DISSERTATION DEFENSE

Department of Computer Science and Engineering

University of South Carolina

 Towards More Trustworthy Deep Learning: Accurate, Resilient, and Explainable Countermeasures Against Adversarial Examples

Author : Fei Zuo

Advisor : Dr. Qiang Zeng

Date : Aug 12, 2021

Time : 11:00am

Place : Virtual Defense

                 

Abstract

Despite the great achievements made by neural networks on tasks such as image classification, they are brittle and vulnerable to adversarial example (AE) attacks. Along with the prevalence of deep learning techniques, the threat of AEs attracts increasingly attentions since it may lead to serious consequences in some vital applications such as disease diagnosis. 

To defeat attacks based on AEs, both detection and defensive techniques attract the research community’s attention. While many countermeasures against AEs have been proposed, recent studies show that the existing detection methods usually goes ineffective when facing adaptive AEs. In this work, we exploit AEs by identifying their noticeable characteristics.

 

First, we noticed that L2 adversarial perturbations are among the most effective but difficult-to-detect attacks. How to detect adaptive L2 AEs is still an open question. At the same time, we find that, by randomly erasing some pixels in an L2 AE and then restoring it with an inpainting technique, the AE, before and after the steps, tends to have different classification results, while a benign sample does not show this symptom. We thus propose a novel AE detection technique, Erase-and-Restore (E&R), that exploits the intriguing sensitivity of L2 attacks. Comprehensive experiments conducted on standard image datasets show that the proposed detector is effective and accurate. More importantly, our approach demonstrates strong resilience to adaptive attacks. We also interpret the detection technique through both visualization and quantification.

 

Second, previous work considers that it is challenging to properly alleviate the effect of the heavy corruptions caused by L0 attacks. However, we argue that the uncontrollable heavy perturbation is

an inherent limitation of L0 AEs, and thwart such attacks. We thus propose a novel AE detector by converting the detection problem into a comparison problem. In addition, we show that the pre-processing technique used for detection can also work as an effective defense, which has a high probability of removing the adversarial influence of L0 perturbations. Thus, our system demonstrates not only high AE detection accuracies, but also a notable capability to correct the classification results.

 

Finally, we propose a comprehensive AE detector which systematically combines the two detection methods to thwart all categories of widely discussed AEs, i.e., L0, L2, and L∞ attacks. By acquiring the both strengths from its assembly components, the new hybrid AE detector is not only able to distinguish various kinds of  

AEs, but also has a very low false positive rate on benign images. More significantly, through exploiting the noticeable characteristics of AEs, the proposed detector is highly resilient to adaptive attack, filling a critical gap in AE detection.

