-
Fault Tolerance of Neural Networks in Adversarial Settings
Authors:
Vasisht Duddu,
N. Rajesh Pillai,
D. Vijay Rao,
Valentina E. Balas
Abstract:
Artificial Intelligence systems require a through assessment of different pillars of trust, namely, fairness, interpretability, data and model privacy, reliability (safety) and robustness against against adversarial attacks. While these research problems have been extensively studied in isolation, an understanding of the trade-off between different pillars of trust is lacking. To this extent, the…
▽ More
Artificial Intelligence systems require a through assessment of different pillars of trust, namely, fairness, interpretability, data and model privacy, reliability (safety) and robustness against against adversarial attacks. While these research problems have been extensively studied in isolation, an understanding of the trade-off between different pillars of trust is lacking. To this extent, the trade-off between fault tolerance, privacy and adversarial robustness is evaluated for the specific case of Deep Neural Networks, by considering two adversarial settings under a security and a privacy threat model. Specifically, this work studies the impact of the fault tolerance of the Neural Network on training the model by adding noise to the input (Adversarial Robustness) and noise to the gradients (Differential Privacy). While training models with noise to inputs, gradients or weights enhances fault tolerance, it is observed that adversarial robustness and fault tolerance are at odds with each other. On the other hand, ($ε,δ$)-Differentially Private models enhance the fault tolerance, measured using generalisation error, theoretically has an upper bound of $e^ε - 1 + δ$. This novel study of the trade-off between different elements of trust is pivotal for training a model which satisfies the requirements for different pillars of trust simultaneously.
△ Less
Submitted 7 March, 2020; v1 submitted 30 October, 2019;
originally announced October 2019.
-
Towards Enhancing Fault Tolerance in Neural Networks
Authors:
Vasisht Duddu,
D. Vijay Rao,
Valentina E. Balas
Abstract:
Deep Learning Accelerators are prone to faults which manifest in the form of errors in Neural Networks. Fault Tolerance in Neural Networks is crucial in real-time safety critical applications requiring computation for long durations. Neural Networks with high regularisation exhibit superior fault tolerance, however, at the cost of classification accuracy. In the view of difference in functionality…
▽ More
Deep Learning Accelerators are prone to faults which manifest in the form of errors in Neural Networks. Fault Tolerance in Neural Networks is crucial in real-time safety critical applications requiring computation for long durations. Neural Networks with high regularisation exhibit superior fault tolerance, however, at the cost of classification accuracy. In the view of difference in functionality, a Neural Network is modelled as two separate networks, i.e, the Feature Extractor with unsupervised learning objective and the Classifier with a supervised learning objective. Traditional approaches of training the entire network using a single supervised learning objective is insufficient to achieve the objectives of the individual components optimally. In this work, a novel multi-criteria objective function, combining unsupervised training of the Feature Extractor followed by supervised tuning with Classifier Network is proposed. The unsupervised training solves two games simultaneously in the presence of adversary neural networks with conflicting objectives to the Feature Extractor. The first game minimises the loss in reconstructing the input image for indistinguishability given the features from the Extractor, in the presence of a generative decoder. The second game solves a minimax constraint optimisation for distributional smoothening of feature space to match a prior distribution, in the presence of a Discriminator network. The resultant strongly regularised Feature Extractor is combined with the Classifier Network for supervised fine-tuning. The proposed Adversarial Fault Tolerant Neural Network Training is scalable to large networks and is independent of the architecture. The evaluation on benchmarking datasets: FashionMNIST and CIFAR10, indicates that the resultant networks have high accuracy with superior tolerance to stuck at "0" faults compared to widely used regularisers.
△ Less
Submitted 29 May, 2021; v1 submitted 6 July, 2019;
originally announced July 2019.
