-
Expand-and-Cluster: Parameter Recovery of Neural Networks
Authors:
Flavio Martinelli,
Berfin Simsek,
Wulfram Gerstner,
Johanni Brea
Abstract:
Can we identify the weights of a neural network by probing its input-output map**? At first glance, this problem seems to have many solutions because of permutation, overparameterisation and activation function symmetries. Yet, we show that the incoming weight vector of each neuron is identifiable up to sign or scaling, depending on the activation function. Our novel method 'Expand-and-Cluster'…
▽ More
Can we identify the weights of a neural network by probing its input-output map**? At first glance, this problem seems to have many solutions because of permutation, overparameterisation and activation function symmetries. Yet, we show that the incoming weight vector of each neuron is identifiable up to sign or scaling, depending on the activation function. Our novel method 'Expand-and-Cluster' can identify layer sizes and weights of a target network for all commonly used activation functions. Expand-and-Cluster consists of two phases: (i) to relax the non-convex optimisation problem, we train multiple overparameterised student networks to best imitate the target function; (ii) to reverse engineer the target network's weights, we employ an ad-hoc clustering procedure that reveals the learnt weight vectors shared between students -- these correspond to the target weight vectors. We demonstrate successful weights and size recovery of trained shallow and deep networks with less than 10\% overhead in the layer size and describe an `ease-of-identifiability' axis by analysing 150 synthetic problems of variable difficulty.
△ Less
Submitted 27 June, 2024; v1 submitted 25 April, 2023;
originally announced April 2023.
-
MLPGradientFlow: going with the flow of multilayer perceptrons (and finding minima fast and accurately)
Authors:
Johanni Brea,
Flavio Martinelli,
Berfin Şimşek,
Wulfram Gerstner
Abstract:
MLPGradientFlow is a software package to solve numerically the gradient flow differential equation $\dot θ= -\nabla \mathcal L(θ; \mathcal D)$, where $θ$ are the parameters of a multi-layer perceptron, $\mathcal D$ is some data set, and $\nabla \mathcal L$ is the gradient of a loss function. We show numerically that adaptive first- or higher-order integration methods based on Runge-Kutta schemes h…
▽ More
MLPGradientFlow is a software package to solve numerically the gradient flow differential equation $\dot θ= -\nabla \mathcal L(θ; \mathcal D)$, where $θ$ are the parameters of a multi-layer perceptron, $\mathcal D$ is some data set, and $\nabla \mathcal L$ is the gradient of a loss function. We show numerically that adaptive first- or higher-order integration methods based on Runge-Kutta schemes have better accuracy and convergence speed than gradient descent with the Adam optimizer. However, we find Newton's method and approximations like BFGS preferable to find fixed points (local and global minima of $\mathcal L$) efficiently and accurately. For small networks and data sets, gradients are usually computed faster than in pytorch and Hessian are computed at least $5\times$ faster. Additionally, the package features an integrator for a teacher-student setup with bias-free, two-layer networks trained with standard Gaussian input in the limit of infinite data. The code is accessible at https://github.com/jbrea/MLPGradientFlow.jl.
△ Less
Submitted 25 January, 2023;
originally announced January 2023.
-
alurity, a toolbox for robot cybersecurity
Authors:
Víctor Mayoral-Vilches,
Irati Abad-Fernández,
Martin Pinzger,
Stefan Rass,
Bernhard Dieber,
Alcino Cunha,
Francisco J. Rodríguez-Lera,
Giovanni Lacava,
Angelica Marotta,
Fabio Martinelli,
Endika Gil-Uriarte
Abstract:
The reuse of technologies and inherent complexity of most robotic systems is increasingly leading to robots with wide attack surfaces and a variety of potential vulnerabilities. Given their growing presence in public environments, security research is increasingly becoming more important than in any other area, specially due to the safety implications that robot vulnerabilities could cause on huma…
▽ More
The reuse of technologies and inherent complexity of most robotic systems is increasingly leading to robots with wide attack surfaces and a variety of potential vulnerabilities. Given their growing presence in public environments, security research is increasingly becoming more important than in any other area, specially due to the safety implications that robot vulnerabilities could cause on humans. We argue that security triage in robotics is still immature and that new tools must be developed to accelerate the testing-triage-exploitation cycle, necessary for prioritizing and accelerating the mitigation of flaws.
