Advancing adversarial robustness with feature desensitization and synthesized data

Bayat, Reza

07 1900

Cette thèse porte sur la question critique de la vulnérabilité des modèles d’apprentissage profond face aux attaques adversariales. Susceptibles à de légères perturbations invisibles à l'œil humain, ces modèles peuvent produire des prédictions erronées. Les attaques adversariales représentent une menace importante quant à l’utilisation de ces modèles dans des systèmes de sécurité critique. Pour atténuer ces risques, l’entraînement adversarial s’impose comme une approche prometteuse, consistant à entraîner les modèles sur des exemples adversariaux pour renforcer leur robustesse. Dans le Chapitre 1, nous offrons un aperçu détaillé de la vulnérabilité adversariale, en décrivant la création d’échantillons adversariaux ainsi que leurs répercussions dans le monde réel. Nous expliquons le processus de conception de ces exemples et présentons divers scénarios illustrant leurs conséquences potentiellement catastrophiques. En outre, nous examinons les défis associés à l'entraînement adversarial, en mettant l’emphase sur des défis tels que le manque de robustesse face à une large gamme d’attaques et le compromis entre robustesse et généralisation, qui sont au cœur de cette étude. Le Chapitre 2 présente la Désensibilisation des Caractéristiques Adversariales (AFD), une méthode innovante utilisant des techniques d’adaptation de domaine pour renforcer la robustesse adversariale. L’AFD vise à apprendre des caractéristiques invariantes aux perturbations adversariales, augmentant ainsi la résilience face à divers types et intensités d’attaques. Cette approche consiste à entraîner simultanément un discriminateur de domaine et un classificateur afin de réduire la divergence entre les représentations de données naturelles et adversariales. En alignant les caractéristiques des deux domaines, l'AFD garantit que les caractéristiques apprises sont à la fois prédictives et robustes, atténuant ainsi le surapprentissage à des schémas d'attaque spécifiques et favorisant une défense plus globale. Le Chapitre 3 présente l’Entraînement Adversarial avec Données Synthétisées, une méthode visant à combler l’écart entre la robustesse et la généralisation des réseaux de neurones. En utilisant des données synthétisées générées par des techniques avancées, ce chapitre explore comment l'incorporation de telles données peut atténuer le surapprentissage et améliorer la performance globale des modèles entraînés adversarialement. Les résultats montrent que, bien que l’entraînement adversarial soit souvent confronté à un compromis entre robustesse et généralisation, l’utilisation de données synthétisées permet de maintenir une haute précision des données corrompues et hors distribution sans compromettre la robustesse. Cette approche offre une voie prometteuse pour développer des réseaux de neurones à la fois résilients aux attaques adversariales et capables de bien généraliser à de nombreux scénarios. Le Chapitre 4 conclut la thèse en résumant les principales découvertes et contributions de cette recherche. De plus, il propose plusieurs pistes pour des recherches futures visant à améliorer davantage la sécurité et la fiabilité des modèles d’apprentissage profond. Ces pistes incluent l’exploration de l’effet des données synthétisées sur une gamme plus large de tâches de généralisation, le développement d’approches alternatives moins coûteuses en termes de calcul d’entraînement, et l’adaptation de nouvelles techniques guidées par l’information en retour pour synthétiser des données qui favorise l’efficacité d’échantillonnage. En suivant ces directions, les recherches futures pourront s’appuyer sur les bases présentées dans cette thèse et continuer à faire progresser le domaine de la robustesse adversariale, menant à des systèmes d’apprentissage automatique plus sécuritaires et plus fiables. À travers ces contributions, cette thèse avance la compréhension de la robustesse adversariale et propose des solutions pratiques pour améliorer la sécurité et la fiabilité des systèmes d'apprentissage automatique. En abordant les limites des méthodes actuelles d'entraînement adversarial et en introduisant des approches innovatrices comme l'AFD et l'incorporation de données synthétisées, cette recherche ouvre le chemin à des modèles d'apprentissage automatique plus robustes et généralisables. / This thesis addresses the critical issue of adversarial vulnerability in deep learning models, which are susceptible to slight, human-imperceptible perturbations that can lead to incorrect predictions. Adversarial attacks pose significant threats to the deployment of these models in safety-critical systems. To mitigate these threats, adversarial training has emerged as a prominent approach, where models are trained on adversarial examples to enhance their robustness. In Chapter 1, we provide a comprehensive background on adversarial vulnerability, detailing the creation of adversarial examples and their real-world implications. We illustrate how adversarial examples are crafted and present various scenarios demonstrating their potential catastrophic outcomes. Furthermore, we explore the challenges associated with adversarial training, focusing on issues like the lack of robustness against a broad range of attack strengths and a trade-off between robustness and generalization, which are the subjects of our study. Chapter 2 introduces Adversarial Feature Desensitization (AFD), a novel method that leverages domain adaptation techniques to enhance adversarial robustness. AFD aims to learn features that are invariant to adversarial perturbations, thereby improving resilience across various attack types and strengths. This approach involves training a domain discriminator alongside the classifier to reduce the divergence between natural and adversarial data representations. By aligning the features from both domains, AFD ensures that the learned features are both predictive and robust, mitigating overfitting to specific attack patterns and promoting broader defensive capability. Chapter 3 presents Adversarial Training with Synthesized Data, a method aimed at bridging the gap between robustness and generalization in neural networks. By leveraging synthesized data generated through advanced techniques, this chapter explores how incorporating such data can mitigate robust overfitting and enhance the overall performance of adversarially trained models. The findings indicate that while adversarial training traditionally faces a trade-off between robustness and generalization, the use of synthesized data helps maintain high accuracy on corrupted and out-of-distribution data without compromising robustness. This approach provides a promising pathway to develop neural networks that are both resilient to adversarial attacks and capable of generalizing well to a wide range of scenarios. Chapter 4 concludes the thesis by summarizing the key findings and contributions of this thesis. Additionally, it outlines several avenues for future research to further enhance the security and reliability of deep learning models. Future research could explore the effect of synthesized data on a broader range of generalization tasks, develop alternative approaches to adversarial training that are less computationally expensive, and adapt new feedback-guided techniques for synthesizing data to enhance sample efficiency. By pursuing these directions, future research can build on the foundations laid by this thesis and continue to advance the field of adversarial robustness, ultimately leading to safer and more reliable machine learning systems. Through these contributions, this thesis advances the understanding of adversarial robustness and proposes practical solutions to enhance the security and reliability of machine learning systems. By addressing the limitations of current adversarial training methods and introducing innovative approaches like AFD and the incorporation of synthesized data, this research paves the way for more robust and generalizable machine learning models capable of withstanding a diverse array of adversarial attacks.

