EAGER: Invisible Shield: Can Compression Harden Deep Neural Networks Universally Against Adversarial Attacks?

EAGER:隐形盾牌:压缩能否使深层神经网络普遍抵御对抗性攻击?

基本信息

  • 批准号:
    2011260
  • 负责人:
  • 金额:
    $ 14.92万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2019
  • 资助国家:
    美国
  • 起止时间:
    2019-11-07 至 2021-08-31
  • 项目状态:
    已结题

项目摘要

Deep neural networks (DNNs) are finding applications in wide-ranging applications such as image recognition, medical diagnosis and self-driving cars. However, DNNs suffer from a security threat: decisions can be misled by adversarial inputs crafted by adding human-imperceptible perturbations into normal inputs during training of DNN model. Defending against adversarial attacks is challenging due to multiple attack vectors, unknown adversary's strategies and cost. This project investigates a compression/decompression-based defense strategy to protect DNNs against any attack, with low cost and high accuracy. The project aims to create a new paradigm of safeguarding DNNs from a radically different perspective by using signal compression with a focus on integrating defenses into compression of the inputs and DNN models. The research tasks include: (i) developing defensive compression for visual/audio inputs to maximize defense efficiency without compromising testing accuracy; (ii) developing defensive model compression, and novel gradient masking/obfuscating methods without involving retraining, to universally harden DNN models; and (iii) conducting attack-defense evaluations through algorithm-level simulation and live platform experimentation.Any success from this EAGER project will be useful to research community interested in deep learning, hardware- and cyber- security, and multimedia. This project enhances economic opportunities by promoting wider applications of deep learning into realistic systems, and gives special attention to educating women and students from traditionally under-represented/under-served groups in Florida International University (FIU).The project repository will be stored on a publicly accessible server at FIU (http://web.eng.fiu.edu/wwen/). Data will be maintained for at least 5 years after the project period.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
深度神经网络(dnn)正在广泛应用于图像识别、医疗诊断和自动驾驶汽车等领域。然而,DNN面临着安全威胁:在DNN模型的训练过程中,通过在正常输入中添加人类难以察觉的扰动而精心制作的对抗性输入可能会误导决策。由于多种攻击载体、未知对手的策略和成本,防御对抗性攻击具有挑战性。本项目研究了一种基于压缩/解压缩的防御策略,以低成本和高精度保护dnn免受任何攻击。该项目旨在通过使用信号压缩,从完全不同的角度创建一个保护DNN的新范例,重点是将防御集成到输入和DNN模型的压缩中。研究任务包括:(i)开发视觉/音频输入的防御压缩,在不影响测试准确性的情况下最大限度地提高防御效率;(ii)开发防御性模型压缩,以及不涉及再训练的新型梯度掩蔽/混淆方法,以普遍强化DNN模型;(iii)通过算法级仿真和实时平台实验进行攻防评估。这个EAGER项目的任何成功都将对对深度学习、硬件和网络安全以及多媒体感兴趣的研究团体有用。该项目通过促进深度学习在现实系统中的更广泛应用来增加经济机会,并特别关注佛罗里达国际大学(FIU)女性和传统上代表性不足/服务不足群体的学生的教育。项目存储库将存储在FIU的一个可公开访问的服务器上(http://web.eng.fiu.edu/wwen/)。数据将在项目结束后至少保存5年。该奖项反映了美国国家科学基金会的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。

项目成果

期刊论文数量(7)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Efficient Implementation of Finite Field Arithmetic for Binary Ring-LWE Post-Quantum Cryptography Through a Novel Lookup-Table-Like Method
通过新颖的类查找表方法有效实现二元环 LWE 后量子密码学的有限域算法
Model Compression Hardens Deep Neural Networks: A New Perspective to Prevent Adversarial Attacks
An Image Enhancing Pattern-based Sparsity for Real-time Inference on Mobile Devices
  • DOI:
    10.1007/978-3-030-58601-0_37
  • 发表时间:
    2020-01
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Xiaolong Ma;Wei Niu;Tianyun Zhang;Sijia Liu;Fu-Ming Guo;Sheng Lin;Hongjia Li;Xiang Chen;Jian Tang;Kaisheng Ma;Bin Ren;Yanzhi Wang
  • 通讯作者:
    Xiaolong Ma;Wei Niu;Tianyun Zhang;Sijia Liu;Fu-Ming Guo;Sheng Lin;Hongjia Li;Xiang Chen;Jian Tang;Kaisheng Ma;Bin Ren;Yanzhi Wang
StegoNet: Turn Deep Neural Network into a Stegomalware
Concurrent Weight Encoding-based Detection for Bit-Flip Attack on Neural Network Accelerators
{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Wujie Wen其他文献

EFENDING DNN A DVERSARIAL A TTACKS WITH P RUNING AND L OGITS A UGMENTATION
通过剪枝和逻辑增强来防御 DNN 对抗攻击
  • DOI:
  • 发表时间:
    2018
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Shaokai Ye;Siyue Wang;Xiao Wang;Bo Yuan;Wujie Wen;X. Lin
  • 通讯作者:
    X. Lin
AdaPI: Facilitating DNN Model Adaptivity for Efficient Private Inference in Edge Computing
AdaPI:促进 DNN 模型适应性,以实现边缘计算中的高效私有推理
  • DOI:
  • 发表时间:
    2024
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Tong Zhou;Jiahui Zhao;Yukui Luo;Xi Xie;Wujie Wen;Caiwen Ding;Xiaolin Xu
  • 通讯作者:
    Xiaolin Xu
Deep-evasion: Turn deep neural network into evasive self-contained cyber-physical malware: poster
深度规避:将深度神经网络变成规避的独立网络物理恶意软件:海报
FlexLevel NAND Flash Storage System Design to Reduce LDPC Latency
FlexLevel NAND 闪存存储系统设计可减少 LDPC 延迟
Error Characterization and Correction Techniques for Reliable STT-RAM Designs
  • DOI:
  • 发表时间:
    2015-09
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Wujie Wen
  • 通讯作者:
    Wujie Wen