The present work tackles the current lack of offensive cybersecurity research in robotics by presenting a toolbox and the results obtained with it through several use cases conducted over a year period. We propose a modular and composable toolbox for robot cybersecurity: alurity. By ensuring that both roboticists and security researchers working on a project have a common, consistent and easily reproducible development environment, alurity aims to facilitate the cybersecurity research and the collaboration across teams.
△ Less
Submitted 16 October, 2020; v1 submitted 15 October, 2020;
originally announced October 2020.
-
A Bin Encoding Training of a Spiking Neural Network-based Voice Activity Detection
Authors:
Giorgia Dellaferrera,
Flavio Martinelli,
Milos Cernak
Abstract:
Advances of deep learning for Artificial Neural Networks(ANNs) have led to significant improvements in the performance of digital signal processing systems implemented on digital chips. Although recent progress in low-power chips is remarkable, neuromorphic chips that run Spiking Neural Networks (SNNs) based applications offer an even lower power consumption, as a consequence of the ensuing sparse…
▽ More
Advances of deep learning for Artificial Neural Networks(ANNs) have led to significant improvements in the performance of digital signal processing systems implemented on digital chips. Although recent progress in low-power chips is remarkable, neuromorphic chips that run Spiking Neural Networks (SNNs) based applications offer an even lower power consumption, as a consequence of the ensuing sparse spike-based coding scheme. In this work, we develop a SNN-based Voice Activity Detection (VAD) system that belongs to the building blocks of any audio and speech processing system. We propose to use the bin encoding, a novel method to convert log mel filterbank bins of single-time frames into spike patterns. We integrate the proposed scheme in a bilayer spiking architecture which was evaluated on the QUT-NOISE-TIMIT corpus. Our approach shows that SNNs enable an ultra low-power implementation of a VAD classifier that consumes only 3.8$μ$W, while achieving state-of-the-art performance.
△ Less
Submitted 28 October, 2019;
originally announced October 2019.
-
Spiking neural networks trained with backpropagation for low power neuromorphic implementation of voice activity detection
Authors:
Flavio Martinelli,
Giorgia Dellaferrera,
Pablo Mainar,
Milos Cernak
Abstract:
Recent advances in Voice Activity Detection (VAD) are driven by artificial and Recurrent Neural Networks (RNNs), however, using a VAD system in battery-operated devices requires further power efficiency. This can be achieved by neuromorphic hardware, which enables Spiking Neural Networks (SNNs) to perform inference at very low energy consumption. Spiking networks are characterized by their ability…
▽ More
Recent advances in Voice Activity Detection (VAD) are driven by artificial and Recurrent Neural Networks (RNNs), however, using a VAD system in battery-operated devices requires further power efficiency. This can be achieved by neuromorphic hardware, which enables Spiking Neural Networks (SNNs) to perform inference at very low energy consumption. Spiking networks are characterized by their ability to process information efficiently, in a sparse cascade of binary events in time called spikes. However, a big performance gap separates artificial from spiking networks, mostly due to a lack of powerful SNN training algorithms. To overcome this problem we exploit an SNN model that can be recast into an RNN-like model and trained with known deep learning techniques. We describe an SNN training procedure that achieves low spiking activity and pruning algorithms to remove 85% of the network connections with no performance loss. The model achieves state-of-the-art performance with a fraction of power consumption comparing to other methods.
△ Less
Submitted 30 April, 2020; v1 submitted 22 October, 2019;
originally announced October 2019.