Robustesse Adversariale

Adaptation de Domaine

Adversarial Robustness

Domain Adaptation

Robustness and Generalization Trade-off

Characteristics of robust complex networks

Sydney, Ali

January 1900

Master of Science / Department of Electrical and Computer Engineering / Caterina M. Scoglio / In network theory, a complex network represents a system whose evolving structure and dynamic behavior contribute to its robustness. The study of complex networks, though young, spans diverse domains including engineering, science, biology, sociology, psychology, and business, to name a few. Regardless of the field of interest, robustness defines a network’s survivability in the advent of classical component failures and at the onset of cryptic malicious attacks. With increasingly ambitious initiatives such as GENI and FIND that seek to design future internets, it becomes imperative to define the characteristics of robust topologies, and to build future networks optimized for robustness. This thesis investigates the characteristics of network topologies that maintain a high level of throughput in spite of multiple attacks. To this end, we select network topologies belonging to the main network models and some real world networks. We consider three types of attacks: removal of random nodes, high degree nodes, and high betweenness nodes. We use elasticity as our robustness measure and, through our analysis, illustrate that different topologies can have different degrees of robustness. In particular, elasticity can fall as low as 0.8% of the upper bound based on the attack employed. This result substantiates the need for optimized network topology design. Furthermore, we implement a trade off function that combines elasticity under the three attack strategies and considers the cost of the network. Our extensive simulations show that, for a given network density, regular and semi-regular topologies can have higher degrees of robustness than heterogeneous topologies, and that link redundancy is a sufficient but not necessary condition for robustness.