When: Tuesday, April 27, 11:00-12:00

https://zoom.us/j/98717098004?pwd=T3lPSGZ2K1pKTllQaWhRMDBtNVcrUT09

Speaker: Dr. Christian O’Reilly, McGill University, Canada

Talk abstract: Modeling is the bedrock on which science and technology have been built. Nowadays, almost every part of manufactured objects – may it be a supercomputer or a simple light bulb -- is modeled and simulated for us to gain a comprehensive understanding of how it works and how it will react under different conditions. Compared to human-made objects, our ability to get a grip on complex biological systems such as the brain has been hindered by these systems being black boxes which inner workings were mostly unknown. As we gain more insights on the mechanisms at play, our capacity to model and simulate these systems increases and further shed light on their remaining mysteries. In parallel, as the advances in medicine and science provide us with a finer appreciation of these biological systems, it also generates more intricate challenges. Tackling these new problems often requires integrating many sources of knowledge across fields and scales, from slow-evolving social factors to millisecond molecular interactions. Understanding complex multi-factorial and multidimensional neurodevelopmental issues like those present in the autistic spectrum disorder is such a problem. In this context, setting up a solid analytical framework empowered by modeling and simulation is even more important. In the first half of this talk I will go over some of my experiences in analyzing and modeling neuronal systems at different scales, from the macroscopic whole-brain scale to the microscopic cellular scale. Then, in the second part, building on these experiences I will make a case for the importance of systematically benchmarking the different aspects of the brain across scales and integrating such knowledge into analytical tools that we can use for scientific discoveries and clinical decisions. Speaker bio (short): Christian O’Reilly (Google Scholar) received his B.Ing (electrical eng.; 2007), his M.Sc.A. (biomedical eng.; 2011), and his Ph.D. (biomedical eng.; 2012) from the École Polytechnique de Montréal where he worked under the mentoring of Pr. R. Plamondon to apply pattern recognition and machine learning to predict brain stroke risks. He was later a postdoctoral fellow in Pr. T. Nielsen’s laboratory at the Center for Advanced Research in Sleep Medicine of the Hôpital du Sacré-Coeur/Université de Montréal (2012-2014) and then a NSERC postdoctoral fellow at McGill's Brain Imaging Center (2014-2015) where he worked in Pr. Baillet’s laboratory on characterizing EEG sleep transients, their sources, and their functional connectivity. During this period, he also was a visiting scholar in Pr. K. Friston's laboratory at the University College of London to study effective connectivity during sleep transients using dynamic causal modeling, an approach based on the Bayesian inversion of neural mass models. He later took on a 6-month fellowship with the Pr. M. Elsabbagh on functional connectivity in autism after which he moved to Switzerland to work for the Blue Brain project (Pr. S. Hill; EPFL; 2015-2018) where he led efforts on large-scale biophysically detailed modeling of the thalamocortical loop. Since 2020, he resumed his collaboration with the Dr. Elsabbagh as a research associate at the Azrieli Centre for Autism Research (McGill) where he is studying brain connectivity in autism and related neurodevelopmental disorders.

DISSERTATION DEFENSE Department of Computer Science and Engineering University of South Carolina Author : Adem Coskun Advisor : Dr. Marco Valtorta Date : April 7, 2021 Time : 12:00 pm - 02:00 pm Place : Virtual Defense (link below) Link : Microsoft Teams: https://teams.microsoft.com/l/meetup-join/19%3ameeting_YTJkMzc0MjEtNDg3… Abstract Multi-robot systems are increasingly deployed in environments where they interact with humans. From the perspective of a robot, such interaction could be considered a disturbance that causes a well-planned trajectory to fail. This dissertation addresses the problem of multi-robot coordination in scenarios where the robots may experience unexpected delays in their movements. Prior work by Cap Gregoire, and Frazzoli introduced a control law, called RMTRACK, which enables robots in such scenarios to execute pre-planned paths in spite of disturbances that affect the execution speed of each robot while guaranteeing that each robot can reach its goal without collisions and without deadlocks. We extend that approach to handle scenarios in which the disturbance probabilities are unknown when execution starts and are non-uniform across the environment. The key idea is to "repair" a plan on-the-fly, by swapping the order in which a pair of robots passes through a mutual collision region (i.e. a coordination space obstacle), when making such a change is expected to improve the overall performance of the system. We introduce a technique based on Gaussian processes to estimate future disturbances, and propose two algorithms for testing, at appropriate times, whether a swap of a given obstacle would be beneficial. Tests in simulation demonstrate that our algorithms achieve significantly smaller average travel time than RMTRACK at only a modest computational expense. However, deadlock may arise when rearranging the order in which robots pass collision regions and other obstacles. We provide a precise definition of deadlock using a graphical representation and prove some of its important properties. We show how to exploit the representation to detect the possibility of deadlock and to characterize conditions under which deadlock may not occur. We provide experiments in simulated environments that illustrate the potential usefulness of our theory of deadlock.

