Adversarial RFML: Evading Deep Learning Enabled Signal Classification

Flowers, Bryse Austin

24 July 2019

Deep learning has become an ubiquitous part of research in all fields, including wireless communications. Researchers have shown the ability to leverage deep neural networks (DNNs) that operate on raw in-phase and quadrature samples, termed Radio Frequency Machine Learning (RFML), to synthesize new waveforms, control radio resources, as well as detect and classify signals. While there are numerous advantages to RFML, this thesis answers the question "is it secure?" DNNs have been shown, in other applications such as Computer Vision (CV), to be vulnerable to what are known as adversarial evasion attacks, which consist of corrupting an underlying example with a small, intelligently crafted, perturbation that causes a DNN to misclassify the example. This thesis develops the first threat model that encompasses the unique adversarial goals and capabilities that are present in RFML. Attacks that occur with direct digital access to the RFML classifier are differentiated from physical attacks that must propagate over-the-air (OTA) and are thus subject to impairments due to the wireless channel or inaccuracies in the signal detection stage. This thesis first finds that RFML systems are vulnerable to current adversarial evasion attacks using the well known Fast Gradient Sign Method originally developed for CV applications. However, these current adversarial evasion attacks do not account for the underlying communications and therefore the adversarial advantage is limited because the signal quickly becomes unintelligible. In order to envision new threats, this thesis goes on to develop a new adversarial evasion attack that takes into account the underlying communications and wireless channel models in order to create adversarial evasion attacks with more intelligible underlying communications that generalize to OTA attacks. / Master of Science / Deep learning is beginning to permeate many commercial products and is being included in prototypes for next generation wireless communications devices. This technology can provide huge breakthroughs in autonomy; however, it is not sufficient to study the effectiveness of deep learning in an idealized laboratory environment, the real world is often harsh and/or adversarial. Therefore, it is important to know how, and when, these deep learning enabled devices will fail in the presence of bad actors before they are deployed in high risk environments, such as battlefields or connected autonomous vehicle communications. This thesis studies a small subset of the security vulnerabilities of deep learning enabled wireless communications devices by attempting to evade deep learning enabled signal classification by an eavesdropper while maintaining effective wireless communications with a cooperative receiver. The primary goal of this thesis is to define the threats to, and identify the current vulnerabilities of, deep learning enabled signal classification systems, because a system can only be secured once its vulnerabilities are known.

Adversarial Signal Processing

Cognitive Radio Security

Machine learning

Modulation Identification

Radio Frequency Machine learning

NoiseLearner: An Unsupervised, Content-agnostic Approach to Detect Deepfake Images

Vives, Cristian

21 March 2022

Recent advancements in generative models have resulted in the improvement of hyper- realistic synthetic images or "deepfakes" at high resolutions, making them almost indistin- guishable from real images from cameras. While exciting, this technology introduces room for abuse. Deepfakes have already been misused to produce pornography, political propaganda, and misinformation. The ability to produce fully synthetic content that can cause such mis- information demands for robust deepfake detection frameworks. Most deepfake detection methods are trained in a supervised manner, and fail to generalize to deepfakes produced by newer and superior generative models. More importantly, such detection methods are usually focused on detecting deepfakes having a specific type of content, e.g., face deepfakes. How- ever, other types of deepfakes are starting to emerge, e.g., deepfakes of biomedical images, satellite imagery, people, and objects shown in different settings. Taking these challenges into account, we propose NoiseLearner, an unsupervised and content-agnostic deepfake im- age detection method. NoiseLearner aims to detect any deepfake image regardless of the generative model of origin or the content of the image. We perform a comprehensive evalu- ation by testing on multiple deepfake datasets composed of different generative models and different content groups, such as faces, satellite images, landscapes, and animals. Further- more, we include more recent state-of-the-art generative models in our evaluation, such as StyleGAN3 and probabilistic denoising diffusion models (DDPM). We observe that Noise- Learner performs well on multiple datasets, achieving 96% accuracy on both StyleGAN and StyleGAN2 datasets. / Master of Science / Images synthesized by artificial intelligence, commonly known as deepfakes, are starting to become indistinguishable from real images. While these technological advances are exciting with regards to what a computer can do, it is important to understand that such technol- ogy is currently being used with ill intent. Thus, identifying these images is becoming a growing necessity, especially as deepfake technology grows to perfectly mimic the nature of real images. Current deepfake detection approaches fail to detect deepfakes of other content, such as sattelite imagery or X-rays, and cannot generalize to deepfakes synthesized by new artificial intelligence. Taking these concerns into account, we propose NoiseLearner, a deep- fake detection method that can detect any deepfake regardless of the content and artificial intelligence model used to synthesize it. The key idea behind NoiseLearner is that it does not require any deepfakes to train. Instead, NoiseLearner learns the key features of real images and uses them to differentiate between deepfakes and real images – without ever looking at a single deepfake. Even with this strong constraint, NoiseLearner shows promise by detecting deepfakes of diverse contents and models used to generate them. We also explore different ways to improve NoiseLearner.