Complex Networks

Robustness

Optimization

Attack

Trade off

Topology

Engineering, General (0537)

Mathematics (0405)

Architectures adaptives et reconfigurables de fusion de données dans les sytèmes de positionnement pour la navigation / Adaptive and reconfigurable data fusion architectures in positioning navigation systems

Liu, Guopei

January 2008

Dans les systèmes de positionnement de véhicules, à tout moment, n'importe lequel des détecteurs peut, temporairement ou de manière permanente, tomber en panne ou cesser d'envoyer des informations. Il s'ensuit alors des répercussions sur la sécurité, la santé, ainsi que des informations financières ou même légales. Bien que les nouvelles pratiques de conception aient tendance à réduire au minimum les défaillances des détecteurs, il est reconnu que de tels évènements peuvent quand même souvenir. Dans un tel cas, le détecteur défectueux doit être identifié et isolé afin d'éviter de corrompre les évaluations globales et, finalement, le système doit être capable de se reconfigurer afin de surmonter le carence causée par la défaillance. En bref, un système de navigation doit être robuste et adaptatif. Cette thèse propose plusieurs architectures de fusion de données capables de s'adapter suite à des défaillances de détecteurs. Les diverses approches utilisent un filtre Kalman en combinaison avec la détection de défauts pour produire des modules de positionnement robuste. Les modules devront être capables de fonctionner dans des situations telles que l'entrée GPS est corrompue ou non disponible, ou bien qu'un plusieurs détecteurs de position sont défectueux ou bloqués. Le principe de travail vise la modification des gains du filtre Kalman en se basant sur les erreurs normalisées entre les états estimés et les observations. Pour évaluer l'architecture proposée, divers défauts de détecteurs et diverses dégradations de performance ont été mis en oeuvre et simulés. Les expériences démontrent que les solutions proposées peuvent compenser la plupart des erreurs associées aux défauts des détecteurs ou aux dégradations de performance, et que l'exactitude de positionnement qui en découle est améliorée significativement.

Navigation de véhicule

Fusion de détecteur

GPS

Filtre Kalman

Détection de défauts

Robustesse

Positioning

Vehicle Navigation

Sensor Fusion

Kalman Filter

Fault

Detection

Robustness

Producibility Assessment System : Enhancing modularization, robustness and flexibility

Jacobson, Max

January 2016

Developing high-end aerospace components is a complex and highly competitive business. Hence methods for decreasing lead-time, while still providing the same quality and at a lower cost, has to be developed. This thesis is conducted at Research & Technology - GKN Aerospace in Trollhättan Sweden. A multidisciplinary analysis system known internally as Engineering Workbench, forms the base for implementation of the methods and tools developed in this thesis work. The system applies set-based engineering approach to develop new components. The evaluation of the design space is performed through parametric studies to find relations between the design parameters and performance metrics of the design. The engineering workbench allows GKN to define and evaluate a large design space within a limited timeframe. This thesis will look to improve the current producibility assessment system within the EWB by increasing the robustness and flexibility of the system. This is done by re-designing the producibility analysis part system and into a modular knowledge-based system that implements various techniques to increase the robustness and flexibility of the system. The re-designed system is automated, flexible and robust and is able to perform user defined weld assessments on a various designs and provides GKN with weld producibility data.

Aerospace

Manufacturability Analysis System

Knowledge-Based Engineering

Software Engineering

System Engineering

Robustness

Flexibility

Concurrent Engineering

Set-Based Engineering

Identifying Parameters for Robust Network Growth using Attachment Kernels: A case study on directed and undirected networks

Abdelzaher, Ahmed F

01 January 2016

Network growing mechanisms are used to construct random networks that have structural behaviors similar to existing networks such as genetic networks, in efforts of understanding the evolution of complex topologies. Popular mechanisms, such as preferential attachment, are capable of preserving network features such as the degree distribution. However, little is known about such randomly grown structures regarding robustness to disturbances (e.g., edge deletions). Moreover, preferential attachment does not target optimizing the network's functionality, such as information flow. Here, we consider a network to be optimal if it's natural functionality is relatively high in addition to possessing some degree of robustness to disturbances. Specifically, a robust network would continue to (1) transmit information, (2) preserve it's connectivity and (3) preserve internal clusters post failures. In efforts to pinpoint features that would possibly replace or collaborate with the degree of a node as criteria for preferential attachment, we present a case study on both; undirected and directed networks. For undirected networks, we make a case study on wireless sensor networks in which we outline a strategy using Support Vector Regression. For Directed networks, we formulate an Integer Linear Program to gauge the exact transcriptional regulatory network optimal structures, from there on we can identify variations in structural features post optimization.