-
Stealing Neural Networks via Timing Side Channels
Authors:
Vasisht Duddu,
Debasis Samanta,
D Vijay Rao,
Valentina E. Balas
Abstract:
Deep learning is gaining importance in many applications. However, Neural Networks face several security and privacy threats. This is particularly significant in the scenario where Cloud infrastructures deploy a service with Neural Network model at the back end. Here, an adversary can extract the Neural Network parameters, infer the regularization hyperparameter, identify if a data point was part…
▽ More
Deep learning is gaining importance in many applications. However, Neural Networks face several security and privacy threats. This is particularly significant in the scenario where Cloud infrastructures deploy a service with Neural Network model at the back end. Here, an adversary can extract the Neural Network parameters, infer the regularization hyperparameter, identify if a data point was part of the training data, and generate effective transferable adversarial examples to evade classifiers. This paper shows how a Neural Network model is susceptible to timing side channel attack. In this paper, a black box Neural Network extraction attack is proposed by exploiting the timing side channels to infer the depth of the network. Although, constructing an equivalent architecture is a complex search problem, it is shown how Reinforcement Learning with knowledge distillation can effectively reduce the search space to infer a target model. The proposed approach has been tested with VGG architectures on CIFAR10 data set. It is observed that it is possible to reconstruct substitute models with test accuracy close to the target models and the proposed approach is scalable and independent of type of Neural Network architectures.
△ Less
Submitted 8 July, 2019; v1 submitted 31 December, 2018;
originally announced December 2018.
-
Cross-Sensor Iris Recognition: LG4000-to-LG2200 Comparison
Authors:
Nicolaie Popescu-Bodorin,
Lucian Stefanita Grigore,
Valentina Emilia Balas,
Cristina Madalina Noaica,
Ionut Axenie,
Justinian Popa,
Cristian Munteanu,
Victor Stroescu,
Ionut Manu,
Alexandru Herea,
Kartal Horasanli,
Iulia Maria Motoc
Abstract:
Cross-sensor comparison experimental results reported here show that the procedure defined and simulated during the Cross-Sensor Comparison Competition 2013 by our team for migrating / upgrading LG2200 based to LG4000 based biometric systems leads to better LG4000-to-LG2200 cross-sensor iris recognition results than previously reported, both in terms of user comfort and in terms of system safety.…
▽ More
Cross-sensor comparison experimental results reported here show that the procedure defined and simulated during the Cross-Sensor Comparison Competition 2013 by our team for migrating / upgrading LG2200 based to LG4000 based biometric systems leads to better LG4000-to-LG2200 cross-sensor iris recognition results than previously reported, both in terms of user comfort and in terms of system safety. On the other hand, LG2200-to-LG400 migration/upgrade procedure defined and implemented by us is applicable to solve interoperability issues between LG2200 based and LG4000 based systems, but also to other pairs of systems having the same shift in the quality of acquired images.
△ Less
Submitted 5 January, 2018;
originally announced January 2018.
-
The Biometric Menagerie - A Fuzzy and Inconsistent Concept
Authors:
Nicolaie Popescu-Bodorin,
Valentina E. Balas,
Iulia M. Motoc
Abstract:
This paper proves that in iris recognition, the concepts of sheep, goats, lambs and wolves - as proposed by Doddington and Yager in the so-called Biometric Menagerie, are at most fuzzy and at least not quite well defined. They depend not only on the users or on their biometric templates, but also on the parameters that calibrate the iris recognition system. This paper shows that, in the case of ir…
▽ More
This paper proves that in iris recognition, the concepts of sheep, goats, lambs and wolves - as proposed by Doddington and Yager in the so-called Biometric Menagerie, are at most fuzzy and at least not quite well defined. They depend not only on the users or on their biometric templates, but also on the parameters that calibrate the iris recognition system. This paper shows that, in the case of iris recognition, the extensions of these concepts have very unsharp and unstable (non-stationary) boundaries. The membership of a user to these categories is more often expressed as a degree (as a fuzzy value) rather than as a crisp value. Moreover, they are defined by fuzzy Sugeno rules instead of classical (crisp) definitions. For these reasons, we said that the Biometric Menagerie proposed by Doddington and Yager could be at most a fuzzy concept of biometry, but even this status is conditioned by improving its definition. All of these facts are confirmed experimentally in a series of 12 exhaustive iris recognition tests undertaken for University of Bath Iris Image Database while using three different iris code dimensions (256x16, 128x8 and 64x4), two different iris texture encoders (Log-Gabor and Haar-Hilbert) and two different types of safety models.
