Showing total 6 results

1. Defending against model extraction attacks with physical unclonable function.

Author

Li, Dawei, Liu, Di, Guo, Ying, Ren, Yangkun, Su, Jieyu, and Liu, Jianwei

Subjects

*PHYSICAL mobility, *DEEP learning, *MACHINE learning, *PREDICTION models

Abstract

Machine learning models, especially deep neural network (DNN) models, have widespread and valuable applications in business activities. Training a deep learning model for commercial use requires plenty of private data, expert knowledge, and computing resources. The huge commercial value of such trained models has attracted the attention of attackers. Attackers can construct a dataset by repeatedly querying the target model for the output of the requested samples and then train a substitute model on this dataset that functions similarly to the target model. In this paper, we propose a defense scheme based on physical unclonable function (PUF) against such black-box model extraction attacks. We deploy a PUF on the user side and the corresponding PUF model on the service provider side to ensure that only legitimate users can obtain the correct model predictions. Our experimental results show that by choosing a suitable fuzzy extractor threshold d , legitimate users can recover more than 99.5% of the prediction results with a little additional computational overhead to the service provider. We perform a model extraction attack in the most favorable case for the attacker, and the prediction accuracy of the obtained substitute model is only about 10%, which demonstrates the effectiveness of our proposed scheme. Compared to existing defenses, our scheme not only effectively prevents black-box model extraction attacks but also ensures that the accuracy of the prediction service for legitimate users is not affected. • Defense based on PUF obfuscation against black-box model extraction attacks. • A PUF and the corresponding PUF model ensure that legitimate users can obtain correct model predictions. • Legitimate users can correctly recover more than 99.5% of the predictions with a little additional computational overhead. • The prediction accuracy of the model extracted by the attacker is only about 10%. [ABSTRACT FROM AUTHOR]

Published

2023

2. HFN: Heterogeneous feature network for multivariate time series anomaly detection.

Author

Zhan, Jun, Wu, Chengkun, Yang, Canqun, Miao, Qiucheng, and Ma, Xiandong

Subjects

*ANOMALY detection (Computer security), *TIME series analysis, *PREDICTION models

Abstract

As the key step of anomaly detection for multivariate time-series (MTS) data, learning the relations among different variables has been explored by many approaches. However, most existing approaches overlook the heterogeneity among variables, that is, different types of variables (continuous numerical variables, discrete categorical variables or hybrid variables) may have different edge distributions. In this paper, we propose a novel semi-supervised anomaly detection framework based on a heterogeneous feature network (HFN) for MTS. Specifically, we first combine the embedding similarity subgraph generated by sensor embedding and the feature value similarity subgraph generated by sensor values to construct a time-series heterogeneous graph, which fully utilizes the rich heterogeneous mutual information among variables. Then, a prediction model containing nodes and channel attentions is jointly optimized to obtain better time-series representations. This approach fuses the state-of-the-art technologies of heterogeneous graph structure learning (HGSL) and representation learning. Experimental results on four sensor datasets from real-world applications demonstrate that our approach achieves more accurate anomaly detection compared to baseline methods, laying a foundation for the rapid positioning of anomalies. [ABSTRACT FROM AUTHOR]

Published

2024

3. Small perturbations are enough: Adversarial attacks on time series prediction.

Author

Wu, Tao, Wang, Xuechun, Qiao, Shaojie, Xian, Xingping, Liu, Yanbing, and Zhang, Liang

Subjects

*TIME series analysis, *PREDICTION models, *FORECASTING, *DEEP learning, *IMAGE processing, *DATA mining

Abstract

Time-series data are widespread in real-world industrial scenarios. To recover and infer missing information in real-world applications, the problem of time-series prediction has been widely studied as a classical research topic in data mining. Deep learning architectures have been viewed as next-generation time-series prediction models. However, recent studies have shown that deep learning models are vulnerable to adversarial attacks. In this study, we prospectively examine the problem of time-series prediction adversarial attacks and propose an attack strategy for generating an adversarial time series by adding malicious perturbations to the original time series to deteriorate the performance of time-series prediction models. Specifically, a perturbation-based adversarial example generation algorithm is proposed using the gradient information of the prediction model. In practice, unlike the imperceptibility to humans in the field of image processing, time-series data are more sensitive to abnormal perturbations and there are more stringent requirements regarding the amount of perturbations. To address this challenge, we craft an adversarial time series based on the importance measurement to slightly perturb the original data. Based on comprehensive experiments conducted on real-world time-series datasets, we verify that the proposed adversarial attack methods not only effectively fool the target time-series prediction model LSTNet, they also attack state-of-the-art CNN-, RNN-, and MHANET-based models. Meanwhile, the results show that the proposed methods achieve a good transferability. That is, the adversarial examples generated for a specific prediction model can significantly affect the performance of the other methods. Moreover, through a comparison with existing adversarial attack approaches, we can see that much smaller perturbations are sufficient for the proposed importance-measurement based adversarial attack method. The methods described in this paper are significant in understanding the impact of adversarial attacks on a time-series prediction and promoting the robustness of such prediction technologies. [ABSTRACT FROM AUTHOR]

