Search

Your search keyword '"Xi, Bowei"' showing total 103 results
Start Over Author "Xi, Bowei"
103 results on '"Xi, Bowei"'

1. Bio-Inspired Adversarial Attack Against Deep Neural Networks

Author

Xi, Bowei, Chen, Yujie, Fei, Fan, Tu, Zhan, and Deng, Xinyan

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

The paper develops a new adversarial attack against deep neural networks (DNN), based on applying bio-inspired design to moving physical objects. To the best of our knowledge, this is the first work to introduce physical attacks with a moving object. Instead of following the dominating attack strategy in the existing literature, i.e., to introduce minor perturbations to a digital input or a stationary physical object, we show two new successful attack strategies in this paper. We show by superimposing several patterns onto one physical object, a DNN becomes confused and picks one of the patterns to assign a class label. Our experiment with three flapping wing robots demonstrates the possibility of developing an adversarial camouflage to cause a targeted mistake by DNN. We also show certain motion can reduce the dependency among consecutive frames in a video and make an object detector "blind", i.e., not able to detect an object exists in the video. Hence in a successful physical attack against DNN, targeted motion against the system should also be considered., Comment: Published in SafeAI 2020

Published
2021

2. Adversarial Machine Learning for Cybersecurity and Computer Vision: Current Developments and Challenges

Author

Xi, Bowei

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

We provide a comprehensive overview of adversarial machine learning focusing on two application domains, i.e., cybersecurity and computer vision. Research in adversarial machine learning addresses a significant threat to the wide application of machine learning techniques -- they are vulnerable to carefully crafted attacks from malicious adversaries. For example, deep neural networks fail to correctly classify adversarial images, which are generated by adding imperceptible perturbations to clean images.We first discuss three main categories of attacks against machine learning techniques -- poisoning attacks, evasion attacks, and privacy attacks. Then the corresponding defense approaches are introduced along with the weakness and limitations of the existing defense approaches. We notice adversarial samples in cybersecurity and computer vision are fundamentally different. While adversarial samples in cybersecurity often have different properties/distributions compared with training data, adversarial images in computer vision are created with minor input perturbations. This further complicates the development of robust learning techniques, because a robust learning technique must withstand different types of attacks., Comment: Published in WIREs Computational Statistics

Published
2021

3. Understanding Adversarial Examples Through Deep Neural Network's Response Surface and Uncertainty Regions

Author

Shu, Juan, Xi, Bowei, and Kamhoua, Charles

Subjects
Computer Science - Machine Learning
Abstract

Deep neural network (DNN) is a popular model implemented in many systems to handle complex tasks such as image classification, object recognition, natural language processing etc. Consequently DNN structural vulnerabilities become part of the security vulnerabilities in those systems. In this paper we study the root cause of DNN adversarial examples. We examine the DNN response surface to understand its classification boundary. Our study reveals the structural problem of DNN classification boundary that leads to the adversarial examples. Existing attack algorithms can generate from a handful to a few hundred adversarial examples given one clean image. We show there are infinitely many adversarial images given one clean sample, all within a small neighborhood of the clean sample. We then define DNN uncertainty regions and show transferability of adversarial examples is not universal. We also argue that generalization error, the large sample theoretical guarantee established for DNN, cannot adequately capture the phenomenon of adversarial examples. We need new theory to measure DNN robustness.

Published
2021

4. Breaking Transferability of Adversarial Samples with Randomness

Author

Zhou, Yan, Kantarcioglu, Murat, and Xi, Bowei

Subjects
Computer Science - Cryptography and Security, Computer Science - Learning
Abstract