Theory and Algorithms

Caracterisation dynamique et conception robuste d’interfaces de structures / Dynamic characterization and robust design of structural interfaces

Weisser, Thomas

14 September 2012

Les structures mécaniques complexes résultent de l’assemblage de plusieurs composants, possédant souvent des propriétés mécaniques différentes, reliés à leurs interfaces par différents types de jonctions. L’hétérogénéité des comportements dynamiques de ces sous-structures et leurs sollicitations extérieures vont générer des efforts sur la structure principale et des accélérations importantes au niveau des équipements embarqués, affectant leur fonctionnement, leur fiabilité, leur sécurité. Il est alors nécessaire de les protéger en les isolant du reste de la structure.Ces travaux concernent la maîtrise des niveaux vibratoires et visent à fournir une méthode de caractérisation dynamique des interfaces entre différentes sous-structures. Celle-ci est ensuite intégrée dans une démarche visant à minimiser la puissance transmise entre des sous-structures sources et réceptrices.Une méthode de modes de flux de puissance a été développée, dont les valeurs et efforts propres fournissent, respectivement, des informations quantitatives et qualitatives sur les flux de puissance à l’intérieur d’une structure. Son application à l’étude de la puissance transmise entre deux sous-structures permet d’identifier les directions et les participations des principaux chemins de puissance transitant par les jonctions.Ces résultats ont été appliqués afin de proposer une méthodologie de conception robuste des interfaces de structures. Deux démarches d’optimisation ont été comparées visant à minimiser la puissance transmise par rapport aux paramètres de raideurs des jonctions. L’importance de considérer la robustesse de ces solutions a été soulignée par une approche complémentaire non-probabiliste. / Complex mechanical structures are composed of an assembly of several components, often exhibiting different mechanical properties and joined at their interfaces by different junction types. The various dynamic behaviours of these substructures and the applied external loadings generate important efforts on the main structure, resulting in high acceleration responses of the on-board equipments, affecting their performance, reliability and security. It is therefore necessary to protect them from these harsh conditions by isolating them from the rest of the structure.These researches are related to structural vibration control and aim at proposing a new method to dynamically characterize interfaces between different substructures. This method is then integrated to a robust design approach to minimize the power transmitted between a source and a receiver substructure. A power flow mode method has been developed, which allows determining eigenvalues and eigenvectors respectively representing qualitative and quantitative information on the power flowing inside the structure. This has been further applied to study the power transmitted at the interface, making it possible to identify the direction associated to the dominant power flow pattern and to quantify their contribution.These results have been applied to propose a robust design approach of structural interfaces. Optimization procedures have been implemented and compared to minimize the power transmitted between with respect to the interface stiffness parameters. The importance of considering the robustness of these solutions has been underlined by performing a complementary analysis based on a non-probabilistic approach.

