-
Poisoning $\times$ Evasion: Symbiotic Adversarial Robustness for Graph Neural Networks
Authors:
Ege Erdogan,
Simon Geisler,
Stephan Günnemann
Abstract:
It is well-known that deep learning models are vulnerable to small input perturbations. Such perturbed instances are called adversarial examples. Adversarial examples are commonly crafted to fool a model either at training time (poisoning) or test time (evasion). In this work, we study the symbiosis of poisoning and evasion. We show that combining both threat models can substantially improve the d…
▽ More
It is well-known that deep learning models are vulnerable to small input perturbations. Such perturbed instances are called adversarial examples. Adversarial examples are commonly crafted to fool a model either at training time (poisoning) or test time (evasion). In this work, we study the symbiosis of poisoning and evasion. We show that combining both threat models can substantially improve the devastating efficacy of adversarial attacks. Specifically, we study the robustness of Graph Neural Networks (GNNs) under structure perturbations and devise a memory-efficient adaptive end-to-end attack for the novel threat model using first-order optimization.
△ Less
Submitted 9 December, 2023;
originally announced December 2023.
-
Detecting ChatGPT: A Survey of the State of Detecting ChatGPT-Generated Text
Authors:
Mahdi Dhaini,
Wessel Poelman,
Ege Erdogan
Abstract:
While recent advancements in the capabilities and widespread accessibility of generative language models, such as ChatGPT (OpenAI, 2022), have brought about various benefits by generating fluent human-like text, the task of distinguishing between human- and large language model (LLM) generated text has emerged as a crucial problem. These models can potentially deceive by generating artificial text…
▽ More
While recent advancements in the capabilities and widespread accessibility of generative language models, such as ChatGPT (OpenAI, 2022), have brought about various benefits by generating fluent human-like text, the task of distinguishing between human- and large language model (LLM) generated text has emerged as a crucial problem. These models can potentially deceive by generating artificial text that appears to be human-generated. This issue is particularly significant in domains such as law, education, and science, where ensuring the integrity of text is of the utmost importance. This survey provides an overview of the current approaches employed to differentiate between texts generated by humans and ChatGPT. We present an account of the different datasets constructed for detecting ChatGPT-generated text, the various methods utilized, what qualitative analyses into the characteristics of human versus ChatGPT-generated text have been performed, and finally, summarize our findings into general insights
△ Less
Submitted 14 September, 2023;
originally announced September 2023.
-
SplitOut: Out-of-the-Box Training-Hijacking Detection in Split Learning via Outlier Detection
Authors:
Ege Erdogan,
Unat Teksen,
Mehmet Salih Celiktenyildiz,
Alptekin Kupcu,
A. Ercument Cicek
Abstract:
Split learning enables efficient and privacy-aware training of a deep neural network by splitting a neural network so that the clients (data holders) compute the first layers and only share the intermediate output with the central compute-heavy server. This paradigm introduces a new attack medium in which the server has full control over what the client models learn, which has already been exploit…
▽ More
Split learning enables efficient and privacy-aware training of a deep neural network by splitting a neural network so that the clients (data holders) compute the first layers and only share the intermediate output with the central compute-heavy server. This paradigm introduces a new attack medium in which the server has full control over what the client models learn, which has already been exploited to infer the private data of clients and to implement backdoors in the client models. Although previous work has shown that clients can successfully detect such training-hijacking attacks, the proposed methods rely on heuristics, require tuning of many hyperparameters, and do not fully utilize the clients' capabilities. In this work, we show that given modest assumptions regarding the clients' compute capabilities, an out-of-the-box outlier detection method can be used to detect existing training-hijacking attacks with almost-zero false positive rates. We conclude through experiments on different tasks that the simplicity of our approach we name SplitOut makes it a more viable and reliable alternative compared to the earlier detection methods.
△ Less
Submitted 11 December, 2023; v1 submitted 16 February, 2023;
originally announced February 2023.