We investigate the role of transferability of adversarial attacks in the observed vulnerabilities of Deep Neural Networks (DNNs). We demonstrate that introducing randomness to the DNN models is sufficient to defeat adversarial attacks, given that the adversary does not have an unlimited attack budget. Instead of making one specific DNN model robust to perfect knowledge attacks (a.k.a, white box attacks), creating randomness within an army of DNNs completely eliminates the possibility of perfect knowledge acquisition, resulting in a significantly more robust DNN ensemble against the strongest form of attacks. We also show that when the adversary has an unlimited budget of data perturbation, all defensive techniques would eventually break down as the budget increases. Therefore, it is important to understand the game saddle point where the adversary would not further pursue this endeavor. Furthermore, we explore the relationship between attack severity and decision boundary robustness in the version space. We empirically demonstrate that by simply adding a small Gaussian random noise to the learned weights, a DNN model can increase its resilience to adversarial attacks by as much as 74.2%. More importantly, we show that by randomly activating/revealing a model from a pool of pre-trained DNNs at each query request, we can put a tremendous strain on the adversary's attack strategies. We compare our randomization techniques to the Ensemble Adversarial Training technique and show that our randomization techniques are superior under different attack budget constraints., Comment: 19 pages, 17 figures

Published
2018

5. A Grid Based Adversarial Clustering Algorithm

Author

Wei, Wutao, Gupta, Nikhil, and Xi, Bowei

Subjects
Statistics - Machine Learning, Computer Science - Machine Learning
Abstract

Nowadays more and more data are gathered for detecting and preventing cyber attacks. In cyber security applications, data analytics techniques have to deal with active adversaries that try to deceive the data analytics models and avoid being detected. The existence of such adversarial behavior motivates the development of robust and resilient adversarial learning techniques for various tasks. Most of the previous work focused on adversarial classification techniques, which assumed the existence of a reasonably large amount of carefully labeled data instances. However, in practice, labeling the data instances often requires costly and time-consuming human expertise and becomes a significant bottleneck. Meanwhile, a large number of unlabeled instances can also be used to understand the adversaries' behavior. To address the above mentioned challenges, in this paper, we develop a novel grid based adversarial clustering algorithm. Our adversarial clustering algorithm is able to identify the core normal regions, and to draw defensive walls around the centers of the normal objects utilizing game theoretic ideas. Our algorithm also identifies sub-clusters of attack objects, the overlapping areas within clusters, and outliers which may be potential anomalies.

Published
2018

6. A Likelihood Ratio Approach for Precise Discovery of Truly Relevant Protein Markers

Author

Cheng, Lin-Yang and Xi, Bowei

Subjects
Statistics - Applications
Abstract

The process of biomarker discovery is typically lengthy and costly, involving the phases of discovery, qualification, verification, and validation before clinical evaluation. Being able to efficiently identify the truly relevant markers in discovery studies can significantly simplify the process. However, in discovery studies the sample size is typically small while the number of markers being explored is much larger. Hence discovery studies suffer from sparsity and high dimensionality issues. Currently the state-of-the-art methods either find too many false positives or fail to identify many truly relevant markers. In this paper we develop a likelihood ratio-based approach and aim for accurately finding the truly relevant protein markers in discovery studies. Our method fits especially well with discovery studies because they are mostly balanced design due to the fact that experiments are limited and controlled. Our approach is based on the observation that the underlying distributions of expression profiles are unimodal for those irrelevant plain markers. Our method has asymptotic chi-square null distribution which facilitates the efficient control of false discovery rate. We then evaluate our method using both simulated and real experimental data. In all the experiments our method is highly effective to discover the set of truly relevant markers, leading to accurate biomarker identifications with high sensitivity and low empirical false discovery rate.

Published
2018

7. Adversarial Active Learning in the Presence of Weak and Malicious Oracles

Author

Zhou, Yan, Kantarcioglu, Murat, Xi, Bowei, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, U., Leong Hou, editor, and Lauw, Hady W., editor

Published
2019
Full Text
View/download PDF

10. Gaussian Mixture Models for Classification and Hypothesis Tests Under Differential Privacy

Author

Tong, Xiaosu, Xi, Bowei, Kantarcioglu, Murat, Inan, Ali, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Livraga, Giovanni, editor, and Zhu, Sencun, editor

Published
2017
Full Text
View/download PDF

26. Monitoring diet effects via biofluids and their implications for metabolomics studies

Author

Gu, Haiwei, Chen, Huanwen, Pan, Zhengzheng, Jackson, Ayanna U., Talaty, Nari, Xi, Bowei, Kissinger, Candice, Duda, Chester, Mann, Doug, Raftery, Daniel, and Cooks, R. Graham

Subjects
Metabolomics -- Analysis, Nuclear magnetic resonance -- Usage, Chemistry
Abstract