Time: Apr 2, 2021 11:00 AM Eastern Time (US and Canada) https://zoom.us/j/8440139296?pwd=MU9EWkJ5VEMyNzlneHI3Q1NTN0JxZz09 Abstract: A core aspect of our social lives is often embedded in the communities that we are situated in, such as our workplaces, neighborhoods, localities, and school/ college campuses. The inter-connectedness and inter-dependencies of our interactions, experiences, and concerns intertwine our situated context with our wellbeing. A better understanding of our wellbeing and psychosocial dynamics will help us devise strategies to address our wellbeing through proactive and tailored support strategies. However, existing methodologies to assess wellbeing suffer from limitations of scale and timeliness. Parallelly, given its ubiquity and widespread use, social media can be considered a “passive sensor” that can act as a complementary source of unobtrusive, real-time, and naturalistic data to infer wellbeing. In this talk, Koustuv Saha, from Georgia Tech, will present computational and causal approaches for leveraging social media in concert with complementary multimodal data to examine wellbeing. He will show how theory-driven computational methods can be applied on unique social media and complementary multimodal data to capture attributes of human behavior and psychosocial dynamics in situated communities, particularly college campuses and workplaces. Further, he will dive deep into drawing meaning out of online-inferences about offline metrics. Finally, this talk will propel the vision towards human-centered technologies tailored to situations, demands, and needs, facilitating technology-supported remote functioning, evaluating the prospective utility of social platforms for wellbeing, and understanding the harms/benefits of computational and data-driven assessments. Bio: Koustuv Saha is a doctoral candidate in Computer Science in the School of Interactive Computing at Georgia Tech. His research interest is in Social Computing and Computational Social Science. In his research, he adopts machine learning, natural language, and causal inference analysis to examine human behavior and wellbeing using social media and online data, along with complementary multimodal sensing data. His work has been published at several high prestige venues, including CHI, CSCW, ICWSM, IMWUT, JMIR, TBM, ACII, FAT*, PervasiveHealth, and WebSci, among others. He has been recognized as Foley Scholar, a recipient of the Foley Scholarship Award, GVU Center’s highest recognition for student excellence in research contributions to computing. He is a recipient of the Snap Research Fellowship, a finalist of the Symantec Graduate Fellowship, and his research has won the Outstanding Study Design Award at ICWSM 2019. His research has been covered at prestigious media outlets, including the New York Times, CBC Radio, NBC, 11Alive, the Hill, and the Commonwealth Times. During his Ph.D., he has had research internships at Snap Research, Microsoft Research, Max Planck Institute, and Fred Hutch Cancer Research. Earlier, he completed his B.Tech (Hons.) in Computer Science and Engineering from the Indian Institute of Technology (IIT) Kharagpur. He was also awarded the NTSE Scholarship by the Govt. of India, and he holds an overall industry research experience of five years. More about Koustuv can be found out at https://koustuv.com.

DISSERTATION DEFENSE Department of Computer Science and Engineering University of South Carolina Author : Hao Guo Advisor : Dr. Song Wang Date : March 31, 2021 Time : 10:00am - 12:00 pm Place : Virtual Defense (link below) Link : https://bluejeans.com/140824998 Abstract This dissertation is focused on the task of multi-label visual recognition, a fundamental task of computer vision. It aims to tell the presence of multiple visual classes from the input image, where the visual classes, such as objects, scenes, attributes, etc., are usually defined as image labels. Due to the prosperous deep networks, this task has been widely studied and significantly improved in recent years. However, it remains a challenging task due to appearance complexity of multiple visual contents co-occurring in one image. This research explores to regularize the deep network learning for multi-label visual recognition. First, an attention concentration method is proposed to refine the deep network learning for human attribute recognition, i.e., a challenging instance of multi-label visual recognition. Here the visual attention of deep networks, in terms of attention maps, is an imitation of human attention in visual recognition. Derived by the deep network with only label-level supervision, attention maps interpretively highlight areas indicating the most relevant regions that contribute most to the final network prediction. Based on the observation that human attributes are usually depicted by local image regions, the added attention concentration enhances the deep network learning for human attribute recognition by forcing the recognition on compact attribute-relevant regions. Second, inspired by the consistent relevance between a visual class and an image region, an attention consistency strategy is explored and enforced during deep network learning for human attribute recognition. Specifically, two kinds of attention consistency are studied in this dissertation, including the equivariance under spatial transforms, such as flipping, scaling and rotation, and the invariance between different networks for recognizing the same attribute from the same image. These two kinds of attention consistency are formulated as a unified attention consistency loss and combined with the traditional classification loss for network learning. Experiments on public datasets verify its effectiveness by achieving new state-of-the-art performance for human attribute recognition. Finally, to address the long-tailed category distribution of multi-label visual recognition, the collaborative learning between using uniform and re-balanced samplings is proposed for regularizing the network training. While the uniform sampling leads to relatively low performance on tail categories, re-balanced sampling can improve the performance on tail classes, but may also hurt the performance on head classes in network training due to label co-occurrence. This research proposes a new approach to train on both class-biased samplings in a collaborative way, resulting in performance improvement for both head and tail classes. Based on a two-branch network taking the uniform sampling and re-balanced sampling as the inputs, respectively, a cross-branch loss enforces consistency when the same input goes through the two branches. The experimental results demonstrate that the proposed method significantly outperforms existing state-of-the-art methods on long-tailed multi-label visual recognition.

