-
SparseLock: Securing Neural Network Models in Deep Learning Accelerators
Authors:
Nivedita Shrivastava,
Smruti R. Sarangi
Abstract:
Securing neural networks (NNs) against model extraction and parameter exfiltration attacks is an important problem primarily because modern NNs take a lot of time and resources to build and train. We observe that there are no countermeasures (CMs) against recently proposed attacks on sparse NNs and there is no single CM that effectively protects against all types of known attacks for both sparse a…
▽ More
Securing neural networks (NNs) against model extraction and parameter exfiltration attacks is an important problem primarily because modern NNs take a lot of time and resources to build and train. We observe that there are no countermeasures (CMs) against recently proposed attacks on sparse NNs and there is no single CM that effectively protects against all types of known attacks for both sparse as well as dense NNs. In this paper, we propose SparseLock, a comprehensive CM that protects against all types of attacks including some of the very recently proposed ones for which no CM exists as of today. We rely on a novel compression algorithm and binning strategy. Our security guarantees are based on the inherent hardness of bin packing and inverse bin packing problems. We also perform a battery of statistical and information theory based tests to successfully show that we leak very little information and side channels in our architecture are akin to random sources. In addition, we show a performance benefit of 47.13% over the nearest competing secure architecture.
△ Less
Submitted 5 November, 2023;
originally announced November 2023.
-
SecOComp: A Fast and Secure Simultaneous Compression and Encryption Scheme
Authors:
Nivedita Shrivastava,
Smruti R. Sarangi
Abstract:
We live in a data-driven era that involves the generation, collection and processing of a massive amount of data. This data often contains valuable intellectual property and sensitive user information that must be safeguarded. There is a need to both encrypt and compress the data at line speed and sometimes with added power constraints. The majority of the currently available simultaneous compress…
▽ More
We live in a data-driven era that involves the generation, collection and processing of a massive amount of data. This data often contains valuable intellectual property and sensitive user information that must be safeguarded. There is a need to both encrypt and compress the data at line speed and sometimes with added power constraints. The majority of the currently available simultaneous compression and encryption (SCE) schemes are tailored for a specific type of data such as images for instance. This reduces their generic applicability. In this paper, we tackle this issue and propose a generic, efficient, and secure simultaneous compression and encryption scheme where the data is simultaneously encrypted using chaotic maps and compressed using a fast lossless compression algorithm. We claim that employing multiple chaotic maps and a lossless compression method can help us create not only an efficient encryption scheme but also compress the data efficiently in a hardware-friendly manner. We avoid all the known pitfalls of chaos theory based encryption that have prevented its widespread usage. Our algorithm passes all the NIST tests for nine different types of popular datasets. The proposed implementation uses 1.51x less storage as compared to the nearest computing work.
△ Less
Submitted 12 June, 2023;
originally announced June 2023.
-
Seculator: A Fast and Secure Neural Processing Unit
Authors:
Nivedita Shrivastava,
Smruti R. Sarangi
Abstract:
Securing deep neural networks (DNNs) is a problem of significant interest since an ML model incorporates high-quality intellectual property, features of data sets painstakingly collated by mechanical turks, and novel methods of training on large cluster computers. Sadly, attacks to extract model parameters are on the rise, and thus designers are being forced to create architectures for securing su…
▽ More
Securing deep neural networks (DNNs) is a problem of significant interest since an ML model incorporates high-quality intellectual property, features of data sets painstakingly collated by mechanical turks, and novel methods of training on large cluster computers. Sadly, attacks to extract model parameters are on the rise, and thus designers are being forced to create architectures for securing such models. State-of-the-art proposals in this field take the deterministic memory access patterns of such networks into cognizance (albeit partially), group a set of memory blocks into a tile, and maintain state at the level of tiles (to reduce storage space). For providing integrity guarantees (tamper avoidance), they don't propose any significant optimizations, and still maintain block-level state.