-
On the Effectiveness of System API-Related Information for Android Ransomware Detection
Authors:
Michele Scalas,
Davide Maiorca,
Francesco Mercaldo,
Corrado Aaron Visaggio,
Fabio Martinelli,
Giorgio Giacinto
Abstract:
Ransomware constitutes a significant threat to the Android operating system. It can either lock or encrypt the target devices, and victims are forced to pay ransoms to restore their data. Hence, the prompt detection of such attacks has a priority in comparison to other malicious threats. Previous works on Android malware detection mainly focused on Machine Learning-oriented approaches that were ta…
▽ More
Ransomware constitutes a significant threat to the Android operating system. It can either lock or encrypt the target devices, and victims are forced to pay ransoms to restore their data. Hence, the prompt detection of such attacks has a priority in comparison to other malicious threats. Previous works on Android malware detection mainly focused on Machine Learning-oriented approaches that were tailored to identifying malware families, without a clear focus on ransomware. More specifically, such approaches resorted to complex information types such as permissions, user-implemented API calls, and native calls. However, this led to significant drawbacks concerning complexity, resilience against obfuscation, and explainability. To overcome these issues, in this paper, we propose and discuss learning-based detection strategies that rely on System API information. These techniques leverage the fact that ransomware attacks heavily resort to System API to perform their actions, and allow distinguishing between generic malware, ransomware and goodware.
We tested three different ways of employing System API information, i.e., through packages, classes, and methods, and we compared their performances to other, more complex state-of-the-art approaches. The attained results showed that systems based on System API could detect ransomware and generic malware with very good accuracy, comparable to systems that employed more complex information. Moreover, the proposed systems could accurately detect novel samples in the wild and showed resilience against static obfuscation attempts. Finally, to guarantee early on-device detection, we developed and released on the Android platform a complete ransomware and malware detector (R-PackDroid) that employed one of the methodologies proposed in this paper.
△ Less
Submitted 26 June, 2019; v1 submitted 24 May, 2018;
originally announced May 2018.
-
Practical Location Validation in Participatory Sensing Through Mobile WiFi Hotspots
Authors:
Francesco Restuccia,
Andrea Saracino,
Fabio Martinelli
Abstract:
The reliability of information in participatory sensing (PS) systems largely depends on the accuracy of the location of the participating users. However, existing PS applications are not able to efficiently validate the position of users in large-scale outdoor environments. In this paper, we present an efficient and scalable Location Validation System (LVS) to secure PS systems from location-spoof…
▽ More
The reliability of information in participatory sensing (PS) systems largely depends on the accuracy of the location of the participating users. However, existing PS applications are not able to efficiently validate the position of users in large-scale outdoor environments. In this paper, we present an efficient and scalable Location Validation System (LVS) to secure PS systems from location-spoofing attacks. In particular, the user location is verified with the help of mobile WiFi hot spots (MHSs), which are users activating the WiFi hotspot capability of their smartphones and accepting connections from nearby users, thereby validating their position inside the sensing area. The system also comprises a novel verification technique called Chains of Sight, which tackles collusion-based attacks effectively. LVS also includes a reputation-based algorithm that rules out sensing reports of location-spoofing users. The feasibility and efficiency of the WiFi-based approach of LVS is demonstrated by a set of indoor and outdoor experiments conducted using off-the-shelf smartphones, while the energy-efficiency of LVS is demonstrated by experiments using the Power Monitor energy tool. Finally, the security properties of LVS are analyzed by simulation experiments. Results indicate that the proposed LVS system is energy-efficient, applicable to most of the practical PS scenarios, and efficiently secures existing PS systems from location-spoofing attacks.
△ Less
Submitted 19 May, 2018;
originally announced May 2018.