-
Future Space Networks: Toward the Next Giant Leap for Humankind
Authors:
Mohammed Y. Abdelsadek,
Aizaz U. Chaudhry,
Tasneem Darwish,
Eylem Erdogan,
Gunes Karabulut-Kurt,
Pablo G. Madoery,
Olfa Ben Yahia,
Halim Yanikomeroglu
Abstract:
Due to the unprecedented advances in satellite fabrication and deployment, innovative communications and networking technologies, ambitious space projects and programs, and the resurgence of interest in satellite networks, there is a need to redefine space networks (SpaceNets) to incorporate all of these evolutions. This paper introduces a vision for future SpaceNets that considers advances in sev…
▽ More
Due to the unprecedented advances in satellite fabrication and deployment, innovative communications and networking technologies, ambitious space projects and programs, and the resurgence of interest in satellite networks, there is a need to redefine space networks (SpaceNets) to incorporate all of these evolutions. This paper introduces a vision for future SpaceNets that considers advances in several related domains. First, we present a reference architecture that captures the various network entities and terminals in a holistic manner. Based on this, space, air, and ground use cases are studied. Then, the architectures and technologies that enable the envisaged SpaceNets are investigated. In so doing, we highlight the activities and projects of different standardization bodies, satellite operators, and national organizations towards the envisioned SpaceNets. Finally, the challenges, potential solutions, and open issues from communications and networking perspectives are discussed.
△ Less
Submitted 11 December, 2022;
originally announced December 2022.
-
Comparison of COVID-19 Prediction Performances of Normalization Methods on Cough Acoustics Sounds
Authors:
Yunus Emre Erdoğan,
Ali Narin
Abstract:
The disease called the new coronavirus (COVID19) is a new viral respiratory disease that first appeared on January 13, 2020 in Wuhan, China. Some of the symptoms of this disease are fever, cough, shortness of breath and difficulty in breathing. In more serious cases, death may occur as a result of infection. COVID19 emerged as a pandemic that affected the whole world in a little while. The most im…
▽ More
The disease called the new coronavirus (COVID19) is a new viral respiratory disease that first appeared on January 13, 2020 in Wuhan, China. Some of the symptoms of this disease are fever, cough, shortness of breath and difficulty in breathing. In more serious cases, death may occur as a result of infection. COVID19 emerged as a pandemic that affected the whole world in a little while. The most important issue in the fight against the epidemic is the early diagnosis and follow-up of COVID19 (+) patients. Therefore, in addition to the RT-PCR test, medical imaging methods are also used when identifying COVID 19 (+) patients. In this study, an alternative approach was proposed using cough data, one of the most prominent symptoms of COVID19 (+) patients. The performances of z-normalization and min-max normalization methods were investigated on these data. All features were obtained using discrete wavelet transform method. Support vector machines (SVM) was used as classifier algorithm. The highest performances of accuracy and F1-score were obtained as 100% and 100% using the min-max normalization, respectively. On the other hand, the highest accuracy and highest F1-score performances were obtained as 99.2 % and 99.0 % using the z-normalization, respectively. In light of the results, it is clear that cough acoustic data will contribute significantly to controlling COVID19 cases.
△ Less
Submitted 16 January, 2022;
originally announced January 2022.
-
Comparison of Classification Algorithms for COVID19 Detection using Cough Acoustic Signals
Authors:
Yunus Emre Erdoğan,
Ali Narin
Abstract:
The epidemic disease, called the new coronavirus (COVID19), firstly occurred in Wuhan, China in December 2019. COVID19 was announced as an epidemic by World Health Organization soon after. Some of the symptoms of this disease are fever, cough, shortness of breath and difficulty in breathing. In more severe cases, death may occur as a result of infection. The most significant question in fighting t…
▽ More
The epidemic disease, called the new coronavirus (COVID19), firstly occurred in Wuhan, China in December 2019. COVID19 was announced as an epidemic by World Health Organization soon after. Some of the symptoms of this disease are fever, cough, shortness of breath and difficulty in breathing. In more severe cases, death may occur as a result of infection. The most significant question in fighting the pandemic and controlling the epidemic is the early diagnosis of COVID19(+) patients and the follow-up of these patients. Therefore, various diagnostic mechanisms are used. Additionally to the RT-PCR test, medical imaging methods have been utilized, especially in the detection of COVID19(+) patients. In this study, an alternative approach was proposed by using cough data, which is one of the most prominent symptoms of COVID19(+) patients. The cough acoustic public dataset on the Virufy website was used. The entire data was normalized using z-normalization technique. The performance of the features obtained via the 5-layer empirical mode decomposition method and the performances of different classifiers has been compared. As the classifier algorithm, 5 different algorithms were used. The highest accuracy and F1-score performances were obtained by using Ensemble-Bagged-Trees algorithm as 90.6% and 90.5%, respectively. On the other hand, other classification algorithms used in the study are Support Vector Machines, Logistic Regression, Linear Discriminant Analysis and k-Nearest Neigbors, respectively. According to the results obtained, choosing the right classifier algorithm provides high results. Thus, it is clear that using cough acoustic data, those with COVID19(+) can be detected easily and effectively.