DISSERTATION DEFENSE Department of Computer Science and Engineering University of South Carolina Author : Alireza Nasiri Advisor : Dr. Jianjun Hu Date : March 29, 2021 Time : 1:00 - 3:00 pm Place : Virtual Defense (link below) Zoom link: https://us02web.zoom.us/j/83125251774?pwd=NDEwK3M4b3NuT0djQ25BMlQ2cGtuZ… Abstract Hearing sense has an important role in our daily lives. During the recent years, there has been many studies to transfer this capability to the computers. In this dissertation, we design and implement deep learning based algorithms to improve the ability of the computers in recognizing the different sound events. In the first topic, we investigate sound event detection, which identifies the time boundaries of the sound events in addition to the type of the events. For sound event detection, we propose a new method, AudioMask, to benefit from the object-detection techniques in computer vision. In this method, we convert the question of identifying time boundaries for sound events, into the problem of identifying objects in images by treating the spectrograms of the sound as images. AudioMask first applies Mask R-CNN, an algorithm for detecting objects in images, to the log-scaled mel-spectrograms of the sound files. Then we use a frame-based sound event classifier trained independently from Mask R-CNN, to analyze each individual frame in the candidate segments. Our experiments show that, this approach has promising results and can successfully identify the exact time boundaries of the sound events. In the second topic, we present SoundCLR, a supervised contrastive learning based method for effective environmental sound classification with state-of-the-art performance, which works by learning representations that disentangle the samples of each class from those of other classes. We also exploit transfer learning and strong data augmentation to improve the results. Our extensive benchmark experiments show that our hybrid deep network models trained with combined contrastive and cross-entropy loss achieved the state-of-the-art performance on three benchmark datasets ESC-10, ESC-50, and US8K with validation accuracies of 99.75%, 93.4%, and 86.49% respectively. The ensemble version of our models also outperforms other top ensemble methods. Finally, we analyze the acoustic emissions that are generated during the degradation process of SiC composites. The aim here is to identify the state of the degradation in the material, by classifying its emitted acoustic signals. As our baseline, we use random forest method on expert-defined features. Also we propose a deep neural network of convolutional layers to identify the patterns in the raw sound signals. Our experiments show that both of our methods are reliably capable of identifying the degradation state of the composite, and in average, the convolutional model significantly outperforms the random forest technique.

Topic: Seminar: Muhammad Rahman Time: Mar 29, 2021 11:00 AM Eastern Time (US and Canada) Join Zoom Meeting https://zoom.us/j/97536411087?pwd=RExTdkVQcEg4OERFMUJhWm5rQThndz09 Title: Abstract: Artificial intelligence (AI) has made incredible scientific and technological contributions in many areas including business, healthcare and psychology. Due to the multidisciplinary nature and the ability to revolutionize, almost every field has started welcoming AI. The last decade is the witness of progresses of AI and machine learning, and their applications. In this talk, I will present my work that used AI and machine learning to solve interesting research challenges. The first part of my talk will describe an AI-powered framework that I have developed for large document understanding. The research contributed by modeling and extracting the logical and semantic structure of electronic documents using machine learning techniques. In the second part of my talk, I will present an ongoing work that uses computational technology to design a study for measuring COVID-19 effects on people with substance use disorders. I will conclude the talk by introducing few other AI-powered initiatives in mental health, substance use and addiction that I am currently working on. Bio: Dr. Muhammad Rahman is a Postdoctoral Researcher at National Institutes of Health (NIH). Before that, he was a Postdoctoral Fellow in the Center for Language and Speech Processing (CLSP) research lab at Johns Hopkins University. He obtained his Ph.D. in computer science from the University of Maryland, Baltimore County. His research is at the intersection of artificial intelligence (AI), machine learning, natural language processing, mental health, addiction and public health. Dr. Rahman’s current research mostly focuses on the real-world applications of advanced AI and machine learning techniques in addiction, mental health and behavioral psychology. As a part of NIH, he is working on designing and developing real-time digital intervention techniques to support substance use disorders and mental illness patients. During his Ph.D., Dr. Rahman worked on large document understanding that automatically identifies different sections of documents and understands their purpose within the document. He also had research internships at AT&T Labs and eBay Research where he worked on large scale industrial research projects. https://irp.drugabuse.gov/staff-members/muhammad-mahbubur-rahman-ph-d/

