution. This, combined with 288 MHz of instantaneous bandwidth and a unique third axis of rotation on each antenna, gives ASKAP the capability to create high dynamic range images of large sky areas very quickly. It is an excellent telescope for surveys between 700 MHz and 1800 MHz and is expected to facilitate great advances in our understanding of galaxy formation, cosmology and radio transients while opening new parameter space for discovery of the unknown.
△ Less
Submitted 2 February, 2021;
originally announced February 2021.
-
Remnant Radio Galaxies Discovered in a Multi-frequency Survey
Authors:
B. Quici,
N. Hurley-Walker,
N. Seymour,
R. J. Turner,
S. S. Shabala,
M. Huynh,
H. Andernach,
A. D. Kapińska,
J. D. Collier,
M. Johnston-Hollitt,
S. V. White,
I. Prandoni,
T. J. Galvin,
T. Franzen,
C. H. Ishwara-Chandra,
S. Bellstedt,
S. J. Tingay,
B. M. Gaensler,
A. O'Brien,
J. Rogers,
K. Chow,
S. Driver,
A. Robotham
Abstract:
The remnant phase of a radio galaxy begins when the jets launched from an active galactic nucleus are switched off. To study the fraction of radio galaxies in a remnant phase, we take advantage of a $8.31$\,deg$^2$ sub-region of the GAMA~23~field which comprises of surveys covering the frequency range 0.1--9\,GHz. We present a sample of 104 radio galaxies compiled from observations conducted by th…
▽ More
The remnant phase of a radio galaxy begins when the jets launched from an active galactic nucleus are switched off. To study the fraction of radio galaxies in a remnant phase, we take advantage of a $8.31$\,deg$^2$ sub-region of the GAMA~23~field which comprises of surveys covering the frequency range 0.1--9\,GHz. We present a sample of 104 radio galaxies compiled from observations conducted by the Murchison Wide-field Array (216\,MHz), the Australia Square Kilometer Array Pathfinder (887\,MHz), and the Australia Telescope Compact Array (5.5\,GHz). We adopt an `absent radio core' criterion to identify 10 radio galaxies showing no evidence for an active nucleus. We classify these as new candidate remnant radio galaxies. Seven of these objects still display compact emitting regions within the lobes at 5.5\,GHz; at this frequency the emission is short-lived, implying a recent jet switch-off. On the other hand, only three show evidence of aged lobe plasma by the presence of an ultra-steep spectrum ($α<-1.2$) and a diffuse, low surface-brightness radio morphology. The predominant fraction of young remnants is consistent with a rapid fading during the remnant phase. Within our sample of radio galaxies, our observations constrain the remnant fraction to $4\%\lesssim f_{\mathrm{rem}} \lesssim 10\%$; the lower limit comes from the limiting case in which all remnant candidates with hotspots are simply active radio galaxies with faint, undetected radio cores. Finally, we model the synchrotron spectrum arising from a hotspot to show they can persist for 5--10\,Myr at 5.5\,GHz after the jets switch off -- radio emission arising from such hotspots can therefore be expected in an appreciable fraction of genuine remnants.
△ Less
Submitted 24 January, 2021;
originally announced January 2021.
-
Promoting High Diversity Ensemble Learning with EnsembleBench
Authors:
Yanzhao Wu,
Ling Liu,
Zhongwei Xie,
Juhyun Bae,
Ka-Ho Chow,
Wenqi Wei
Abstract:
Ensemble learning is gaining renewed interests in recent years. This paper presents EnsembleBench, a holistic framework for evaluating and recommending high diversity and high accuracy ensembles. The design of EnsembleBench offers three novel features: (1) EnsembleBench introduces a set of quantitative metrics for assessing the quality of ensembles and for comparing alternative ensembles construct…
▽ More
Ensemble learning is gaining renewed interests in recent years. This paper presents EnsembleBench, a holistic framework for evaluating and recommending high diversity and high accuracy ensembles. The design of EnsembleBench offers three novel features: (1) EnsembleBench introduces a set of quantitative metrics for assessing the quality of ensembles and for comparing alternative ensembles constructed for the same learning tasks. (2) EnsembleBench implements a suite of baseline diversity metrics and optimized diversity metrics for identifying and selecting ensembles with high diversity and high quality, making it an effective framework for benchmarking, evaluating and recommending high diversity model ensembles. (3) Four representative ensemble consensus methods are provided in the first release of EnsembleBench, enabling empirical study on the impact of consensus methods on ensemble accuracy. A comprehensive experimental evaluation on popular benchmark datasets demonstrates the utility and effectiveness of EnsembleBench for promoting high diversity ensembles and boosting the overall performance of selected ensembles.