△ Less
Submitted 13 January, 2022;
originally announced January 2022.
-
SplitGuard: Detecting and Mitigating Training-Hijacking Attacks in Split Learning
Authors:
Ege Erdogan,
Alptekin Kupcu,
A. Ercument Cicek
Abstract:
Distributed deep learning frameworks such as split learning provide great benefits with regards to the computational cost of training deep neural networks and the privacy-aware utilization of the collective data of a group of data-holders. Split learning, in particular, achieves this goal by dividing a neural network between a client and a server so that the client computes the initial set of laye…
▽ More
Distributed deep learning frameworks such as split learning provide great benefits with regards to the computational cost of training deep neural networks and the privacy-aware utilization of the collective data of a group of data-holders. Split learning, in particular, achieves this goal by dividing a neural network between a client and a server so that the client computes the initial set of layers, and the server computes the rest. However, this method introduces a unique attack vector for a malicious server attempting to steal the client's private data: the server can direct the client model towards learning any task of its choice, e.g. towards outputting easily invertible values. With a concrete example already proposed (Pasquini et al., CCS '21), such training-hijacking attacks present a significant risk for the data privacy of split learning clients.
In this paper, we propose SplitGuard, a method by which a split learning client can detect whether it is being targeted by a training-hijacking attack or not. We experimentally evaluate our method's effectiveness, compare it with potential alternatives, and discuss in detail various points related to its use. We conclude that SplitGuard can effectively detect training-hijacking attacks while minimizing the amount of information recovered by the adversaries.
△ Less
Submitted 16 September, 2022; v1 submitted 20 August, 2021;
originally announced August 2021.
-
UnSplit: Data-Oblivious Model Inversion, Model Stealing, and Label Inference Attacks Against Split Learning
Authors:
Ege Erdogan,
Alptekin Kupcu,
A. Ercument Cicek
Abstract:
Training deep neural networks often forces users to work in a distributed or outsourced setting, accompanied with privacy concerns. Split learning aims to address this concern by distributing the model among a client and a server. The scheme supposedly provides privacy, since the server cannot see the clients' models and inputs. We show that this is not true via two novel attacks. (1) We show that…
▽ More
Training deep neural networks often forces users to work in a distributed or outsourced setting, accompanied with privacy concerns. Split learning aims to address this concern by distributing the model among a client and a server. The scheme supposedly provides privacy, since the server cannot see the clients' models and inputs. We show that this is not true via two novel attacks. (1) We show that an honest-but-curious split learning server, equipped only with the knowledge of the client neural network architecture, can recover the input samples and obtain a functionally similar model to the client model, without being detected. (2) We show that if the client keeps hidden only the output layer of the model to "protect" the private labels, the honest-but-curious server can infer the labels with perfect accuracy. We test our attacks using various benchmark datasets and against proposed privacy-enhancing extensions to split learning. Our results show that plaintext split learning can pose serious risks, ranging from data (input) privacy to intellectual property (model parameters), and provide no more than a false sense of security.
△ Less
Submitted 16 September, 2022; v1 submitted 20 August, 2021;
originally announced August 2021.
