Xiaoyu Cao scite author profile

Deep neural networks (DNNs) have transformed several arti cial intelligence research areas including computer vision, speech recognition, and natural language processing. However, recent studies demonstrated that DNNs are vulnerable to adversarial manipulations at testing time. Speci cally, suppose we have a testing example, whose label can be correctly predicted by a DNN classi er. An a acker can add a small carefully cra ed noise to the testing example such that the DNN classi er predicts an incorrect label, where the cra ed testing example is called adversarial example. Such a acks are called evasion a acks. Evasion a acks are one of the biggest challenges for deploying DNNs in safety and security critical applications such as self-driving cars. In this work, we develop new methods to defend against evasion a acks. Our key observation is that adversarial examples are close to the classi cation boundary. erefore, we propose region-based classi cation to be robust to adversarial examples. For a benign/adversarial testing example, we ensemble information in a hypercube centered at the example to predict its label. Speci cally, we sample some data points from the hypercube centered at the testing example in the input space; we use an existing DNN to predict the label for each sampled data point; and we take a majority vote among the labels of the sampled data points as the label for the testing example. In contrast, traditional classi ers are point-based classi cation, i.e., given a testing example, the classi er predicts its label based on the testing example alone. Our evaluation results on MNIST and CIFAR-10 datasets demonstrate that our region-based classi cation can signi cantly mitigate evasion a acks without sacri cing classi cation accuracy on benign examples. Speci cally, our region-based classi cation achieves the same classi cation accuracy on testing benign examples as point-based classi cation, but our region-based classi cation is signi cantly more robust than point-based classi cation to various evasion a acks.

show abstract

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

Cao

et al. 2021

View full text Add to dashboard Cite

Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing

Jia

Wang

Cao

et al. 2020

View full text Add to dashboard Cite

Community detection plays a key role in understanding graph structure. However, several recent studies showed that community detection is vulnerable to adversarial structural perturbation. In particular, via adding or removing a small number of carefully selected edges in a graph, an attacker can manipulate the detected communities. However, to the best of our knowledge, there are no studies on certifying robustness of community detection against such adversarial structural perturbation. In this work, we aim to bridge this gap. Specifically, we develop the first certified robustness guarantee of community detection against adversarial structural perturbation. Given an arbitrary community detection method, we build a new smoothed community detection method via randomly perturbing the graph structure. We theoretically show that the smoothed community detection method provably groups a given arbitrary set of nodes into the same community (or different communities) when the number of edges added/removed by an attacker is bounded. Moreover, we show that our certified robustness is tight. We also empirically evaluate our method on multiple real-world graphs with ground truth communities.

show abstract

Breaking the Rate-Loss Bound of Quantum Key Distribution with Asynchronous Two-Photon Interference

et al. 2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Xiaoyu Cao

Mitigating Evasion Attacks to Deep Neural Networks via Region-based Classification

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

Certified Robustness of Community Detection against Adversarial Structural Perturbation via Randomized Smoothing

Breaking the Rate-Loss Bound of Quantum Key Distribution with Asynchronous Two-Photon Interference

Contact Info

Product

Resources

About