△ Less
Submitted 27 September, 2012;
originally announced September 2012.
-
Combined Haar-Hilbert and Log-Gabor Based Iris Encoders
Authors:
Valentina E. Balas,
Iulia M. Motoc,
Alina Barbulescu
Abstract:
This chapter shows that combining Haar-Hilbert and Log-Gabor improves iris recognition performance leading to a less ambiguous biometric decision landscape in which the overlap between the experimental intra- and interclass score distributions diminishes or even vanishes. Haar-Hilbert, Log-Gabor and combined Haar-Hilbert and Log-Gabor encoders are tested here both for single and dual iris approach…
▽ More
This chapter shows that combining Haar-Hilbert and Log-Gabor improves iris recognition performance leading to a less ambiguous biometric decision landscape in which the overlap between the experimental intra- and interclass score distributions diminishes or even vanishes. Haar-Hilbert, Log-Gabor and combined Haar-Hilbert and Log-Gabor encoders are tested here both for single and dual iris approach. The experimental results confirm that the best performance is obtained for the dual iris approach when the iris code is generated using the combined Haar-Hilbert and Log-Gabor encoder, and when the matching score fuses the information from both Haar-Hilbert and Log-Gabor channels of the combined encoder.
△ Less
Submitted 8 February, 2012;
originally announced February 2012.
-
8-Valent Fuzzy Logic for Iris Recognition and Biometry
Authors:
N. Popescu-Bodorin,
V. E. Balas,
I. M. Motoc
Abstract:
This paper shows that maintaining logical consistency of an iris recognition system is a matter of finding a suitable partitioning of the input space in enrollable and unenrollable pairs by negotiating the user comfort and the safety of the biometric system. In other words, consistent enrollment is mandatory in order to preserve system consistency. A fuzzy 3-valued disambiguated model of iris reco…
▽ More
This paper shows that maintaining logical consistency of an iris recognition system is a matter of finding a suitable partitioning of the input space in enrollable and unenrollable pairs by negotiating the user comfort and the safety of the biometric system. In other words, consistent enrollment is mandatory in order to preserve system consistency. A fuzzy 3-valued disambiguated model of iris recognition is proposed and analyzed in terms of completeness, consistency, user comfort and biometric safety. It is also shown here that the fuzzy 3-valued model of iris recognition is hosted by an 8-valued Boolean algebra of modulo 8 integers that represents the computational formalization in which a biometric system (a software agent) can achieve the artificial understanding of iris recognition in a logically consistent manner.
△ Less
Submitted 8 November, 2011;
originally announced November 2011.
-
Iris Codes Classification Using Discriminant and Witness Directions
Authors:
N. Popescu-Bodorin,
V. E. Balas,
I. M. Motoc
Abstract:
The main topic discussed in this paper is how to use intelligence for biometric decision defuzzification. A neural training model is proposed and tested here as a possible solution for dealing with natural fuzzification that appears between the intra- and inter-class distribution of scores computed during iris recognition tests. It is shown here that the use of proposed neural network support lead…
▽ More
The main topic discussed in this paper is how to use intelligence for biometric decision defuzzification. A neural training model is proposed and tested here as a possible solution for dealing with natural fuzzification that appears between the intra- and inter-class distribution of scores computed during iris recognition tests. It is shown here that the use of proposed neural network support leads to an improvement in the artificial perception of the separation between the intra- and inter-class score distributions by moving them away from each other.
△ Less
Submitted 8 November, 2011; v1 submitted 28 October, 2011;
originally announced October 2011.