Wujie Wen的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Wujie Wen', 18)}}的其他基金

SPX: Collaborative Research: Scalable Neural Network Paradigms to Address Variability in Emerging Device based Platforms for Large Scale Neuromorphic Computing
SPX:协作研究:可扩展神经网络范式,以解决基于新兴设备的大规模神经形态计算平台的可变性
  • 批准号:
    2401544
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Standard Grant
CAREER: Dependable and Secure Machine Learning Acceleration from Untrusted Hardware
职业:来自不受信任的硬件的可靠且安全的机器学习加速
  • 批准号:
    2238873
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Accelerating Privacy-Preserving Machine Learning as a Service: From Algorithm to Hardware
协作研究:SaTC:核心:中:加速保护隐私的机器学习即服务:从算法到硬件
  • 批准号:
    2247891
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Continuing Grant
CAREER: Dependable and Secure Machine Learning Acceleration from Untrusted Hardware
职业:来自不受信任的硬件的可靠且安全的机器学习加速
  • 批准号:
    2349538
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Accelerating Privacy-Preserving Machine Learning as a Service: From Algorithm to Hardware
协作研究:SaTC:核心:中:加速保护隐私的机器学习即服务:从算法到硬件
  • 批准号:
    2348733
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Continuing Grant
SHF: Small: Collaborative Research: Retraining-free Concurrent Test and Diagnosis in Emerging Neural Network Accelerators
SHF:小型:协作研究:新兴神经网络加速器中的免再训练并发测试和诊断
  • 批准号:
    2011236
  • 财政年份:
    2019
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Standard Grant
SPX: Collaborative Research: Scalable Neural Network Paradigms to Address Variability in Emerging Device based Platforms for Large Scale Neuromorphic Computing
SPX:协作研究:可扩展神经网络范式,以解决基于新兴设备的大规模神经形态计算平台的可变性
  • 批准号:
    1919182
  • 财政年份:
    2019
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Standard Grant
SPX: Collaborative Research: Scalable Neural Network Paradigms to Address Variability in Emerging Device based Platforms for Large Scale Neuromorphic Computing
SPX:协作研究:可扩展神经网络范式,以解决基于新兴设备的大规模神经形态计算平台的可变性
  • 批准号:
    2006748
  • 财政年份:
    2019
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Standard Grant
SHF: Small: Collaborative Research: Retraining-free Concurrent Test and Diagnosis in Emerging Neural Network Accelerators
SHF:小型:协作研究:新兴神经网络加速器中的免再训练并发测试和诊断
  • 批准号:
    1910022
  • 财政年份:
    2019
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Standard Grant
EAGER: Invisible Shield: Can Compression Harden Deep Neural Networks Universally Against Adversarial Attacks?
EAGER:隐形盾牌:压缩能否使深层神经网络普遍抵御对抗性攻击?
  • 批准号:
    1840813
  • 财政年份:
    2018
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Standard Grant

相似海外基金

Invisible diversity of reef-building corals: visualization, estimation of causes and prediction of the future
造礁珊瑚的无形多样性:可视化、原因估计和未来预测
  • 批准号:
    23H00529
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Grant-in-Aid for Scientific Research (A)
Invisible Labour: Women's Experimental Art in East-Central Europe, 1970-1989
无形的劳动:中东欧女性的实验艺术,1970-1989
  • 批准号:
    2882025
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Studentship
Practical Research to Promote Self-Understanding in Children with Invisible Disabilities; Focusing on Low Vision Children
促进隐形残疾儿童自我理解的实践研究;
  • 批准号:
    23K02568
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Grant-in-Aid for Scientific Research (C)
Development of 320x256 pixel metamaterial infrared image sensors for visualizing invisible gases
开发用于可视化不可见气体的 320x256 像素超材料红外图像传感器
  • 批准号:
    23H01883
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
CRII: RI: Modeling and Understanding the Invisible World in Thermal Modality
CRII:RI:用热模态建模和理解无形世界
  • 批准号:
    2334246
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Standard Grant
DISES: Understanding invisible socio-environmental systems through pesticide exposure across human-wildlife interactions in tropical forest-agricultural mosaics
疾病:通过热带森林-农业马赛克中人类与野生动物相互作用中农药暴露来了解无形的社会环境系统
  • 批准号:
    2307519
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Standard Grant
Automatic identification of early bone loss patterns from radiographs invisible to human eyes for early periodontal disease diagnosis and prevention
从人眼看不见的射线照片中自动识别早期骨质流失模式,用于早期牙周病的诊断和预防
  • 批准号:
    10723693
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
Invisible display-camera visible light communications using adversarial samples
使用对抗样本的隐形显示相机可见光通信
  • 批准号:
    23H01413
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
Making the invisible, visible: co-creating novel approaches to endometriosis pain communication
让无形变为可见:共同创造子宫内膜异位症疼痛沟通的新方法
  • 批准号:
    AH/X012034/1
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Research Grant
Advanced paleo-tsunami magnitude estimation: tracing "invisible" tsunami evidence with geochemical markers
先进的古海啸震级估计:用地球化学标记追踪“看不见的”海啸证据
  • 批准号:
    23H01259
  • 财政年份:
    2023
  • 资助金额:
    $ 14.92万
  • 项目类别:
    Grant-in-Aid for Scientific Research (B)
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了