EAGER: Invisible Shield: Can Compression Harden Deep Neural Networks Universally Against Adversarial Attacks?

EAGER：隐形盾牌：压缩能否使深层神经网络普遍抵御对抗性攻击？

• 批准号: 1840813
• 负责人: Wujie Wen
• 金额: $ 25万
• 依托单位: Florida International University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-09-01 至 2020-01-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1840813&HistoricalAwards=false
• 关键词: EAGER; Invisible; Shield; Compression; Harden

Deep neural networks (DNNs) are finding applications in wide-ranging applications such as image recognition, medical diagnosis and self-driving cars. However, DNNs suffer from a security threat: decisions can be misled by adversarial inputs crafted by adding human-imperceptible perturbations into normal inputs during training of DNN model. Defending against adversarial attacks is challenging due to multiple attack vectors, unknown adversary's strategies and cost. This project investigates a compression/decompression-based defense strategy to protect DNNs against any attack, with low cost and high accuracy. The project aims to create a new paradigm of safeguarding DNNs from a radically different perspective by using signal compression with a focus on integrating defenses into compression of the inputs and DNN models. The research tasks include: (i) developing defensive compression for visual/audio inputs to maximize defense efficiency without compromising testing accuracy; (ii) developing defensive model compression, and novel gradient masking/obfuscating methods without involving retraining, to universally harden DNN models; and (iii) conducting attack-defense evaluations through algorithm-level simulation and live platform experimentation.Any success from this EAGER project will be useful to research community interested in deep learning, hardware- and cyber- security, and multimedia. This project enhances economic opportunities by promoting wider applications of deep learning into realistic systems, and gives special attention to educating women and students from traditionally under-represented/under-served groups in Florida International University (FIU).The project repository will be stored on a publicly accessible server at FIU (http://web.eng.fiu.edu/wwen/). Data will be maintained for at least 5 years after the project period.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

深度神经网络（DNN）在图像识别、医疗诊断和自动驾驶汽车等广泛应用中得到应用。然而，DNN面临着一个安全威胁：在DNN模型的训练过程中，通过将人类无法感知的扰动添加到正常输入中，可以通过对抗性输入来误导决策。由于攻击向量的多样性、攻击者的策略和攻击成本的未知性，对抗性攻击具有挑战性。该项目研究了一种基于压缩/解压缩的防御策略，以保护DNN免受任何攻击，具有低成本和高准确性。该项目旨在通过使用信号压缩，重点是将防御集成到输入和DNN模型的压缩中，从完全不同的角度创建保护DNN的新范式。研究任务包括：（i）开发针对视觉/音频输入的防御性压缩，以在不影响测试准确性的情况下最大化防御效率;（ii）开发防御性模型压缩和新的梯度掩蔽/混淆方法，而不涉及重新训练，以普遍强化DNN模型;以及（iii）通过算法进行攻防评估-EAGER项目的任何成功都将有助于对深度学习、硬件和网络安全以及多媒体感兴趣的研究社区。该项目通过促进深度学习在现实系统中的更广泛应用来增加经济机会，并特别关注佛罗里达国际大学（FIU）传统上代表性不足/服务不足群体的妇女和学生的教育。项目库将存储在FIU的公共访问服务器上（http：//web.eng.fiu.edu/wwen/）。 该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

3DICT: A Reliable and QoS Capable Mobile Process-In-Memory Architecture for Lookup-based CNNs in 3D XPoint ReRAMs

• DOI: 10.1145/3240765.3240767
• 发表时间: 2018-11
• 期刊: 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)
• 作者: Qian Lou;Wujie Wen;Lei Jiang

A system-level perspective to understand the vulnerability of deep learning systems

从系统级角度理解深度学习系统的脆弱性

• DOI: 10.1145/3287624.3288751
• 发表时间: 2019
• 期刊: 2019 IEEE 24th Asia and South Pacific Design Automation Conference (ASP-DAC
• 作者: Liu, Tao;Xu, Nuo;Liu, Qi;Wang, Yanzhi;Wen, Wujie
• 通讯作者: Wen, Wujie

A Systematic DNN Weight Pruning Framework using Alternating Direction Method of Multipliers

• DOI: 10.1007/978-3-030-01237-3_12
• 发表时间: 2018-04
• 作者: Tianyun Zhang;Shaokai Ye;Kaiqi Zhang;Jian Tang;Wujie Wen;M. Fardad;Yanzhi Wang