We observe that it is possible to exploit the deterministic memory access patterns of DNNs even further, and maintain state information for only the current tile and current layer, which may comprise a large number of tiles. This reduces the storage space, reduces the number of memory accesses, increases performance, and simplifies the design without sacrificing any security guarantees. The key techniques in our proposed accelerator architecture, Seculator, are to encode memory access patterns to create a small HW-based tile version number generator for a given layer, and to store layer-level MACs. We completely eliminate the need for having a MAC cache and a tile version number store (as used in related work). We show that using intelligently-designed mathematical operations, these structures are not required. By reducing such overheads, we show a speedup of 16% over the closest competing work.
△ Less
Submitted 19 April, 2022;
originally announced April 2022.
-
OpticalGAN : Generative Adversarial Networks for Continuous Variable Quantum Computation
Authors:
Nilay Shrivastava,
Nikaash Puri,
Piyush Gupta,
Balaji Krishnamurthy,
Sukriti Verma
Abstract:
We present OpticalGAN, an extension of quantum generative adversarial networks for continuous-variable quantum computation. OpticalGAN consists of photonic variational circuits comprising of optical Gaussian and Kerr gates. Photonic quantum computation is a realization of continuous variable quantum computing which involves encoding and processing information in the continuous quadrature amplitude…
▽ More
We present OpticalGAN, an extension of quantum generative adversarial networks for continuous-variable quantum computation. OpticalGAN consists of photonic variational circuits comprising of optical Gaussian and Kerr gates. Photonic quantum computation is a realization of continuous variable quantum computing which involves encoding and processing information in the continuous quadrature amplitudes of quantized electromagnetic field such as light. Information processing in photonic quantum computers is performed using optical gates on squeezed light. Both the generator and discriminator of OpticalGAN are short depth variational circuits composed of gaussian and non-gaussian gates. We demonstrate our approach by using OpticalGAN to generate energy eigenstates and coherent states. All of our code is available at https://github.com/abcd1729/opticalgan.
△ Less
Submitted 15 September, 2019;
originally announced September 2019.
-
MobiVSR: A Visual Speech Recognition Solution for Mobile Devices
Authors:
Nilay Shrivastava,
Astitwa Saxena,
Yaman Kumar,
Rajiv Ratn Shah,
Debanjan Mahata,
Amanda Stent
Abstract:
Visual speech recognition (VSR) is the task of recognizing spoken language from video input only, without any audio. VSR has many applications as an assistive technology, especially if it could be deployed in mobile devices and embedded systems. The need of intensive computational resources and large memory footprint are two of the major obstacles in develo** neural network models for VSR in a r…
▽ More
Visual speech recognition (VSR) is the task of recognizing spoken language from video input only, without any audio. VSR has many applications as an assistive technology, especially if it could be deployed in mobile devices and embedded systems. The need of intensive computational resources and large memory footprint are two of the major obstacles in develo** neural network models for VSR in a resource constrained environment. We propose a novel end-to-end deep neural network architecture for word level VSR called MobiVSR with a design parameter that aids in balancing the model's accuracy and parameter count. We use depthwise-separable 3D convolution for the first time in the domain of VSR and show how it makes our model efficient. MobiVSR achieves an accuracy of 73\% on a challenging Lip Reading in the Wild dataset with 6 times fewer parameters and 20 times lesser memory footprint than the current state of the art. MobiVSR can also be compressed to 6 MB by applying post training quantization.
△ Less
Submitted 4 June, 2019; v1 submitted 10 May, 2019;
originally announced May 2019.
-
Wind ramp event prediction with parallelized Gradient Boosted Regression Trees
Authors:
Saurav Gupta,
Nitin Anand Shrivastava,
Abbas Khosravi,
Bijaya Ketan Panigrahi
Abstract:
Accurate prediction of wind ramp events is critical for ensuring the reliability and stability of the power systems with high penetration of wind energy. This paper proposes a classification based approach for estimating the future class of wind ramp event based on certain thresholds. A parallelized gradient boosted regression tree based technique has been proposed to accurately classify the norma…
▽ More
Accurate prediction of wind ramp events is critical for ensuring the reliability and stability of the power systems with high penetration of wind energy. This paper proposes a classification based approach for estimating the future class of wind ramp event based on certain thresholds. A parallelized gradient boosted regression tree based technique has been proposed to accurately classify the normal as well as rare extreme wind power ramp events. The model has been validated using wind power data obtained from the National Renewable Energy Laboratory database. Performance comparison with several benchmark techniques indicates the superiority of the proposed technique in terms of superior classification accuracy.