-
Demo -- Zelig: Customizable Blockchain Simulator
Authors:
Ege Erdogan,
Can Arda Aydin,
Oznur Ozkasap,
Waris Gill
Abstract:
As blockchain-based systems see wider adoption, it becomes increasingly critical to ensure their reliability, security, and efficiency. Running simulations is an effective method of gaining insights on the existing systems and analyzing potential improvements. However, many of the existing blockchain simulators have various shortcomings that yield them insufficient for a wide range of scenarios. I…
▽ More
As blockchain-based systems see wider adoption, it becomes increasingly critical to ensure their reliability, security, and efficiency. Running simulations is an effective method of gaining insights on the existing systems and analyzing potential improvements. However, many of the existing blockchain simulators have various shortcomings that yield them insufficient for a wide range of scenarios. In this demo paper, we present Zelig: our blockchain simulator designed with the main goals of customizability and extensibility. To the best of our knowledge, Zelig is the only blockchain simulator that enables simulating custom network topologies without modifying the simulator code. We explain our simulator design, validate via experimental analysis against the real-world Bitcoin network, and highlight potential use cases.
△ Less
Submitted 16 July, 2021;
originally announced July 2021.
-
A Cognitive Radio Enabled RF/FSO Communication Model for Aerial Relay Networks: Possible Configurations and Opportunities
Authors:
Eylem Erdogan,
Ibrahim Altunbas,
Nihat Kabaoglu,
Halim Yanikomeroglu
Abstract:
Two emerging technologies, cognitive radio (CR) and free-space optical (FSO) communication, have created much interest both in academia and industry recently as they can fully utilize the spectrum while providing cost-efficient secure communication. In this article, motivated by the mounting interest in CR and FSO systems and by their ability to be rapidly deployed for civil and military applicati…
▽ More
Two emerging technologies, cognitive radio (CR) and free-space optical (FSO) communication, have created much interest both in academia and industry recently as they can fully utilize the spectrum while providing cost-efficient secure communication. In this article, motivated by the mounting interest in CR and FSO systems and by their ability to be rapidly deployed for civil and military applications, particularly in emergency situations, we propose a CR enabled radio frequency (RF)/FSO communication model for an aerial relay network. In the proposed model, CR enabled RF communication is employed for a ground-to-air channel to exploit the advantages of CR, including spectrum efficiency, multi-user connectivity, and spatial diversity. For an air-to-air channel, FSO communication is used, since the air-to-air path can provide perfect line-of-sight connectivity, which is vital for FSO systems. Finally, for an air-to-ground channel, a hybrid RF/FSO communication system is employed, where the RF communication functions as a backup for the FSO communication in the presence of adverse weather conditions. The proposed communication model is shown to be capable of fully utilizing the frequency spectrum, while effectively dealing with RF network problems of spectrum mobility and underutilization, especially for emergency conditions when multiple unmanned aerial vehicles (UAVs) are deployed.
△ Less
Submitted 18 November, 2020;
originally announced December 2020.
-
Prognostic and Health Management (PHM) tool for Robot Operating System (ROS)
Authors:
Hakan Gencturk,
Elcin Erdogan,
Mustafa Karaca,
Ugur Yayan
Abstract:
Nowadays, prognostics-aware systems are increasingly used in many systems and it is critical for sustaining autonomy. All engineering systems, especially robots, are not perfect. Absence of failures in a certain time is the perfect system and it is impossible practically. In all engineering works, we must try to predict or minimize/prevent failures in the system. Failures in the systems are genera…
▽ More
Nowadays, prognostics-aware systems are increasingly used in many systems and it is critical for sustaining autonomy. All engineering systems, especially robots, are not perfect. Absence of failures in a certain time is the perfect system and it is impossible practically. In all engineering works, we must try to predict or minimize/prevent failures in the system. Failures in the systems are generally unknown, so prediction of these failures and reliability of the system is made by prediction process. Reliability analysis is important for the improving the system performance, extending system lifetime, etc. Prognostic and Health Management (PHM) includes reliability, safety, predictive fault detection / isolation, advanced diagnostics / prognostics, component lifecycle tracking, health reporting and information management, etc. This study proposes an open source robot prognostic and health management tool using model-based methodology namely "Prognostics and Health Management tool for ROS". This tool is a generic tool for using with any kind of robot (mobile robot, robot arm, drone etc.) with compatible with ROS. Some features of this tool are managing / monitoring robots' health, RUL, probability of task completion (PoTC) etc. User is able to enter the necessary equations and components information (hazard rates, robot configuration etc.) to the PHM tool and the other sensory data like temperature, humidity, pressure, load etc. In addition to these, a case study is conducted for the mobile robots (OTA) using this tool.
△ Less
Submitted 18 November, 2020;
originally announced November 2020.