deepfake

deepfake detection

generative models

GAN

artificial intelligence

Machine learning

security in Machine learning

Deep Learning for Biological Problems

Elmarakeby, Haitham Abdulrahman

14 June 2017

The last decade has witnessed a tremendous increase in the amount of available biological data. Different technologies for measuring the genome, epigenome, transcriptome, proteome, metabolome, and microbiome in different organisms are producing large amounts of high-dimensional data every day. High-dimensional data provides unprecedented challenges and opportunities to gain a better understanding of biological systems. Unlike other data types, biological data imposes more constraints on researchers. Biologists are not only interested in accurate predictive models that capture complex input-output relationships, but they also seek a deep understanding of these models. In the last few years, deep models have achieved better performance in computational prediction tasks compared to other approaches. Deep models have been extensively used in processing natural data, such as images, text, and recently sound. However, application of deep models in biology is limited. Here, I propose to use deep models for output prediction, dimension reduction, and feature selection of biological data to get better interpretation and understanding of biological systems. I demonstrate the applicability of deep models in a domain that has a high and direct impact on health care. In this research, novel deep learning models have been introduced to solve pressing biological problems. The research shows that deep models can be used to automatically extract features from raw inputs without the need to manually craft features. Deep models are used to reduce the dimensionality of the input space, which resulted in faster training. Deep models are shown to have better performance and less variant output when compared to other shallow models even when an ensemble of shallow models is used. Deep models are shown to be able to process non-classical inputs such as sequences. Deep models are shown to be able to naturally process input sequences to automatically extract useful features. / Ph. D.

Machine learning

Computational Biology

Deep learning (Machine learning)

Cancer

Drug Response

ANOMALY DETECTION USING MACHINE LEARNING FORINTRUSION DETECTION

Vaishnavi Rudraraju (18431880)

02 May 2024

<p dir="ltr">This thesis examines machine learning approaches for anomaly detection in network security, particularly focusing on intrusion detection using TCP and UDP protocols. It uses logistic regression models to effectively distinguish between normal and abnormal network actions, demonstrating a strong ability to detect possible security concerns. The study uses the UNSW-NB15 dataset for model validation, allowing a thorough evaluation of the models' capacity to detect anomalies in real-world network scenarios. The UNSW-NB15 dataset is a comprehensive network attack dataset frequently used in research to evaluate intrusion detection systems and anomaly detection algorithms because of its realistic attack scenarios and various network activities.</p><p dir="ltr">Further investigation is carried out using a Multi-Task Neural Network built for binary and multi-class classification tasks. This method allows for the in-depth study of network data, making it easier to identify potential threats. The model is fine-tuned during successive training epochs, focusing on validation measures to ensure its generalizability. The thesis also applied early stopping mechanisms to enhance the ML model, which helps optimize the training process, reduces the risk of overfitting, and improves the model's performance on new, unseen data.</p><p dir="ltr">This thesis also uses blockchain technology to track model performance indicators, a novel strategy that improves data integrity and reliability. This blockchain-based logging system keeps an immutable record of the models' performance over time, which helps to build a transparent and verifiable anomaly detection framework.</p><p dir="ltr">In summation, this research enhances Machine Learning approaches for network anomaly detection. It proposes scalable and effective approaches for early detection and mitigation of network intrusions, ultimately improving the security posture of network systems.</p>

anomaly detection,

Machine Learning Algorithm etc

Modified Kernel Principal Component Analysis and Autoencoder Approaches to Unsupervised Anomaly Detection