△ Less
Submitted 17 October, 2016;
originally announced October 2016.
-
Know Your Personalization: Learning Topic level Personalization in Online Services
Authors:
Anirban Majumder,
Nisheeth Shrivastava
Abstract:
Online service platforms (OSPs), such as search engines, news-websites, ad-providers, etc., serve highly pe rsonalized content to the user, based on the profile extracted from his history with the OSP. Although personalization (generally) leads to a better user experience, it also raises privacy concerns for the user---he does not know what is present in his profile and more importantly, what is b…
▽ More
Online service platforms (OSPs), such as search engines, news-websites, ad-providers, etc., serve highly pe rsonalized content to the user, based on the profile extracted from his history with the OSP. Although personalization (generally) leads to a better user experience, it also raises privacy concerns for the user---he does not know what is present in his profile and more importantly, what is being used to per sonalize content for him. In this paper, we capture OSP's personalization for an user in a new data structure called the person alization vector ($η$), which is a weighted vector over a set of topics, and present techniques to compute it for users of an OSP. Our approach treats OSPs as black-boxes, and extracts $η$ by mining only their output, specifical ly, the personalized (for an user) and vanilla (without any user information) contents served, and the differences in these content. We formulate a new model called Latent Topic Personalization (LTP) that captures the personalization vector into a learning framework and present efficient inference algorithms for it. We do extensive experiments for search result personalization using both data from real Google users and synthetic datasets. Our results show high accuracy (R-pre = 84%) of LTP in finding personalized topics. For Google data, our qualitative results show how LTP can also identifies evidences---queries for results on a topic with high $η$ value were re-ranked. Finally, we show how our approach can be used to build a new Privacy evaluation framework focused at end-user privacy on commercial OSPs.
△ Less
Submitted 13 December, 2012;
originally announced December 2012.
-
Bulk content delivery using co-operating end-nodes with upload/download limits
Authors:
A. Majumder,
Sharad Jaiswal,
K. V. M. Naidu,
Nisheeth Shrivastava
Abstract:
We study the problem of optimizing the cost of content delivery in a cooperative network of caches at end-nodes. The caches could be, for example, within the computers of users downloading videos from websites (such as Netflix, Blockbuster etc.), DVRs (such as TiVo, or cable boxes) used as part of video on demand services or public hot-spots (e.g. Wi-Fi access points with a cache) deployed over a…
▽ More
We study the problem of optimizing the cost of content delivery in a cooperative network of caches at end-nodes. The caches could be, for example, within the computers of users downloading videos from websites (such as Netflix, Blockbuster etc.), DVRs (such as TiVo, or cable boxes) used as part of video on demand services or public hot-spots (e.g. Wi-Fi access points with a cache) deployed over a city to serve content to mobile users. Each cache serves user requests locally over a medium that incurs no additional costs (i.e. WiFi, home LAN); if a request is not cached, it must be fetched from another cache or a central server. In our model, each cache has a tiered back-haul internet connection, with a usage cap (and fixed per-byte costs thereafter). Redirecting requests intended for the central server to other caches with unused back-haul capacity can bring down the network costs. Our goal is to develop a mechanism to optimally 1) place data into the caches and 2) route requests to caches to reduce the overall cost of content delivery.
We develop a multi-criteria approximation based on a LP rounding procedure that with a small (constant factor) blow-up in storage and upload limits of each cache, gives a data placement that is within constant factor of the optimum. Further, to speed up the solution, we propose a technique to cluster caches into groups, solve the data placement problem within a group, and combine the results in the rounding phase to get the global solution.Based on extensive simulations, we show that our schemes perform very well in practice, giving costs within $5--15$% to the optimal, and reducing the network load at a central server by as much as 55% with only a marginal blow up in the limits. Also we demonstrate that our approach out-performs a non-cooperative caching mechanism by about 20%.
△ Less
Submitted 10 September, 2012;
originally announced September 2012.