Dynamique des structures

Flux de puissance

Sous-structuration

Optimisation

Robustesse

Structural dynamics

Flow of power

Sub-structuring

Optimisation

Robustness

620.1

Measure of robustness for complex networks

Youssef, Mina Nabil

January 1900

Doctor of Philosophy / Department of Electrical and Computer Engineering / Caterina Scoglio / Critical infrastructures are repeatedly attacked by external triggers causing tremendous amount of damages. Any infrastructure can be studied using the powerful theory of complex networks. A complex network is composed of extremely large number of different elements that exchange commodities providing significant services. The main functions of complex networks can be damaged by different types of attacks and failures that degrade the network performance. These attacks and failures are considered as disturbing dynamics, such as the spread of viruses in computer networks, the spread of epidemics in social networks, and the cascading failures in power grids. Depending on the network structure and the attack strength, every network differently suffers damages and performance degradation. Hence, quantifying the robustness of complex networks becomes an essential task. In this dissertation, new metrics are introduced to measure the robustness of technological and social networks with respect to the spread of epidemics, and the robustness of power grids with respect to cascading failures. First, we introduce a new metric called the Viral Conductance ($VC_{SIS}$) to assess the robustness of networks with respect to the spread of epidemics that are modeled through the susceptible/infected/susceptible ($SIS$) epidemic approach. In contrast to assessing the robustness of networks based on a classical metric, the epidemic threshold, the new metric integrates the fraction of infected nodes at steady state for all possible effective infection strengths. Through examples, $VC_{SIS}$ provides more insights about the robustness of networks than the epidemic threshold. In addition, both the paradoxical robustness of Barab\'si-Albert preferential attachment networks and the effect of the topology on the steady state infection are studied, to show the importance of quantifying the robustness of networks. Second, a new metric $VC_$ is introduced to assess the robustness of networks with respect to the spread of susceptible/infected/recovered ($SIR$) epidemics. To compute $VC_$, we propose a novel individual-based approach to model the spread of $SIR$ epidemics in networks, which captures the infection size for a given effective infection rate. Thus, $VC_$ quantitatively integrates the infection strength with the corresponding infection size. To optimize the $VC_$ metric, a new mitigation strategy is proposed, based on a temporary reduction of contacts in social networks. The social contact network is modeled as a weighted graph that describes the frequency of contacts among the individuals. Thus, we consider the spread of an epidemic as a dynamical system, and the total number of infection cases as the state of the system, while the weight reduction in the social network is the controller variable leading to slow/reduce the spread of epidemics. Using optimal control theory, the obtained solution represents an optimal adaptive weighted network defined over a finite time interval. Moreover, given the high complexity of the optimization problem, we propose two heuristics to find the near optimal solutions by reducing the contacts among the individuals in a decentralized way. Finally, the cascading failures that can take place in power grids and have recently caused several blackouts are studied. We propose a new metric to assess the robustness of the power grid with respect to the cascading failures. The power grid topology is modeled as a network, which consists of nodes and links representing power substations and transmission lines, respectively. We also propose an optimal islanding strategy to protect the power grid when a cascading failure event takes place in the grid. The robustness metrics are numerically evaluated using real and synthetic networks to quantify their robustness with respect to disturbing dynamics. We show that the proposed metrics outperform the classical metrics in quantifying the robustness of networks and the efficiency of the mitigation strategies. In summary, our work advances the network science field in assessing the robustness of complex networks with respect to various disturbing dynamics.

Robustness measure

Complex networks

Spread of epidemics

Power grids

Viral conductance

Cascading failures

Electrical Engineering (0544)

Epidemiology (0766)

Techniques de modélisation et d’analyse pour l’amélioration de la robustesse des systèmes distribués / Modeling and analysis of techniques to increase robustness in distributed systems

Loti, Riccardo

26 May 2014

Le point de départ pour les systèmes décentralisés a été l’échange des fichiers, en utilisant cet approche i) pour distribuer la bande passante entre tous les nœuds concernés et ii) pour augmenter la robustesse en éliminant autant que possible les points individuels de défaillance et de contrôle et iii) en partageant également les responsabilités entre les nœuds. Si les approches le plus décentralisés sont très efficaces en termes de résilience aux pannes, pour la même raison, les performances sont limités et difficiles à analyser quand on observe plusieurs réseaux interconnectés entre eux, configurations qui peuvent être analysés à travers des outils de simulation, souvent peu efficaces dans l’analyse de l’espace de possibilités. Dans cette thèse on a développé un modèle mathématique pour la modélisation de l’interconnexion des réseaux en permettant l’étude et l’exploration d’équilibres qui grâce à l’abstraction du modèle peuvent s’appliquer à l’interconnexion des réseaux de communications, réseaux de distribution de marchandise ou réseaux de distribution d’eau. La thèse se focalise aussi sur les réseaux décentralisés MANET, ou` la communication entre nœuds mobiles est purement ≪ ad-hoc ≫ (ex: deux voitures communiquant entre eux quand ils sont proches) en utilisant i) des ≪ rateless coding ≫ pour augmenter la robustesse et minimiser la perte ou la corruption de données causées par la non fiabilité du moyen de transmission et ii) des algorithmes de ≪ pollution détection ≫, par exemple de détection de nœuds malveillants ou de paquets corrompus, cette détection et prévention étant très difficile dans des environnements fortement distribués. / The original “selling point” for decentralized networks has been file exchange, using the decentralized approach to diffuse the bandwidth cost between all the participating nodes, augmenting the robustness by avoiding single point of failures and control by sharing the responsibility between all nodes. While the most decentralized approaches are very efficient in terms of resilience they are, by the same reason, more performance limited and harder to analyze. This analysis is usually the sole realm of simulation tools, a quite in- efficient way to analyze the possibility space. We thus developed and present here a mathematical model for network interconnection, enabling the study and exploration of equilibriums and, by virtue of the abstraction of the model, perfectly applicable to any interconnection of networks, be them communication networks, social networks or, for example, water distribution networks. We also focused on decentralized networks, called MANETs, where communication between mobile nodes is purely ad-hoc based (eg.: two cars passing each other and communicating while in range), exploit- ing rateless coding to increase their robustness by minimizing data loss due to transmission unreliability, and detecting malicious nodes sending corrupted packets, a hard to detect and prevent problem in a strongly distributed environments, using SIEVE, a custom developed algorithm.