△ Less
Submitted 20 October, 2020;
originally announced October 2020.
-
Some features of effective radius and variance of dust particles in the numerical simulation of dust climate on Mars
Authors:
Chi-Fong Wong,
Kim-Chiu Chow,
Kwing L. Chan,
Jing Xiao,
Yemeng Wang
Abstract:
Airborne dust is an important constituent in the Martian atmosphere because of its radiative interaction with the atmospheric circulation, and dust size is one crucial factor in determining this effect. In numerical modeling of the dust processes, description of the dust size is usually dependent on the choice of a particular size distribution function, or with fixed values of effective radius (ER…
▽ More
Airborne dust is an important constituent in the Martian atmosphere because of its radiative interaction with the atmospheric circulation, and dust size is one crucial factor in determining this effect. In numerical modeling of the dust processes, description of the dust size is usually dependent on the choice of a particular size distribution function, or with fixed values of effective radius (ER) and effective variance (EV) though they are variable in reality. In this work, analytical expressions have been derived to specify ER and EV for N-bin dust schemes based on the model calculated dust mixing ratio. Numerical simulations based on this approach thus consider the effects of variable ER on the atmospheric radiation and their interaction. The results have revealed some interesting features of the dust distribution parameters such as the seasonal and spatial variation of ER and EV, which are generally consistent with some previous observational and modeling studies. Compared with the usual approach of using fixed ER, simulation results with the present approach suggest that the variability of ER can have significant effect on the simulated thermal field of the Martian atmosphere.
△ Less
Submitted 25 August, 2020;
originally announced August 2020.
-
Computational Aeroacoustics of a Generic Side View Mirror using Stress Blended Eddy Simulation
Authors:
K. K Chode,
H. Viswanathan,
K. Chow
Abstract:
This paper presents a numerical investigation of aerodynamic noise generated by a generic side-view mirror mounted on a flat plate using the Stress Blended Eddy Simulation (SBES) coupled with the Ffowcs Williams and Hawkings (FW-H) equation. A grid evaluation study was performed using a standardised side-view mirror with a Reynolds Number (Re) of 5.2 x10^5 based on the diameter of the model. The p…
▽ More
This paper presents a numerical investigation of aerodynamic noise generated by a generic side-view mirror mounted on a flat plate using the Stress Blended Eddy Simulation (SBES) coupled with the Ffowcs Williams and Hawkings (FW-H) equation. A grid evaluation study was performed using a standardised side-view mirror with a Reynolds Number (Re) of 5.2 x10^5 based on the diameter of the model. The predictions for hydrodynamic pressure fluctuations on the mirror, the window and the sound emitted at various microphone locations are in good agreement with previously published experimental data. In addition, our numerical results indicate that yawing the mirror closer to the side window results in the flow being attached to the rear of the mirror resulting in an overall reduction in Sound Pressure Level (SPL) at several receiver locations.
△ Less
Submitted 24 July, 2020;
originally announced July 2020.
-
Understanding Object Detection Through An Adversarial Lens
Authors:
Ka-Ho Chow,
Ling Liu,
Mehmet Emre Gursoy,
Stacey Truex,
Wenqi Wei,
Yanzhao Wu
Abstract:
Deep neural networks based object detection models have revolutionized computer vision and fueled the development of a wide range of visual recognition applications. However, recent studies have revealed that deep object detectors can be compromised under adversarial attacks, causing a victim detector to detect no object, fake objects, or mislabeled objects. With object detection being used pervas…
▽ More
Deep neural networks based object detection models have revolutionized computer vision and fueled the development of a wide range of visual recognition applications. However, recent studies have revealed that deep object detectors can be compromised under adversarial attacks, causing a victim detector to detect no object, fake objects, or mislabeled objects. With object detection being used pervasively in many security-critical applications, such as autonomous vehicles and smart cities, we argue that a holistic approach for an in-depth understanding of adversarial attacks and vulnerabilities of deep object detection systems is of utmost importance for the research community to develop robust defense mechanisms. This paper presents a framework for analyzing and evaluating vulnerabilities of the state-of-the-art object detectors under an adversarial lens, aiming to analyze and demystify the attack strategies, adverse effects, and costs, as well as the cross-model and cross-resolution transferability of attacks. Using a set of quantitative metrics, extensive experiments are performed on six representative deep object detectors from three popular families (YOLOv3, SSD, and Faster R-CNN) with two benchmark datasets (PASCAL VOC and MS COCO). We demonstrate that the proposed framework can serve as a methodical benchmark for analyzing adversarial behaviors and risks in real-time object detection systems. We conjecture that this framework can also serve as a tool to assess the security risks and the adversarial robustness of deep object detectors to be deployed in real-world applications.