-
From Cognitive Binary Logic to Cognitive Intelligent Agents
Authors:
Nicolaie Popescu-Bodorin,
Valentina E. Balas
Abstract:
The relation between self awareness and intelligence is an open problem these days. Despite the fact that self awarness is usually related to Emotional Intelligence, this is not the case here. The problem described in this paper is how to model an agent which knows (Cognitive) Binary Logic and which is also able to pass (without any mistake) a certain family of Turing Tests designed to verify its…
▽ More
The relation between self awareness and intelligence is an open problem these days. Despite the fact that self awarness is usually related to Emotional Intelligence, this is not the case here. The problem described in this paper is how to model an agent which knows (Cognitive) Binary Logic and which is also able to pass (without any mistake) a certain family of Turing Tests designed to verify its knowledge and its discourse about the modal states of truth corresponding to well-formed formulae within the language of Propositional Binary Logic.
△ Less
Submitted 18 June, 2011;
originally announced June 2011.
-
Exploratory simulation of an Intelligent Iris Verifier Distributed System
Authors:
Nicolaie Popescu-Bodorin,
Valentina E. Balas
Abstract:
This paper discusses some topics related to the latest trends in the field of evolutionary approaches to iris recognition. It presents the results of an exploratory experimental simulation whose goal was to analyze the possibility of establishing an Interchange Protocol for Digital Identities evolved in different geographic locations interconnected through and into an Intelligent Iris Verifier Dis…
▽ More
This paper discusses some topics related to the latest trends in the field of evolutionary approaches to iris recognition. It presents the results of an exploratory experimental simulation whose goal was to analyze the possibility of establishing an Interchange Protocol for Digital Identities evolved in different geographic locations interconnected through and into an Intelligent Iris Verifier Distributed System (IIVDS) based on multi-enrollment. Finding a logically consistent model for the Interchange Protocol is the key factor in designing the future large-scale iris biometric networks. Therefore, the logical model of such a protocol is also investigated here. All tests are made on Bath Iris Database and prove that outstanding power of discrimination between the intra- and the inter-class comparisons can be achieved by an IIVDS, even when practicing 52.759.182 inter-class and 10.991.943 intra-class comparisons. Still, the test results confirm that inconsistent enrollment can change the logic of recognition from a fuzzified 2-valent consistent logic of biometric certitudes to a fuzzified 3-valent inconsistent possibilistic logic of biometric beliefs justified through experimentally determined probabilities, or to a fuzzified 8-valent logic which is almost consistent as a biometric theory - this quality being counterbalanced by an absolutely reasonable loss in the user comfort level.
△ Less
Submitted 18 June, 2011;
originally announced June 2011.
-
Comparing Haar-Hilbert and Log-Gabor Based Iris Encoders on Bath Iris Image Database
Authors:
Nicolaie Popescu-Bodorin,
Valentina E. Balas
Abstract:
This papers introduces a new family of iris encoders which use 2-dimensional Haar Wavelet Transform for noise attenuation, and Hilbert Transform to encode the iris texture. In order to prove the usefulness of the newly proposed iris encoding approach, the recognition results obtained by using these new encoders are compared to those obtained using the classical Log- Gabor iris encoder. Twelve test…
▽ More
This papers introduces a new family of iris encoders which use 2-dimensional Haar Wavelet Transform for noise attenuation, and Hilbert Transform to encode the iris texture. In order to prove the usefulness of the newly proposed iris encoding approach, the recognition results obtained by using these new encoders are compared to those obtained using the classical Log- Gabor iris encoder. Twelve tests involving single/multienrollment and conducted on Bath Iris Image Database are presented here. One of these tests achieves an Equal Error Rate comparable to the lowest value reported so far for this database. New Matlab tools for iris image processing are also released together with this paper: a second version of the Circular Fuzzy Iris Segmentator (CFIS2), a fast Log-Gabor encoder and two Haar-Hilbert based encoders.
△ Less
Submitted 12 June, 2011;
originally announced June 2011.