MANET

Identification de la pollution

Modélisation

Réseaux distribués

Robustesse

Résilience

MANET

CCN

CCN-TV

Pollution identification

Modeling

Distributed networks

Robustness

Resilience

Evropské letecké uzly v kontextu sítě a její odolnosti vůči narušení / European air hubs in the context of network and its resistance against disturbances

Šulc, David

January 2019

EUROPEAN AIR HUBS IN THE CONTEXT OF NETWORK AND ITS RESISTANCE AGAINST DISTURBANCES Abstract The submitted master thesis is addressing the theme of connectivity of European Air Transport Network, its properties and resistance against negative influences based on data from flight schedules for winter season 2018. The main objective of the thesis is to analyse European Air Transport Network from the point of connectivity in order to find out the most important airport hubs according to their geographic conditions, community structure and resistance of the whole network. Used methods are based on the Graph Theory and the centrality measures as indicators of connectivity. The empiric part of the thesis is divided into three parts. The aim of the first part is to find out, what airports are the most important in the European Air Transport Network. In the second part are explored properties and structure of the network. The last part is aiming to analyse the resistance of the European Air Transport Network from the view of robustness and resilience. Among the most important air hubs in Europe belong airports, that are serving world cities and tourist attractive localities. There is a strong dominance of the Schiphol airport in Amsterdam, the El Prat airport in Barcelona and the Frankfurt Airport. The European Air...

Learning and Design Methodologies for Efficient, Robust Neural Networks

Priyadarshini Panda (6823670)

15 August 2019

<div>"Can machines think?", the question brought up by Alan Turing, has led to the development of the eld of brain-inspired computing, wherein researchers have put substantial effort in building smarter devices and technology that have the potential of human-like understanding. However, there still remains a large (several orders-of-magnitude) power efficiency gap between the human brain and computers that attempt to emulate some facets of its functionality. In this thesis, we present design techniques that exploit the inherent variability in the difficulty of input data and the correlation of characteristic semantic information among inputs to scale down the computational requirements of a neural network with minimal impact on output quality. While large-scale artificial neural networks have achieved considerable success in a range of applications, there is growing interest in more biologically realistic models, such as, Spiking Neural Networks (SNNs), due to their energy-efficient spike based processing capability. We investigate neuroscientific principles to develop novel learning algorithms that can enable SNNs to conduct on-line learning. We developed an auto-encoder based unsupervised learning rule for training deep spiking convolutional networks that yields state-of-the-art results with computationally efficient learning. Further, we propose a novel "learning to forget" rule that addresses the catastrophic forgetting issue predominant with traditional neural computing paradigm and offers a promising solution for real-time lifelong learning without the expensive re-training procedure. Finally, while artificial intelligence grows in this digital age bringing large-scale social disruption, there is a growing security concern in the research community about the vulnerabilities of neural networks towards adversarial attacks. To that end, we describe discretization-based solutions, that are traditionally used for reducing the resource utilization of deep neural networks, for adversarial robustness. We also propose a novel noise-learning training strategy as an adversarial defense method. We show that implicit generative modeling of random noise with the same loss function used during posterior maximization, improves a model's understanding of the data manifold, furthering adversarial robustness. We evaluated and analyzed the behavior of the noise modeling technique using principal component analysis that yields metrics which can be generalized to all adversarial defenses.</div>

Computer Engineering

Neural Networks

Deep Learning

Neuromorphic Computing

Energy-Efficiency

Robustness