The effect of diet on metabolites found in rat urine samples has been investigated using nuclear magnetic resonance (NMR) and a new ambient ionization mass spectrometry experiment, extractive electrospray ionization mass spectrometry (EESI-MS). Urine samples from rats with three different dietary regimens were readily distinguished using multivariate statistical analysis on metabolites detected by NMR and MS. To observe the effect of diet on metabolic pathways, metabolites related to specific pathways were also investigated using multivariate statistical analysis. Discrimination is increased by making observations on restricted compound sets. Changes in diet at 24-h intervals led to predictable changes in the spectral data. Principal component analysis was used to separate the rats into groups according to their different dietary regimens using the full NMR, EESI-MS data or restricted sets of peaks in the mass spectra corresponding only to metabolites found in the urea cycle and metabolism of amino groups pathway. By contrast, multivariate analysis of variance from the score plots showed that metabolites of purine metabolism obscure the classification relative to the full metabolite set. These results suggest that it may be possible to reduce the number of statistical variables used by monitoring the biochemical variability of particular pathways. It should also be possible by this procedure to reduce the effect of diet in the biofluid samples for such purposes as disease detection.

Published
2007

33. Robust Weighted Regression for Ultrasound Image Super-Resolution

Author

Xi Bowei and Walid K. Sharabati

Subjects
Heteroscedasticity, Pixel, Computer science, business.industry, Resolution (electron density), 020207 software engineering, Pattern recognition, Regression analysis, 02 engineering and technology, Superresolution, Square (algebra), Computer Science::Computer Vision and Pattern Recognition, 0202 electrical engineering, electronic engineering, information engineering, Medical imaging, Statistics::Methodology, 020201 artificial intelligence & image processing, Artificial intelligence, business, Focus (optics), Unit-weighted regression
Abstract

Reconstructing a high resolution image from a low resolution one is an under-determined problem without unique solutions. Many different approaches have been proposed. In this paper we focus on images from a specific application domain — the gray scale ultrasound images. Ultrasound images have unique structures, i.e., they contain large patches of the same color. We use the square neighborhood of a pixel to predict its corresponding pixels in the high resolution version through a regression model. The regression model is weighted due to heteroscedasticity observed in fitting regression models to ultrasound images. Our weighted regression approach have very good performance.

Published
2018
Full Text
View/download PDF

34. Adversarial Clustering: A Grid Based Clustering Algorithm Against Active Adversaries

Author

Wei, Wutao, Xi, Bowei, and Kantarcioglu, Murat

Subjects
FOS: Computer and information sciences, Computer Science - Learning, Statistics - Machine Learning, Machine Learning (stat.ML), Machine Learning (cs.LG)
Abstract

Nowadays more and more data are gathered for detecting and preventing cyber attacks. In cyber security applications, data analytics techniques have to deal with active adversaries that try to deceive the data analytics models and avoid being detected. The existence of such adversarial behavior motivates the development of robust and resilient adversarial learning techniques for various tasks. Most of the previous work focused on adversarial classification techniques, which assumed the existence of a reasonably large amount of carefully labeled data instances. However, in practice, labeling the data instances often requires costly and time-consuming human expertise and becomes a significant bottleneck. Meanwhile, a large number of unlabeled instances can also be used to understand the adversaries' behavior. To address the above mentioned challenges, in this paper, we develop a novel grid based adversarial clustering algorithm. Our adversarial clustering algorithm is able to identify the core normal regions, and to draw defensive walls around the centers of the normal objects utilizing game theoretic ideas. Our algorithm also identifies sub-clusters of attack objects, the overlapping areas within clusters, and outliers which may be potential anomalies.

Published
2018

40. NMR-based Metabolite Profiling of Pancreatic Cancer

Author

Owusu-Sarfo, Kwadwo, primary, M. Asiago, Vincent, additional, Deng, Lingli, additional, Gu, Haiwei, additional, Wei, Siwei, additional, Shanaiah, Narasimhamurthy, additional, Gowda, G. A. Nagana, additional, Xi, Bowei, additional, G. Chiorean, Elena, additional, and Raftery, Daniel, additional

Published
2015
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results