△ Less
Submitted 11 July, 2020;
originally announced July 2020.
-
LDP-Fed: Federated Learning with Local Differential Privacy
Authors:
Stacey Truex,
Ling Liu,
Ka-Ho Chow,
Mehmet Emre Gursoy,
Wenqi Wei
Abstract:
This paper presents LDP-Fed, a novel federated learning system with a formal privacy guarantee using local differential privacy (LDP). Existing LDP protocols are developed primarily to ensure data privacy in the collection of single numerical or categorical values, such as click count in Web access logs. However, in federated learning model parameter updates are collected iteratively from each par…
▽ More
This paper presents LDP-Fed, a novel federated learning system with a formal privacy guarantee using local differential privacy (LDP). Existing LDP protocols are developed primarily to ensure data privacy in the collection of single numerical or categorical values, such as click count in Web access logs. However, in federated learning model parameter updates are collected iteratively from each participant and consist of high dimensional, continuous values with high precision (10s of digits after the decimal point), making existing LDP protocols inapplicable. To address this challenge in LDP-Fed, we design and develop two novel approaches. First, LDP-Fed's LDP Module provides a formal differential privacy guarantee for the repeated collection of model training parameters in the federated training of large-scale neural networks over multiple individual participants' private datasets. Second, LDP-Fed implements a suite of selection and filtering techniques for perturbing and sharing select parameter updates with the parameter server. We validate our system deployed with a condensed LDP protocol in training deep neural networks on public data. We compare this version of LDP-Fed, coined CLDP-Fed, with other state-of-the-art approaches with respect to model accuracy, privacy preservation, and system capabilities.
△ Less
Submitted 5 June, 2020;
originally announced June 2020.
-
Multi-Instance Multi-Label Learning for Gene Mutation Prediction in Hepatocellular Carcinoma
Authors:
Kaixin Xu,
Ziyuan Zhao,
Jiapan Gu,
Zeng Zeng,
Chan Wan Ying,
Lim Kheng Choon,
Thng Choon Hua,
Pierce KH Chow
Abstract:
Gene mutation prediction in hepatocellular carcinoma (HCC) is of great diagnostic and prognostic value for personalized treatments and precision medicine. In this paper, we tackle this problem with multi-instance multi-label learning to address the difficulties on label correlations, label representations, etc. Furthermore, an effective oversampling strategy is applied for data imbalance. Experime…
▽ More
Gene mutation prediction in hepatocellular carcinoma (HCC) is of great diagnostic and prognostic value for personalized treatments and precision medicine. In this paper, we tackle this problem with multi-instance multi-label learning to address the difficulties on label correlations, label representations, etc. Furthermore, an effective oversampling strategy is applied for data imbalance. Experimental results have shown the superiority of the proposed approach.
△ Less
Submitted 8 May, 2020;
originally announced May 2020.
-
Multi-Phase Cross-modal Learning for Noninvasive Gene Mutation Prediction in Hepatocellular Carcinoma
Authors:
Jiapan Gu,
Ziyuan Zhao,
Zeng Zeng,
Yuzhe Wang,
Zhengyiren Qiu,
Bharadwaj Veeravalli,
Brian Kim Poh Goh,
Glenn Kunnath Bonney,
Krishnakumar Madhavan,
Chan Wan Ying,
Lim Kheng Choon,
Thng Choon Hua,
Pierce KH Chow
Abstract:
Hepatocellular carcinoma (HCC) is the most common type of primary liver cancer and the fourth most common cause of cancer-related death worldwide. Understanding the underlying gene mutations in HCC provides great prognostic value for treatment planning and targeted therapy. Radiogenomics has revealed an association between non-invasive imaging features and molecular genomics. However, imaging feat…
▽ More
Hepatocellular carcinoma (HCC) is the most common type of primary liver cancer and the fourth most common cause of cancer-related death worldwide. Understanding the underlying gene mutations in HCC provides great prognostic value for treatment planning and targeted therapy. Radiogenomics has revealed an association between non-invasive imaging features and molecular genomics. However, imaging feature identification is laborious and error-prone. In this paper, we propose an end-to-end deep learning framework for mutation prediction in APOB, COL11A1 and ATRX genes using multiphasic CT scans. Considering intra-tumour heterogeneity (ITH) in HCC, multi-region sampling technology is implemented to generate the dataset for experiments. Experimental results demonstrate the effectiveness of the proposed model.
△ Less
Submitted 8 May, 2020;
originally announced May 2020.