Friday, March 26 at 11 am Zoom Meeting details: https://zoom.us/j/95651622905?pwd=M3IxbGY0WWpBUEJnRE5XRmhnRW91UT09 Echolocating animals rely on biosonar for navigation and foraging, operating on lower energy input but achieving higher accuracy compared with engineered sonar. My research focuses on understanding the mechanism of bat biosonar by simulating different acoustic scenes involving vegetation and defining the invariants in the foliage echoes that provide the tree type information for bats to use as landmarks. Additionally, I have developed Spectrogram Correlation and Transformation (SCAT) model that simulates the bat’s auditory system with a gammatone filterbank, a half-wave rectifier, and a low-pass filter. The SCAT model splits a signal into many parallel frequency channels and maps the acoustic “image” of the target by finding the crossings at each channel with the same threshold. It can estimate the range delay between a sound source and targets as well as fine delay within reflecting points in one target – signal delays as short as a few microseconds. Currently, I am expanding the SCAT model by including a convolutional neural network for binaural localization of small targets. Bio: Chen Ming, Ph.D., received a BS and an MS in Mechanical Engineering from Hunan University in China. She then moved to the US to study bioacoustics at Virginia Tech with a focus on foliage echoes in natural environments. After graduation, she joined the Neuroscience department at Brown University as a postdoc, where she has been working on the modeling of the auditory system of big brown bats and acoustic scene reconstruction as a part of a Multidisciplinary University Research Initiative (MURI) Program to inspire advanced Navy sonar designs. Her long-term research goal is to design sonar for small autonomous aerial vehicles and incorporate AI for precise sensing. Recently she has been selected as a speaker for the Neuroscience Institute’s Rising Star Postdoctoral Seminar Series at the University of Chicago with her research on bioacoustics. Link to my webpage: https://cming8.wixsite.com/mysite

Systems commonly encountered in diverse scientific domains are complex, highly interconnected, and dynamic. These include the processes and mechanisms previously confined to biology, quantum science, social science, etc., which are increasingly studied and analyzed from a systems-theoretic viewpoint. The ability to decode the structural and dynamic information of such dynamical systems using observation (or measurement) data and the capability to precisely manipulate them are both essential steps toward enabling their safe and efficient deployment in critical applications. In this talk, I will present some of the emerging learning and control problems associated with dynamic population systems and networks, including data-integrated methods for control synthesis, perturbation-based inference of nonlinear dynamic networks, and moment-based methods for ensemble control. In particular, I will present the bottlenecks associated with these challenging yet critical problems, motivating the need for a synergy between systems and control theory and techniques from artificial intelligence to build novel mathematically grounded tools that enable systematic solutions to these complex problems. In this context, in the first part of my talk, I will present some of the recent developments in solving inference problems for decoding the dynamics and the connectivity structure of nonlinear dynamical networks. Then, I will present model-agnostic data-integrated methods for solving optimal control problems associated with complex dynamic population systems such as neural networks and robotic systems. Bio: Vignesh Narayanan (Member, IEEE) received the B.Tech. Electrical and Electronics Engineering degree from SASTRA University, Thanjavur, India, the M.Tech. degree with specialization in Control Systems from the National Institute of Technology Kurukshetra, Haryana, India, in 2012 and 2014, respectively, and the Ph.D. degree from the Missouri University of Science and Technology, Rolla, MO, USA, in 2017. He joined the Applied Mathematics Lab and Brain Dynamics and Control Research Group in the Dept. of Electrical and Systems Engineering at the Washington University in St. Louis, where he is currently working as a postdoctoral research associate. His current research interests include learning and adaptation in dynamic population systems, complex dynamic networks, reinforcement learning, and computational neuroscience. Wednesday, March 24 at 11 am https://zoom.us/j/95594086334?pwd=dlJvdmhhOENOZE9qY1dhM1g4SmVPUT09 Meeting ID: 955 9408 6334 Passcode: 1928