EAGER: Invisible Shield: Can Compression Harden Deep Neural Networks Universally Against Adversarial Attacks?

EAGER：隐形盾牌：压缩能否使深层神经网络普遍抵御对抗性攻击？

• 批准号: 2011260
• 负责人: Wujie Wen
• 金额: $ 14.92万
• 依托单位: Lehigh University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-11-07 至 2021-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2011260&HistoricalAwards=false
• 关键词: EAGER; Invisible; Shield; Compression; Harden

Deep neural networks (DNNs) are finding applications in wide-ranging applications such as image recognition, medical diagnosis and self-driving cars. However, DNNs suffer from a security threat: decisions can be misled by adversarial inputs crafted by adding human-imperceptible perturbations into normal inputs during training of DNN model. Defending against adversarial attacks is challenging due to multiple attack vectors, unknown adversary's strategies and cost. This project investigates a compression/decompression-based defense strategy to protect DNNs against any attack, with low cost and high accuracy. The project aims to create a new paradigm of safeguarding DNNs from a radically different perspective by using signal compression with a focus on integrating defenses into compression of the inputs and DNN models. The research tasks include: (i) developing defensive compression for visual/audio inputs to maximize defense efficiency without compromising testing accuracy; (ii) developing defensive model compression, and novel gradient masking/obfuscating methods without involving retraining, to universally harden DNN models; and (iii) conducting attack-defense evaluations through algorithm-level simulation and live platform experimentation.Any success from this EAGER project will be useful to research community interested in deep learning, hardware- and cyber- security, and multimedia. This project enhances economic opportunities by promoting wider applications of deep learning into realistic systems, and gives special attention to educating women and students from traditionally under-represented/under-served groups in Florida International University (FIU).The project repository will be stored on a publicly accessible server at FIU (http://web.eng.fiu.edu/wwen/). Data will be maintained for at least 5 years after the project period.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

深度神经网络（DNN）正在寻找在大型应用中的应用，例如图像识别，医疗诊断和自动驾驶汽车。但是，DNN遭受了安全威胁的困扰：通过在训练DNN模型期间，通过将人类侵蚀性的扰动添加到正常输入中，可以通过将人类侵蚀性扰动添加到正常输入中而误导决策。由于多个攻击媒介，未知的对手的策略和成本，防御对抗攻击的防御是具有挑战性的。该项目调查了一种基于压缩/减压的防御策略，以保护DNN免受任何攻击，较低的成本和高精度。该项目旨在通过使用信号压缩来从根本不同的角度创建一个新的保护DNN范式，重点是将防御范围集成到输入和DNN模型的压缩中。研究任务包括：（i）为视觉/音频输入开发防御性压缩，以最大程度地提高防御效率，而不会损害测试精度； （ii）开发防御模型压缩，以及新颖的梯度掩盖/混淆方法，而无需涉及重新训练，以普遍硬化DNN模型； （iii）通过算法级别的仿真和实时平台实验进行攻击防御评估。该渴望项目的成功对对深度学习，硬件和网络安全以及多媒体感兴趣的研究社区都有用。该项目通过促进深度学习在现实系统中的广泛应用来增强经济机会，并特别关注佛罗里达国际大学（FIU）传统上代表性不足/服务不足的群体的妇女和学生。该项目存储库将存储在FIU的公共访问服务器上（http://web.eng.eng.eng.fiu.fiu.edu.edu.edu.edu/wewween/wewwesn/- 该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛的审查标准来评估，这将在项目期间结束后至少维持5年。

项目成果

Efficient Implementation of Finite Field Arithmetic for Binary Ring-LWE Post-Quantum Cryptography Through a Novel Lookup-Table-Like Method

通过新颖的类查找表方法有效实现二元环 LWE 后量子密码学的有限域算法

• 发表时间: 2021
• 期刊: Proc. ACM/IEEE 58th Design Automation Conference (DAC
• 作者: Xie, Jiafeng;He, Pengzhou;Wen, Wujie
• 通讯作者: Wen, Wujie

Model Compression Hardens Deep Neural Networks: A New Perspective to Prevent Adversarial Attacks

• DOI: 10.1109/tnnls.2021.3089128
• 发表时间: 2021-06-25
• 期刊: IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS
• 影响因子: 10.4
• 作者: Liu, Qi;Wen, Wujie
• 通讯作者: Wen, Wujie

An Image Enhancing Pattern-based Sparsity for Real-time Inference on Mobile Devices

• DOI: 10.1007/978-3-030-58601-0_37
• 发表时间: 2020-01
• 期刊: ArXiv
• 作者: Xiaolong Ma;Wei Niu;Tianyun Zhang;Sijia Liu;Fu-Ming Guo;Sheng Lin;Hongjia Li;Xiang Chen;Jian Tang;Kaisheng Ma;Bin Ren;Yanzhi Wang

StegoNet: Turn Deep Neural Network into a Stegomalware

• DOI: 10.1145/3427228.3427268
• 发表时间: 2020-12
• 期刊: Proceedings of the 36th Annual Computer Security Applications Conference
• 作者: Tao Liu;Zihao Liu;Qi Liu;Wujie Wen;Wenyao Xu;Ming Li

Stealing Your Data from Compressed Machine Learning Models

从压缩的机器学习模型中窃取数据

• DOI: 10.1109/dac18072.2020.9218633
• 发表时间: 2020
• 期刊: 2020 57th ACM/IEEE Design Automation Conference (DAC
• 作者: Xu, Nuo;Liu, Qi;Liu, Tao;Liu, Zihao;Guo, Xiaochen;Wen, Wujie
• 通讯作者: Wen, Wujie