-
A Framework for Evaluating Gradient Leakage Attacks in Federated Learning
Authors:
Wenqi Wei,
Ling Liu,
Margaret Loper,
Ka-Ho Chow,
Mehmet Emre Gursoy,
Stacey Truex,
Yanzhao Wu
Abstract:
Federated learning (FL) is an emerging distributed machine learning framework for collaborative model training with a network of clients (edge devices). FL offers default client privacy by allowing clients to keep their sensitive data on local devices and to only share local training parameter updates with the federated server. However, recent studies have shown that even sharing local parameter u…
▽ More
Federated learning (FL) is an emerging distributed machine learning framework for collaborative model training with a network of clients (edge devices). FL offers default client privacy by allowing clients to keep their sensitive data on local devices and to only share local training parameter updates with the federated server. However, recent studies have shown that even sharing local parameter updates from a client to the federated server may be susceptible to gradient leakage attacks and intrude the client privacy regarding its training data. In this paper, we present a principled framework for evaluating and comparing different forms of client privacy leakage attacks. We first provide formal and experimental analysis to show how adversaries can reconstruct the private local training data by simply analyzing the shared parameter update from local training (e.g., local gradient or weight update vector). We then analyze how different hyperparameter configurations in federated learning and different settings of the attack algorithm may impact on both attack effectiveness and attack cost. Our framework also measures, evaluates, and analyzes the effectiveness of client privacy leakage attacks under different gradient compression ratios when using communication efficient FL protocols. Our experiments also include some preliminary mitigation strategies to highlight the importance of providing a systematic attack evaluation framework towards an in-depth understanding of the various forms of client privacy leakage threats in federated learning and developing theoretical foundations for attack mitigation.
△ Less
Submitted 23 April, 2020; v1 submitted 22 April, 2020;
originally announced April 2020.
-
TOG: Targeted Adversarial Objectness Gradient Attacks on Real-time Object Detection Systems
Authors:
Ka-Ho Chow,
Ling Liu,
Mehmet Emre Gursoy,
Stacey Truex,
Wenqi Wei,
Yanzhao Wu
Abstract:
The rapid growth of real-time huge data capturing has pushed the deep learning and data analytic computing to the edge systems. Real-time object recognition on the edge is one of the representative deep neural network (DNN) powered edge systems for real-world mission-critical applications, such as autonomous driving and augmented reality. While DNN powered object detection edge systems celebrate m…
▽ More
The rapid growth of real-time huge data capturing has pushed the deep learning and data analytic computing to the edge systems. Real-time object recognition on the edge is one of the representative deep neural network (DNN) powered edge systems for real-world mission-critical applications, such as autonomous driving and augmented reality. While DNN powered object detection edge systems celebrate many life-enriching opportunities, they also open doors for misuse and abuse. This paper presents three Targeted adversarial Objectness Gradient attacks, coined as TOG, which can cause the state-of-the-art deep object detection networks to suffer from object-vanishing, object-fabrication, and object-mislabeling attacks. We also present a universal objectness gradient attack to use adversarial transferability for black-box attacks, which is effective on any inputs with negligible attack time cost, low human perceptibility, and particularly detrimental to object detection edge systems. We report our experimental measurements using two benchmark datasets (PASCAL VOC and MS COCO) on two state-of-the-art detection algorithms (YOLO and SSD). The results demonstrate serious adversarial vulnerabilities and the compelling need for developing robust object detection systems.
△ Less
Submitted 8 April, 2020;
originally announced April 2020.
-
PKS 2250$-$351: A Giant Radio Galaxy in Abell 3936
Authors:
N. Seymour,
M. Huynh,
S. S. Shabala,
J. Rogers,
L. J. M. Davies,
R. J. Turner,
A. O'Brien,
C. H. Ishwara-Chandra,
J. E. Thorne,
T. J. Galvin,
T. Jarrett,
H. Andernach,
C. Anderson,
J. Bunton,
K. Chow,
J. D. Collier,
S. Driver,
M. Filipovic,
G. Gürkan,
A. Hopkins,
A. D. Kapińska,
D. A. Leahy,
J. Marvil,
P. Manojlovic,
R. P. Norris
, et al. (5 additional authors not shown)
Abstract:
We present a detailed analysis of the radio galaxy PKS 2250-351, a giant of 1.2 Mpc projected size, its host galaxy, and its environment. We use radio data from the Murchison Widefield Array, the upgraded Giant Metre-wavelength Radio Telescope, the Australian Square Kilometre Array Pathfinder, and the Australia Telescope Compact Array to model the jet power and age. Optical and infra-red data come…
▽ More
We present a detailed analysis of the radio galaxy PKS 2250-351, a giant of 1.2 Mpc projected size, its host galaxy, and its environment. We use radio data from the Murchison Widefield Array, the upgraded Giant Metre-wavelength Radio Telescope, the Australian Square Kilometre Array Pathfinder, and the Australia Telescope Compact Array to model the jet power and age. Optical and infra-red data come from the Galaxy And Mass Assembly (GAMA) survey and provide information on the host galaxy and environment. GAMA spectroscopy confirms that PKS 2250-351 lies at z=0.2115 in the irregular, and likely unrelaxed, cluster Abell 3936. We find its host is a massive, `red and dead' elliptical galaxy with negligible star formation but with a highly obscured active galactic nucleus dominating the mid-infrared emission. Assuming it lies on the local M-sigma relation it has an Eddington accretion rate of lambda_EDD~0.014. We find that the lobe-derived jet power (a time-averaged measure) is an order of magnitude greater than the hotspot-derived jet power (an instantaneous measure). We propose that over the lifetime of the observed radio emission (~300 Myr) the accretion has switched from an inefficient advection dominated mode to a thin-disc efficient mode, consistent with the decrease in jet power. We also suggest that the asymmetric radio morphology is due to its environment, with the host of PKS 2250-351 lying to the west of the densest concentration of galaxies in Abell 3936.