-
Semiring-based Specification Approaches for Quantitative Security
Authors:
Fabio Martinelli,
Ilaria Matteucci,
Francesco Santini
Abstract:
Our goal is to provide different semiring-based formal tools for the specification of security requirements: we quantitatively enhance the open-system approach, according to which a system is partially specified. Therefore, we suppose the existence of an unknown and possibly malicious agent that interacts in parallel with the system. Two specification frameworks are designed along two different (b…
▽ More
Our goal is to provide different semiring-based formal tools for the specification of security requirements: we quantitatively enhance the open-system approach, according to which a system is partially specified. Therefore, we suppose the existence of an unknown and possibly malicious agent that interacts in parallel with the system. Two specification frameworks are designed along two different (but still related) lines. First, by comparing the behaviour of a system with the expected one, or by checking if such system satisfies some security requirements: we investigate a novel approximate behavioural-equivalence for comparing processes behaviour, thus extending the Generalised Non Deducibility on Composition (GNDC) approach with scores. As a second result, we equip a modal logic with semiring values with the purpose to have a weight related to the satisfaction of a formula that specifies some requested property. Finally, we generalise the classical partial model-checking function, and we name it as quantitative partial model-checking in such a way to point out the necessary and sufficient conditions that a system has to satisfy in order to be considered as secure, with respect to a fixed security/functionality threshold-value.
△ Less
Submitted 28 September, 2015;
originally announced September 2015.
-
Dynamics of Lattice Triangulations on Thin Rectangles
Authors:
Pietro Caputo,
Fabio Martinelli,
Alistair Sinclair,
Alexandre Stauffer
Abstract:
We consider random lattice triangulations of $n\times k$ rectangular regions with weight $λ^{|σ|}$ where $λ>0$ is a parameter and $|σ|$ denotes the total edge length of the triangulation. When $λ\in(0,1)$ and $k$ is fixed, we prove a tight upper bound of order $n^2$ for the mixing time of the edge-flip Glauber dynamics. Combined with the previously known lower bound of order $\exp(Ω(n^2))$ for…
▽ More
We consider random lattice triangulations of $n\times k$ rectangular regions with weight $λ^{|σ|}$ where $λ>0$ is a parameter and $|σ|$ denotes the total edge length of the triangulation. When $λ\in(0,1)$ and $k$ is fixed, we prove a tight upper bound of order $n^2$ for the mixing time of the edge-flip Glauber dynamics. Combined with the previously known lower bound of order $\exp(Ω(n^2))$ for $λ>1$ [3], this establishes the existence of a dynamical phase transition for thin rectangles with critical point at $λ=1$.
△ Less
Submitted 22 May, 2015;
originally announced May 2015.
-
Metric-Aware Secure Service Orchestration
Authors:
Gabriele Costa,
Fabio Martinelli,
Artsiom Yautsiukhin
Abstract:
Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definitio…
▽ More
Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process.
In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.
△ Less
Submitted 16 December, 2012;
originally announced December 2012.
-
Mixing Time for the Solid-on-Solid Model
Authors:
Fabio Martinelli,
Alistair Sinclair
Abstract:
We analyze the mixing time of a natural local Markov chain (the Glauber dynamics) on configurations of the solid-on-solid model of statistical physics. This model has been proposed, among other things, as an idealization of the behavior of contours in the Ising model at low temperatures. Our main result is an upper bound on the mixing time of $O~(n^{3.5})$, which is tight within a factor of…
▽ More
We analyze the mixing time of a natural local Markov chain (the Glauber dynamics) on configurations of the solid-on-solid model of statistical physics. This model has been proposed, among other things, as an idealization of the behavior of contours in the Ising model at low temperatures. Our main result is an upper bound on the mixing time of $O~(n^{3.5})$, which is tight within a factor of $O~(sqrt{n})$. (The notation O~ hides factors that are logarithmic in n.) The proof, which in addition gives some insight into the actual evolution of the contours, requires the introduction of a number of novel analytical techniques that we conjecture will have other applications.
△ Less
Submitted 31 July, 2010;
originally announced August 2010.