-
A Methodology for Empirical Quality Assessment of Object-Oriented Design
Authors:
Devpriya Soni,
Namita Shrivastava,
M. Kumar
Abstract:
The direct measurement of quality is difficult because there is no way we can measure quality factors. For measuring these factors, we have to express them in terms of metrics or models. Researchers have developed quality models that attempt to measure quality in terms of attributes, characteristics and metrics. In this work we have proposed the methodology of controlled experimentation coupled wi…
▽ More
The direct measurement of quality is difficult because there is no way we can measure quality factors. For measuring these factors, we have to express them in terms of metrics or models. Researchers have developed quality models that attempt to measure quality in terms of attributes, characteristics and metrics. In this work we have proposed the methodology of controlled experimentation coupled with power of Logical Scoring of Preferences to evaluate global quality of four object-oriented designs.
△ Less
Submitted 7 March, 2010;
originally announced March 2010.
-
A Rough Sets Partitioning Model for Mining Sequential Patterns with Time Constraint
Authors:
Jigyasa Bisaria,
Namita Shrivastava,
K. R. Pardasani
Abstract:
Now a days, data mining and knowledge discovery methods are applied to a variety of enterprise and engineering disciplines to uncover interesting patterns from databases. The study of Sequential patterns is an important data mining problem due to its wide applications to real world time dependent databases. Sequential patterns are inter-event patterns ordered over a time-period associated with s…
▽ More
Now a days, data mining and knowledge discovery methods are applied to a variety of enterprise and engineering disciplines to uncover interesting patterns from databases. The study of Sequential patterns is an important data mining problem due to its wide applications to real world time dependent databases. Sequential patterns are inter-event patterns ordered over a time-period associated with specific objects under study. Analysis and discovery of frequent sequential patterns over a predetermined time-period are interesting data mining results, and can aid in decision support in many enterprise applications. The problem of sequential pattern mining poses computational challenges as a long frequent sequence contains enormous number of frequent subsequences. Also useful results depend on the right choice of event window. In this paper, we have studied the problem of sequential pattern mining through two perspectives, one the computational aspect of the problem and the other is incorporation and adjustability of time constraint. We have used Indiscernibility relation from theory of rough sets to partition the search space of sequential patterns and have proposed a novel algorithm that allows previsualization of patterns and allows adjustment of time constraint prior to execution of mining task. The algorithm Rough Set Partitioning is at least ten times faster than the naive time constraint based sequential pattern mining algorithm GSP. Besides this an additional knowledge of time interval of sequential patterns is also determined with the method.
△ Less
Submitted 23 June, 2009;
originally announced June 2009.
-
Medians and Beyond: New Aggregation Techniques for Sensor Networks
Authors:
Nisheeth Shrivastava,
Chiranjeeb Buragohain,
Divyakant Agrawal,
Subhash Suri
Abstract:
Wireless sensor networks offer the potential to span and monitor large geographical areas inexpensively. Sensors, however, have significant power constraint (battery life), making communication very expensive. Another important issue in the context of sensor-based information systems is that individual sensor readings are inherently unreliable. In order to address these two aspects, sensor datab…
▽ More
Wireless sensor networks offer the potential to span and monitor large geographical areas inexpensively. Sensors, however, have significant power constraint (battery life), making communication very expensive. Another important issue in the context of sensor-based information systems is that individual sensor readings are inherently unreliable. In order to address these two aspects, sensor database systems like TinyDB and Cougar enable in-network data aggregation to reduce the communication cost and improve reliability. The existing data aggregation techniques, however, are limited to relatively simple types of queries such as SUM, COUNT, AVG, and MIN/MAX. In this paper we propose a data aggregation scheme that significantly extends the class of queries that can be answered using sensor networks. These queries include (approximate) quantiles, such as the median, the most frequent data values, such as the consensus value, a histogram of the data distribution, as well as range queries. In our scheme, each sensor aggregates the data it has received from other sensors into a fixed (user specified) size message. We provide strict theoretical guarantees on the approximation quality of the queries in terms of the message size. We evaluate the performance of our aggregation scheme by simulation and demonstrate its accuracy, scalability and low resource utilization for highly variable input data sets.
△ Less
Submitted 16 August, 2004;
originally announced August 2004.