Merrill, Nicholas Swede

01 June 2020

Unsupervised anomaly detection is the task of identifying examples that differ from the normal or expected pattern without the use of labeled training data. Our research addresses shortcomings in two existing anomaly detection algorithms, Kernel Principal Component Analysis (KPCA) and Autoencoders (AE), and proposes novel solutions to improve both of their performances in the unsupervised settings. Anomaly detection has several useful applications, such as intrusion detection, fault monitoring, and vision processing. More specifically, anomaly detection can be used in autonomous driving to identify obscured signage or to monitor intersections. Kernel techniques are desirable because of their ability to model highly non-linear patterns, but they are limited in the unsupervised setting due to their sensitivity of parameter choices and the absence of a validation step. Additionally, conventionally KPCA suffers from a quadratic time and memory complexity in the construction of the gram matrix and a cubic time complexity in its eigendecomposition. The problem of tuning the Gaussian kernel parameter, $sigma$, is solved using the mini-batch stochastic gradient descent (SGD) optimization of a loss function that maximizes the dispersion of the kernel matrix entries. Secondly, the computational time is greatly reduced, while still maintaining high accuracy by using an ensemble of small, textit{skeleton} models and combining their scores. The performance of traditional machine learning approaches to anomaly detection plateaus as the volume and complexity of data increases. Deep anomaly detection (DAD) involves the applications of multilayer artificial neural networks to identify anomalous examples. AEs are fundamental to most DAD approaches. Conventional AEs rely on the assumption that a trained network will learn to reconstruct normal examples better than anomalous ones. In practice however, given sufficient capacity and training time, an AE will generalize to reconstruct even very rare examples. Three methods are introduced to more reliably train AEs for unsupervised anomaly detection: Cumulative Error Scoring (CES) leverages the entire history of training errors to minimize the importance of early stopping and Percentile Loss (PL) training aims to prevent anomalous examples from contributing to parameter updates. Lastly, early stopping via Knee detection aims to limit the risk of over training. Ultimately, the two new modified proposed methods of this research, Unsupervised Ensemble KPCA (UE-KPCA) and the modified training and scoring AE (MTS-AE), demonstrates improved detection performance and reliability compared to many baseline algorithms across a number of benchmark datasets. / Master of Science / Anomaly detection is the task of identifying examples that differ from the normal or expected pattern. The challenge of unsupervised anomaly detection is distinguishing normal and anomalous data without the use of labeled examples to demonstrate their differences. This thesis addresses shortcomings in two anomaly detection algorithms, Kernel Principal Component Analysis (KPCA) and Autoencoders (AE) and proposes new solutions to apply them in the unsupervised setting. Ultimately, the two modified methods, Unsupervised Ensemble KPCA (UE-KPCA) and the Modified Training and Scoring AE (MTS-AE), demonstrates improved detection performance and reliability compared to many baseline algorithms across a number of benchmark datasets.

Machine learning

Deep learning (Machine learning)