△ Less
Submitted 23 January, 2020;
originally announced January 2020.
-
On Wind Speed Sensor Configurations and Altitude Control in Airborne Wind Energy Systems
Authors:
Laurel N. Dunn,
Christopher Vermillion,
Fotini K. Chow,
Scott J. Moura
Abstract:
Real-time altitude control of airborne wind energy (AWE) systems can improve performance by allowing turbines to track favorable wind speeds across a range of operating altitudes. The current work explores the performance implications of deploying an AWE system with sensor configurations that provide different amounts of data to characterize wind speed profiles. We examine various control objectiv…
▽ More
Real-time altitude control of airborne wind energy (AWE) systems can improve performance by allowing turbines to track favorable wind speeds across a range of operating altitudes. The current work explores the performance implications of deploying an AWE system with sensor configurations that provide different amounts of data to characterize wind speed profiles. We examine various control objectives that balance trade-offs between exploration and exploitation, and use a persistence model to generate a probabilistic wind speed forecast to inform control decisions. We assess system performance by comparing power production against baselines such as omniscient control and stationary flight. We show that with few sensors, control strategies that reward exploration are favored. We also show that with comprehensive sensing, the implications of choosing a sub-optimal control strategy decrease. This work informs and motivates the need for future research exploring online learning algorithms to characterize vertical wind speed profiles.
△ Less
Submitted 21 January, 2020;
originally announced January 2020.
-
Robust Self-Supervised Learning of Deterministic Errors in Single-Plane (Monoplanar) and Dual-Plane (Biplanar) X-ray Fluoroscopy
Authors:
Jacky C. K. Chow,
Steven K. Boyd,
Derek D. Lichti,
Janet L. Ronsky
Abstract:
Fluoroscopic imaging that captures X-ray images at video framerates is advantageous for guiding catheter insertions by vascular surgeons and interventional radiologists. Visualizing the dynamical movements non-invasively allows complex surgical procedures to be performed with less trauma to the patient. To improve surgical precision, endovascular procedures can benefit from more accurate fluorosco…
▽ More
Fluoroscopic imaging that captures X-ray images at video framerates is advantageous for guiding catheter insertions by vascular surgeons and interventional radiologists. Visualizing the dynamical movements non-invasively allows complex surgical procedures to be performed with less trauma to the patient. To improve surgical precision, endovascular procedures can benefit from more accurate fluoroscopy data via calibration. This paper presents a robust self-calibration algorithm suitable for single-plane and dual-plane fluoroscopy. A three-dimensional (3D) target field was imaged by the fluoroscope in a strong geometric network configuration. The unknown 3D positions of targets and the fluoroscope pose were estimated simultaneously by maximizing the likelihood of the Student-t probability distribution function. A smoothed k-nearest neighbour (kNN) regression is then used to model the deterministic component of the image reprojection error of the robust bundle adjustment. The Maximum Likelihood Estimation step and the kNN regression step are then repeated iteratively until convergence. Four different error modeling schemes were compared while varying the quantity of training images. It was found that using a smoothed kNN regression can automatically model the systematic errors in fluoroscopy with similar accuracy as a human expert using a small training dataset. When all training images were used, the 3D mapping error was reduced from 0.61-0.83 mm to 0.04 mm post-calibration (94.2-95.7% improvement), and the 2D reprojection error was reduced from 1.17-1.31 to 0.20-0.21 pixels (83.2-83.8% improvement). When using biplanar fluoroscopy, the 3D measurement accuracy of the system improved from 0.60 mm to 0.32 mm (47.2% improvement).