Published

2022

4. Understanding adversarial robustness via critical attacking route.

Author

Li, Tianlin, Liu, Aishan, Liu, Xianglong, Xu, Yitao, Zhang, Chongzhi, and Xie, Xiaofei

Subjects

*RUMOR, *DEEP learning, *SOCIAL networks, *NEURONS, *PREDICTION models, *HARDNESS

Abstract

• A gradient-based influence propagation strategy to get the attacking route. • Input perturbations are mainly propagated by this route. • Use gradients to evaluate samples' adversarial hardness. Deep neural networks (DNNs) are vulnerable to adversarial examples which are generated by inputs with imperceptible perturbations. Understanding adversarial robustness of DNNs has become an important issue, which would for certain result in better practical deep learning applications. To address this issue, we try to explain adversarial robustness for deep models from a new perspective of critical attacking route, which is computed by a gradient-based influence propagation strategy. Similar to rumor spreading in social networks, we believe that adversarial noises are amplified and propagated through the critical attacking route. By exploiting neurons' influences layer by layer, we compose the critical attacking route with neurons that make the highest contributions towards model decision. In this paper, we first draw the close connection between adversarial robustness and critical attacking route, as the route makes the most non-trivial contributions to model predictions in the adversarial setting. By constraining the propagation process and node behaviors on this route, we could weaken the noise propagation and improve model robustness. Also, we find that critical attacking neurons are useful to evaluate sample adversarial hardness that images with higher stimulus are easier to be perturbed into adversarial examples. [ABSTRACT FROM AUTHOR]

Published

2021

5. Towards safe reinforcement-learning in industrial grid-warehousing.

Author

Andersen, Per-Arne, Goodwin, Morten, and Granmo, Ole-Christoffer

Subjects

*REINFORCEMENT learning, *MACHINE learning, *ALGORITHMS, *DEEP learning, *PREDICTION models

Abstract

Reinforcement learning has shown to be profoundly successful at learning optimal policies for simulated environments using distributed training with extensive compute capacity. Model-free reinforcement learning uses the notion of trial and error, where the error is a vital part of learning the agent to behave optimally. In mission-critical, real-world environments, there is little tolerance for failure and can cause damaging effects on humans and equipment. In these environments, current state-of-the-art reinforcement learning approaches are not sufficient to learn optimal control policies safely. On the other hand, model-based reinforcement learning tries to encode environment transition dynamics into a predictive model. The transition dynamics describes the mapping from one state to another, conditioned on an action. If this model is accurate enough, the predictive model is sufficient to train agents for optimal behavior in real environments. This paper presents the Dreaming Variational Autoencoder (DVAE) for safely learning good policies with a significantly lower risk of catastrophes occurring during training. The algorithm combines variational autoencoders, risk-directed exploration, and curiosity to train deep-q networks inside "dream" states. We introduce a novel environment, ASRS-Lab, for research in the safe learning of autonomous vehicles in grid-based warehousing. The work shows that the proposed algorithm has better sample efficiency with similar performance to novel model-free deep reinforcement learning algorithms while maintaining safety during training. [ABSTRACT FROM AUTHOR]

Published

2020

6. Ontology-based deep learning for human behavior prediction with explanations in health social networks.

Author

Phan, Nhathai, Dou, Dejing, Wang, Hao, Kil, David, and Piniewski, Brigitte

Subjects

*DEEP learning, *HUMAN behavior, *SOCIAL networks, *PREDICTION models, *GRAPH theory

Abstract

Human behavior modeling is a key component in application domains such as healthcare and social behavior research. In addition to accurate prediction, having the capacity to understand the roles of human behavior determinants and to provide explanations for the predicted behaviors is also important. Having this capacity increases trust in the systems and the likelihood that the systems actually will be adopted, thus driving engagement and loyalty. However, most prediction models do not provide explanations for the behaviors they predict. In this paper, we study the research problem, human behavior prediction with explanations , for healthcare intervention systems in health social networks. We propose an ontology-based deep learning model ( ORBM + ) for human behavior prediction over undirected and nodes-attributed graphs. We first propose a bottom-up algorithm to learn the user representation from health ontologies. Then the user representation is utilized to incorporate self-motivation, social influences , and environmental events together in a human behavior prediction model, which extends a well-known deep learning method, the Restricted Boltzmann Machine. ORBM + not only predicts human behaviors accurately, but also, it generates explanations for each predicted behavior. Experiments conducted on both real and synthetic health social networks have shown the tremendous effectiveness of our approach compared with conventional methods. [ABSTRACT FROM AUTHOR]

Published

2017