Anomaly Detection

Autoencoder

Kernel Principal Component Analysis

Enhancing Communications Aware Evasion Attacks on RFML Spectrum Sensing Systems

Delvecchio, Matthew David

19 August 2020

Recent innovations in machine learning have paved the way for new capabilities in the field of radio frequency (RF) communications. Machine learning techniques such as reinforcement learning and deep neural networks (DNN) can be leveraged to improve upon traditional wireless communications methods so that they no longer require expertly-defined features. Simultaneously, cybersecurity and electronic warfare are growing areas of focus and concern in an increasingly technology-driven world. Privacy and confidentiality of communication links are both more important and more difficult than ever in the current high threat environment. RF machine learning (RFML) systems contribute to this threat as they have been shown to be successful in gleaning information from intercepted signals, through the use of learning-enabled eavesdroppers. This thesis focuses on a method of defense against such communications threats termed an adversarial evasion attack in which intelligently crafted perturbations of the RF signal are used to fool a DNN-enabled classifier, therefore securing the communications channel. One often overlooked aspect of evasion attacks is the concept of maintaining intended use. In other words, while an adversarial signal, or more generally an adversarial example, should fool the DNN it is attacking, this should not come at the detriment to it's primary application. In RF communications, this manifests in the idea that the communications link must be successfully maintained with friendly receivers, even when executing an evasion attack against malicious receivers. This is a difficult scenario, made even more so by the nature of channel effects present in over-the-air (OTA) communications, as is assumed in this work. Previous work in this field has introduced a form of evasion attack for RFML systems called a communications aware attack that explicitly addresses the reliable communications aspect of the attack by training a separate DNN to craft adversarial signals; however, this work did not utilize the full RF processing chain and left residual indicators of the attack that could be leveraged for defensive capabilities. First, this thesis focuses on implementing forward error correction (FEC), an aspect present in most communications systems, in the training process of the attack. It is shown that introducing this into the training stage allows the communications aware attack to implicitly use the structure of the coding to create smarter and more efficient adversarial signals. Secondly, this thesis then addresses the fact that in previous work, the resulting adversarial signal exhibiting significant out-of-band frequency content, a limitation that can be used to render the attack ineffective if preprocessing at the attacked DNN is assumed. This thesis presents two novel approaches to solve this problem and eliminate the majority of side content in the attack. By doing so, the communications aware attack is more readily applicable to real-world scenarios. / Master of Science / Deep learning has started infiltrating many aspects of society from the military, to academia, to commercial vendors. Additionally, with the recent deployment of 5G technology, connectivity is more readily accessible than ever and an increasingly large number of systems will communicate with one another across the globe. However, cybersecurity and electronic warfare call into question the very notion of privacy and confidentiality of data and communication streams. Deep learning has further improved these intercepting capabilities. However, these deep learning systems have also been shown to be vulnerable to attack. This thesis exists at the nexus of these two problems, both machine learning and communication security. This work expands upon adversarial evasion attacks meant to help elude signal classification at a deep learning-enabled eavesdropper while still providing reliable communications to a friendly receiver. By doing so, this work both provides a new methodology that can be used to conceal communication information from unwanted parties while also highlighting the glaring vulnerabilities present in machine learning systems.

Spectrum Sensing

Adversarial Machine Learning

Radio Frequency Machine Learning

Communications Security

Increasing Accessibility of Electronic Theses and Dissertations (ETDs) Through Chapter-level Classification

Jude, Palakh Mignonne

07 July 2020

Great progress has been made to leverage the improvements made in natural language processing and machine learning to better mine data from journals, conference proceedings, and other digital library documents. However, these advances do not extend well to book-length documents such as electronic theses and dissertations (ETDs). ETDs contain extensive research data; stakeholders -- including researchers, librarians, students, and educators -- can benefit from increased access to this corpus. Challenges arise while working with this corpus owing to the varied nature of disciplines covered as well as the use of domain-specific language. Prior systems are not tuned to this corpus. This research aims to increase the accessibility of ETDs by the automatic classification of chapters of an ETD using machine learning and deep learning techniques. This work utilizes an ETD-centric target classification system. It demonstrates the use of custom trained word and document embeddings to generate better vector representations of this corpus. It also describes a methodology to leverage extractive summaries of chapters of an ETD to aid in the classification process. Our findings indicate that custom embeddings and the use of summarization techniques can increase the performance of the classifiers. The chapter-level labels generated by this research help to identify the level of interdisciplinarity in the corpus. The automatic classifiers can also be further used in a search engine interface that would help users to find the most appropriate chapters. / Master of Science / Electronic Theses and Dissertations (ETDs) are submitted by students at the end of their academic study. These works contain research information pertinent to a given field. Increasing the accessibility of such documents will be beneficial to many stakeholders including students, researchers, librarians, and educators. In recent years, a great deal of research has been conducted to better extract information from textual documents with the use of machine learning and natural language processing. However, these advances have not been applied to increase the accessibility of ETDs. This research aims to perform the automatic classification of chapters extracted from ETDs. That will reduce the human effort required to label the key parts of these book-length documents. Additionally, when considered by search engines, such categorization can aid users to more easily find the chapters that are most relevant to their research.