△ Less
Submitted 2 January, 2020;
originally announced January 2020.
-
An Environmentally Stable and Lead-Free Chalcogenide Perovskite
Authors:
Tushar Gupta,
Debjit Ghoshal,
Anthony Yoshimura,
Swastik Basu,
Philippe K. Chow,
Aniruddha S. Lakhnot,
Juhi Pandey,
Jeffrey M. Warrender,
Harry Efstathiadis,
Ajay Soni,
Eric Osei-Agyemang,
Ganesh Balasubramanian,
Shengbai Zhang,
Su-Fei Shi,
Toh-Ming Lu,
Vincent Meunier,
Nikhil Koratkar
Abstract:
Organic-inorganic halide perovskites are intrinsically unstable when exposed to moisture and/or light. Additionally, the presence of lead in many perovskites raises toxicity concerns. Herein is reported a thin film of BaZrS3, a lead-free chalcogenide perovskite. Photoluminescence and X-ray diffraction measurements show that BaZrS3 is far more stable than methylammonium lead iodide (MAPbI3) in mois…
▽ More
Organic-inorganic halide perovskites are intrinsically unstable when exposed to moisture and/or light. Additionally, the presence of lead in many perovskites raises toxicity concerns. Herein is reported a thin film of BaZrS3, a lead-free chalcogenide perovskite. Photoluminescence and X-ray diffraction measurements show that BaZrS3 is far more stable than methylammonium lead iodide (MAPbI3) in moist environments. Moisture- and light-induced degradations in BaZrS3 and MAPbI3 are compared by using simulations and calculations based on density functional theory. The simulations reveal drastically slower degradation in BaZrS3 due to two factors - weak interaction with water, and very low rates of ion migration. BaZrS3 photo-detecting devices with photo-responsivity of ~46.5 mA W-1 are also reported. The devices retain ~60% of their initial photo-response after 4 weeks in ambient conditions. Similar MAPbI3 devices degrade rapidly and show ~95% decrease in photo-responsivity in just 4 days. The findings establish the superior stability of BaZrS3 and strengthen the case for its use in optoelectronics. New possibilities for thermoelectric energy conversion using these materials are also demonstrated.
△ Less
Submitted 15 December, 2019;
originally announced December 2019.
-
Is Discriminator a Good Feature Extractor?
Authors:
Xin Mao,
Zhaoyu Su,
Pin Siang Tan,
Jun Kang Chow,
Yu-Hsing Wang
Abstract:
The discriminator from generative adversarial nets (GAN) has been used by researchers as a feature extractor in transfer learning and appeared worked well. However, there are also studies that believe this is the wrong research direction because intuitively the task of the discriminator focuses on separating the real samples from the generated ones, making features extracted in this way useless fo…
▽ More
The discriminator from generative adversarial nets (GAN) has been used by researchers as a feature extractor in transfer learning and appeared worked well. However, there are also studies that believe this is the wrong research direction because intuitively the task of the discriminator focuses on separating the real samples from the generated ones, making features extracted in this way useless for most of the downstream tasks. To avoid this dilemma, we first conducted a thorough theoretical analysis of the relationship between the discriminator task and the features extracted. We found that the connection between the task of the discriminator and the feature is not as strong as was thought, for that the main factor restricting the feature learned by the discriminator is not the task, but is the need to prevent the entire GAN model from mode collapse during the training. From this perspective and combined with further analyses, we found that to avoid mode collapse, the features extracted by the discriminator are not guided to be different for the real samples, but divergence without noise is indeed allowed and occupies a large proportion of the feature space. This makes the features more robust and helps answer the question as to why the discriminator can succeed as a feature extractor in related research. Consequently, to expose the essence of the discriminator extractor as different from other extractors, we analyze the counterpart of the discriminator extractor, the classifier extractor that assigns the target samples to different categories. We found the performance of the discriminator extractor may be inferior to the classifier based extractor when the source classification task is similar to the target task, which is the common case, but the ability to avoid noise prevents the discriminator from being replaced by the classifier.
△ Less
Submitted 3 January, 2020; v1 submitted 2 December, 2019;
originally announced December 2019.
-
Cross-Layer Strategic Ensemble Defense Against Adversarial Examples
Authors:
Wenqi Wei,
Ling Liu,
Margaret Loper,
Ka-Ho Chow,
Emre Gursoy,
Stacey Truex,
Yanzhao Wu
Abstract:
Deep neural network (DNN) has demonstrated its success in multiple domains. However, DNN models are inherently vulnerable to adversarial examples, which are generated by adding adversarial perturbations to benign inputs to fool the DNN model to misclassify. In this paper, we present a cross-layer strategic ensemble framework and a suite of robust defense algorithms, which are attack-independent, a…
▽ More
Deep neural network (DNN) has demonstrated its success in multiple domains. However, DNN models are inherently vulnerable to adversarial examples, which are generated by adding adversarial perturbations to benign inputs to fool the DNN model to misclassify. In this paper, we present a cross-layer strategic ensemble framework and a suite of robust defense algorithms, which are attack-independent, and capable of auto-repairing and auto-verifying the target model being attacked. Our strategic ensemble approach makes three original contributions. First, we employ input-transformation diversity to design the input-layer strategic transformation ensemble algorithms. Second, we utilize model-disagreement diversity to develop the output-layer strategic model ensemble algorithms. Finally, we create an input-output cross-layer strategic ensemble defense that strengthens the defensibility by combining diverse input transformation based model ensembles with diverse output verification model ensembles. Evaluated over 10 attacks on ImageNet dataset, we show that our strategic ensemble defense algorithms can achieve high defense success rates and are more robust with high attack prevention success rates and low benign false negative rates, compared to existing representative defense methods.
△ Less
Submitted 1 October, 2019;
originally announced October 2019.
-
Direct observation of hole carrier density profiles and their light induced manipulation at the surface of Ge
Authors:
T. Prokscha,
K. H. Chow,
Z. Salman,
E. Stilp,
A. Suter
Abstract:
We demonstrate that, by using low-energy positive muon ($μ^+$) spin spectroscopy as a local probe technique, the profiles of free charge carriers can be directly determined in the accumulation/depletion surface regions of p- or n-type Ge wafers. The detection of free holes is accomplished by measuring the effect of the interaction of the free carriers with the $μ^+$ probe spin on the observable mu…
▽ More
We demonstrate that, by using low-energy positive muon ($μ^+$) spin spectroscopy as a local probe technique, the profiles of free charge carriers can be directly determined in the accumulation/depletion surface regions of p- or n-type Ge wafers. The detection of free holes is accomplished by measuring the effect of the interaction of the free carriers with the $μ^+$ probe spin on the observable muon spin polarization. By tuning the energy of the low-energy $μ^+$ between 1 keV and 20 keV the near-surface region between 10 nm and 160 nm is probed. We find hole carrier depletion and electron accumulation in all samples with doping concentrations up to the $10^{17}$ cm$^{-3}$ range, which is opposite to the properties of cleaved Ge surfaces. By illumination with light the hole carrier density in the depletion zone can be manipulated in a controlled way. Depending on the used light wavelength $λ$ this change can be persistent ($λ= 405, 457$ nm) or non-persistent ($λ= 635$ nm) at temperatures $< 270$ K. This difference is attributed to the different kinetic energies of the photo-electrons. Photo-electrons generated by red light do not have sufficient energy to overcome a potential barrier at the surface to be trapped in empty surface acceptor states. Compared to standard macroscopic transport measurements our contact-less local probe technique offers the possibility of measuring carrier depth profiles and manipulation directly. Our approach may provide important microscopic information on a nanometer scale in semiconductor device studies.
△ Less
Submitted 21 July, 2020; v1 submitted 25 September, 2019;
originally announced September 2019.
-
Deep Neural Network Ensembles against Deception: Ensemble Diversity, Accuracy and Robustness
Authors:
Ling Liu,
Wenqi Wei,
Ka-Ho Chow,
Margaret Loper,
Emre Gursoy,
Stacey Truex,
Yanzhao Wu
Abstract:
Ensemble learning is a methodology that integrates multiple DNN learners for improving prediction performance of individual learners. Diversity is greater when the errors of the ensemble prediction is more uniformly distributed. Greater diversity is highly correlated with the increase in ensemble accuracy. Another attractive property of diversity optimized ensemble learning is its robustness again…
▽ More
Ensemble learning is a methodology that integrates multiple DNN learners for improving prediction performance of individual learners. Diversity is greater when the errors of the ensemble prediction is more uniformly distributed. Greater diversity is highly correlated with the increase in ensemble accuracy. Another attractive property of diversity optimized ensemble learning is its robustness against deception: an adversarial perturbation attack can mislead one DNN model to misclassify but may not fool other ensemble DNN members consistently. In this paper we first give an overview of the concept of ensemble diversity and examine the three types of ensemble diversity in the context of DNN classifiers. We then describe a set of ensemble diversity measures, a suite of algorithms for creating diversity ensembles and for performing ensemble consensus (voted or learned) for generating high accuracy ensemble output by strategically combining outputs of individual members. This paper concludes with a discussion on a set of open issues in quantifying ensemble diversity for robust deep learning.