Electronic Theses and Dissertations

Classification

Machine learning

Deep learning (Machine learning)

Natural Language Processing

Science Guided Machine Learning: Incorporating Scientific Domain Knowledge for Learning Under Data Paucity and Noisy Contexts

Muralidhar, Nikhil

18 August 2022

In recent years, the large amount of labeled data available has helped tend machine learning (ML) research toward using purely data driven end-to-end pipelines, e.g., in deep neural network research. However, in many situations, data is limited and of poor quality. Traditional ML pipelines are known to be susceptible to various issues when trained on low volumes of non-representative, noisy datasets. We investigate the question of whether prior domain knowledge about the problem being modeled can be employed within the ML pipeline to improve model performance under data paucity and in noisy contexts? This report presents recent developments as well as details, novel contributions in the context of incorporating prior domain knowledge in various data-driven modeling (i.e., machine learning - ML) pipelines particularly geared towards scientific applications. Such domain knowledge exists in various forms and can be incorporated into the machine learning pipeline using different implicit and explicit methods (termed: science-guided machine learning (SGML)). All the novel techniques proposed in this report have been presented in the context of developing SGML to model fluid dynamics applications, but can be easily generalized to other applications. Specifically, we present SGML pipelines to (i) incorporate prior domain knowledge into the ML model architecture (ii) incorporate knowledge about the distribution of the target process as statistical priors for improved prediction performance (iii) leverage prior knowledge to quantify consistency of ML decisions with scientific principles (iv) explicitly incorporate known mathematical relationships of scientific phenomena to influence the ML pipeline (v) develop science-guided transfer learning to improve performance under data paucity. Each technique that is presented, has been designed with a focus on simplicity and minimal cost of implementation with a goal of yielding significant improvements in model performance especially under low data volumes or under noisy data conditions. In each application, we demonstrate through rigorous qualitative and quantitative experiments that our SGML pipelines achieve significant improvements in performance and interpretability over corresponding models that are purely data-driven and agnostic to scientific knowledge. / Doctor of Philosophy / In this work, we present techniques for incorporating scientific knowledge into machine learning (ML) pipelines. We demonstrate these techniques with ML models trained with low data volumes as well as with non-representative, noisy datasets. In both these cases, we demonstrate through rigorous experimentation that incorporating scientific domain knowledge into the ML pipeline using our proposed science guided machine learning (SGML) techniques, leads to significant performance improvement.

Machine Learning

Physics-Guided Machine Learning

Neural Networks

Data Paucity

Computational Fluid Dynamics

Achieving More with Less: Learning Generalizable Neural Networks With Less Labeled Data and Computational Overheads

Bu, Jie

15 March 2023

Recent advancements in deep learning have demonstrated its incredible ability to learn generalizable patterns and relationships automatically from data in a number of mainstream applications. However, the generalization power of deep learning methods largely comes at the costs of working with very large datasets and using highly compute-intensive models. Many applications cannot afford these costs needed to ensure generalizability of deep learning models. For instance, obtaining labeled data can be costly in scientific applications, and using large models may not be feasible in resource-constrained environments involving portable devices. This dissertation aims to improve efficiency in machine learning by exploring different ways to learn generalizable neural networks that require less labeled data and computational resources. We demonstrate that using physics supervision in scientific problems can reduce the need for labeled data, thereby improving data efficiency without compromising model generalizability. Additionally, we investigate the potential of transfer learning powered by transformers in scientific applications as a promising direction for further improving data efficiency. On the computational efficiency side, we present two efforts for increasing parameter efficiency of neural networks through novel architectures and structured network pruning. / Doctor of Philosophy / Deep learning is a powerful technique that can help us solve complex problems, but it often requires a lot of data and resources. This research aims to make deep learning more efficient, so it can be applied in more situations. We propose ways to make the deep learning models require less data and less computer power. For example, we leverage the physics rules as additional information for training the neural network to learn from less labeled data and we use a technique called transfer learning to leverage knowledge from data that is from other distribution. Transfer learning may allow us to further reduce the need for labeled data in scientific applications. We also look at ways to make the deep learning models use less computational resources, by effectively reducing their sizes via novel architectures or pruning out redundant structures.