△ Less
Submitted 29 August, 2019;
originally announced August 2019.
-
Denoising and Verification Cross-Layer Ensemble Against Black-box Adversarial Attacks
Authors:
Ka-Ho Chow,
Wenqi Wei,
Yanzhao Wu,
Ling Liu
Abstract:
Deep neural networks (DNNs) have demonstrated impressive performance on many challenging machine learning tasks. However, DNNs are vulnerable to adversarial inputs generated by adding maliciously crafted perturbations to the benign inputs. As a growing number of attacks have been reported to generate adversarial inputs of varying sophistication, the defense-attack arms race has been accelerated. I…
▽ More
Deep neural networks (DNNs) have demonstrated impressive performance on many challenging machine learning tasks. However, DNNs are vulnerable to adversarial inputs generated by adding maliciously crafted perturbations to the benign inputs. As a growing number of attacks have been reported to generate adversarial inputs of varying sophistication, the defense-attack arms race has been accelerated. In this paper, we present MODEF, a cross-layer model diversity ensemble framework. MODEF intelligently combines unsupervised model denoising ensemble with supervised model verification ensemble by quantifying model diversity, aiming to boost the robustness of the target model against adversarial examples. Evaluated using eleven representative attacks on popular benchmark datasets, we show that MODEF achieves remarkable defense success rates, compared with existing defense methods, and provides a superior capability of repairing adversarial inputs and making correct predictions with high accuracy in the presence of black-box attacks.
△ Less
Submitted 26 October, 2019; v1 submitted 20 August, 2019;
originally announced August 2019.
-
Demystifying Learning Rate Policies for High Accuracy Training of Deep Neural Networks
Authors:
Yanzhao Wu,
Ling Liu,
Juhyun Bae,
Ka-Ho Chow,
Arun Iyengar,
Calton Pu,
Wenqi Wei,
Lei Yu,
Qi Zhang
Abstract:
Learning Rate (LR) is an important hyper-parameter to tune for effective training of deep neural networks (DNNs). Even for the baseline of a constant learning rate, it is non-trivial to choose a good constant value for training a DNN. Dynamic learning rates involve multi-step tuning of LR values at various stages of the training process and offer high accuracy and fast convergence. However, they a…
▽ More
Learning Rate (LR) is an important hyper-parameter to tune for effective training of deep neural networks (DNNs). Even for the baseline of a constant learning rate, it is non-trivial to choose a good constant value for training a DNN. Dynamic learning rates involve multi-step tuning of LR values at various stages of the training process and offer high accuracy and fast convergence. However, they are much harder to tune. In this paper, we present a comprehensive study of 13 learning rate functions and their associated LR policies by examining their range parameters, step parameters, and value update parameters. We propose a set of metrics for evaluating and selecting LR policies, including the classification confidence, variance, cost, and robustness, and implement them in LRBench, an LR benchmarking system. LRBench can assist end-users and DNN developers to select good LR policies and avoid bad LR policies for training their DNNs. We tested LRBench on Caffe, an open source deep learning framework, to showcase the tuning optimization of LR policies. Evaluated through extensive experiments, we attempt to demystify the tuning of LR policies by identifying good LR policies with effective LR value ranges and step sizes for LR update schedules.
△ Less
Submitted 26 October, 2019; v1 submitted 18 August, 2019;
originally announced August 2019.
-
Rotating Strings in Six-Dimensional Higher-Derivative Supergravity
Authors:
David D. K. Chow,
Yi Pang
Abstract:
We construct the first rotating string solution in 6-dimensional Einstein-Gauss-Bonnet supergravity, carrying both electric and magnetic charges. By embedding the known rotating string solution of the 2-derivative theory into 6-dimensional off-shell supergravity, the Killing spinors associated with the underlying supersymmetry can be made off-shell and are universal to all off-shell supergravity m…
▽ More
We construct the first rotating string solution in 6-dimensional Einstein-Gauss-Bonnet supergravity, carrying both electric and magnetic charges. By embedding the known rotating string solution of the 2-derivative theory into 6-dimensional off-shell supergravity, the Killing spinors associated with the underlying supersymmetry can be made off-shell and are universal to all off-shell supergravity models based on the same field content. The near-horizon geometry is S^3 fibred over the extremal BTZ black hole, locally isomorphic to AdS_3*S^3. We compute the higher-derivative corrections to the Brown-Henneaux central charges in a particular R+R^2 model resulting from K3 compactification of type IIA string theory.
△ Less
Submitted 7 October, 2019; v1 submitted 18 June, 2019;
originally announced June 2019.