Machine Learning Efficiency

Physics-guided Machine Learning

Efficient Neural Architecture

Neural Network Pruning

Transfer Learning

[pt] DESENVOLVIMENTO DE METODOLOGIA DE APOIO À DECISÃO PARA MANUTENÇÃO INTELIGENTE COMBINANDO ABORDAGENS MULTICRITÉRIO E MACHINE LEARNING: ESTUDO DE CASO EM EMPRESA DE MANUFATURA / [en] DEVELOPMENT OF A DECISION SUPPORT METHODOLOGY FOR INTELLIGENT MAINTENANCE COMBINING MULTICRITERIA AND MACHINE LEARNING APPROACHES: CASE STUDY IN A MANUFACTURING COMPANY

JAQUELINE ALVES DO NASCIMENTO

13 May 2024

[pt] A Indústria 4.0 (I4.0) e a transformação digital estão revolucionando a manutenção nas indústrias, impulsionando-a rumo a uma abordagem mais inteligente e proativa, conhecida como manutenção inteligente (smart maintenance – SM). Recentemente vive-se a transição para a Manutenção 4.0, em que decisões baseada em dados e análises avançadas trazidas com a SM permitem aumentar a eficiência, reduzir os custos operacionais e têm um grande impacto no desempenho operacional. Com a crescente digitalização dos processos e a disponibilidade de novas tecnologias, as decisões estão se tornando mais inteligentes, o que requer ter um processo de tomada de decisão estruturado. No entanto, tomar decisões gerenciais pode ser complexo devido a múltiplos critérios e pontos de vista envolvidos. Por exemplo, podem existir trade-offs e prioridades competitivas diferentes entre equipes funcionais como de manutenção, de produção e financeira. Nessa perspectiva, é crucial ter uma metodologia que combine esses aspectos conflitantes e, na era da Manutenção 4.0, a consideração de múltiplos critérios e pontos de vista, justifica a necessidade de um framework de apoio a decisão que combine técnicas de apoio multicritério a decisão (multi-criteria decision making - MCDM) e Machine Learning (ML). A partir da revisão de escopo observou-se a ausência de metodologias (e frameworks) de apoio a decisão combinando essas abordagens em estudos empíricos e em países emergentes. Diante disso, a presente pesquisa propoe aplicar um framework de apoio à decisão para SM em empresa de manufatura brasileira. Como método empírico foi realizado um estudo de caso, utilizando dados reais de manutenção, observação participante e entrevistas, além de análise documental. Uma abordagem multicritério híbrida é proposta por meio dos métodos AHP, MOORA, MULTIMORA e de Borda com dados qualitativos e quantitativos, para resolver um problema de ranking de impressoras para fazer parte do início das manutenções preditivas. A implementação computacional compõem a metodologia ocorreu em Python. Ao final foi possível observar que a combinação de MCDM e ML pode ser uma abordagem eficaz para aprimorar a tomada de decisão na manutenção, considerando a complexidade dos dados envolvidos. / [en] Industry 4.0 (I4.0) and digital transformation are revolutionizing maintenance in industries, pushing it towards a more intelligent and proactive approach, known as smart maintenance (SM). Recently, the transition to Maintenance 4.0 has been experienced, where maintenance decisions based on data and advanced analytics brought about by SM make it possible to increase efficiency, reduce operating costs and have a major impact on operational performance. With the increasing digitalization of processes and the availability of new technologies, decisions are becoming smarter, which requires having a structured, data-driven decision-making process for efficient decisions. However, making management decisions can be complex due to the multiple criteria and points of view involved. For example, there can be trade-offs and different competing priorities between functional areas such as maintenance, production and finance. From this perspective, it is crucial to have a methodology that combines these conflicting aspects, and in the Maintenance 4.0 era, the consideration of multiple criteria and points of view justifies the need for a decision support framework that combines multi-criteria decision making (MCDM) and Machine Learning (ML) techniques. A scoping review showed that there is a lack of decision support methodologies (and frameworks) combining these approaches in empirical studies and in emerging countries. In view of this, this research aims to propose and apply a decision support framework for MS in a Brazilian manufacturing company. A case study is used as the empirical method, using real maintenance data, participant observation and interviews, as well as document analysis. A hybrid multi-criteria approach is proposed using AHP, MOORA, MULTIMORA and Borda methods with qualitative and quantitative data, to solve a problem of ranking printers to be part of the start of predictive maintenance. The computational implementation of the approaches that make up the methodology took place in Python. At the end of the research, it was possible to observe that the combination of MCDM and ML can be an effective approach to improve decision-making in asset maintenance, considering multiple criteria and the complexity of the data involved.

[pt] ESTUDO DE CASO

[pt] MCDM

[pt] MACHINE LEARNING

[en] CASE STUDY

[en] MCDM

[en] MACHINE LEARNING