2024
Sarkadi, Nancirose Piazza Vahid Behzadan Stefan
2024.
Abstract | Links | BibTeX | Tags:
@conference{nokey2,
title = {The Power in Communication: Power Regularization of Communication for Autonomy in Cooperative Multi-Agent Reinforcement Learning},
author = {Nancirose Piazza
Vahid Behzadan
Stefan Sarkadi},
url = {https://openreview.net/pdf?id=UFPKoPNYZv},
year = {2024},
date = {2024-08-30},
urldate = {2024-08-30},
abstract = {Communication plays a vital role for coordination in Multi-Agent Reinforcement Learning (MARL) systems. However, misaligned agents can exploit other agents’ trust and delegated power to the communication medium. In this paper, we propose power regularization as a method to limit the adverse effects of communication by misaligned agents. Specifically, we focus on communication which impairs the performance of cooperative agents. Power is a measure of the influence one agent’s actions have over another agent’s policy. By introducing power regularization over communication, we aim to allow designers to control or reduce an agent’s dependency on communication when appropriate. With this capability, we aim to train agent policies with resilience to performance deterioration caused by misuses of the communication channel or communication protocol. We investigate several environments in which power regularization over communication can be valuable to regularizing the power dynamics among agents delegated over the communication medium.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Communication plays a vital role for coordination in Multi-Agent Reinforcement Learning (MARL) systems. However, misaligned agents can exploit other agents’ trust and delegated power to the communication medium. In this paper, we propose power regularization as a method to limit the adverse effects of communication by misaligned agents. Specifically, we focus on communication which impairs the performance of cooperative agents. Power is a measure of the influence one agent’s actions have over another agent’s policy. By introducing power regularization over communication, we aim to allow designers to control or reduce an agent’s dependency on communication when appropriate. With this capability, we aim to train agent policies with resilience to performance deterioration caused by misuses of the communication channel or communication protocol. We investigate several environments in which power regularization over communication can be valuable to regularizing the power dynamics among agents delegated over the communication medium.
2023
TaCo: Enhancing Cross-Lingual Transfer for Low-Resource Languages in LLMs through Translation-Assisted Chain-of-Thought Processes Journal Article Forthcoming
In: Forthcoming.
Abstract | Links | BibTeX | Tags:
@article{nokey1,
title = {TaCo: Enhancing Cross-Lingual Transfer for Low-Resource Languages in LLMs through Translation-Assisted Chain-of-Thought Processes},
url = {https://arxiv.org/pdf/2311.10797
https://openreview.net/forum?id=02MLWBj8HP¬eId=02MLWBj8HP},
year = {2023},
date = {2023-11-11},
urldate = {2023-11-11},
abstract = {LLMs such as ChatGPT and PaLM can be utilized to train on a new language and revitalize low-resource languages. However, it is evidently very costly to pretrain pr fine-tune LLMs to adopt new languages. Another challenge is the limitation of benchmark datasets and the metrics used to measure the performance of models in multilingual settings. This paper proposes cost-effective solutions to both of the aforementioned challenges. We introduce the Multilingual Instruction-Tuning Dataset (MITS), which is comprised of the translation of Alpaca-52K, Dolly-15K, and Vicuna Benchmark in 132 languages. Also, we propose a new method called emph{TaCo: Translation-Assisted Cross-Linguality}, which make uses of translation in a chain-of-thought process to instruction-tune LLMs on a new languages through a curriculum learning process. As a proof of concept, we experimented with the instruction-tuned Guanaco-33B model and performed further instruction tuning using the TaCo method in three low-resource languages and one high-resource language. Our results show that the TaCo method impresses the GPT-4 with 82% for a low-resource language in the Vicuna Benchmark dataset, and boosts performance by double in contrast to the performance of instruction tuning only. Our results show that TaCo is a promising method for creating multilingual LLMs, even for low-resource languages. We have released our datasets and the model adapters, and encourage the research community to make use of these resources towards advancing work on multilingual LLMs.},
keywords = {},
pubstate = {forthcoming},
tppubtype = {article}
}
LLMs such as ChatGPT and PaLM can be utilized to train on a new language and revitalize low-resource languages. However, it is evidently very costly to pretrain pr fine-tune LLMs to adopt new languages. Another challenge is the limitation of benchmark datasets and the metrics used to measure the performance of models in multilingual settings. This paper proposes cost-effective solutions to both of the aforementioned challenges. We introduce the Multilingual Instruction-Tuning Dataset (MITS), which is comprised of the translation of Alpaca-52K, Dolly-15K, and Vicuna Benchmark in 132 languages. Also, we propose a new method called emph{TaCo: Translation-Assisted Cross-Linguality}, which make uses of translation in a chain-of-thought process to instruction-tune LLMs on a new languages through a curriculum learning process. As a proof of concept, we experimented with the instruction-tuned Guanaco-33B model and performed further instruction tuning using the TaCo method in three low-resource languages and one high-resource language. Our results show that the TaCo method impresses the GPT-4 with 82% for a low-resource language in the Vicuna Benchmark dataset, and boosts performance by double in contrast to the performance of instruction tuning only. Our results show that TaCo is a promising method for creating multilingual LLMs, even for low-resource languages. We have released our datasets and the model adapters, and encourage the research community to make use of these resources towards advancing work on multilingual LLMs.
Piazza, Nancirose; Behzadan, Vahid
Limitations of Theory of Mind Defenses against Deception in Multi-Agent Systems Conference
AAMAS, 2023.
Abstract | Links | BibTeX | Tags:
@conference{nokey4,
title = {Limitations of Theory of Mind Defenses against Deception in Multi-Agent Systems},
author = {Piazza , Nancirose and Behzadan, Vahid},
url = {https://arxiv.org/abs/2302.07176},
doi = { https://doi.org/10.48550/arXiv.2302.07176},
year = {2023},
date = {2023-02-14},
urldate = {2023-02-14},
publisher = {AAMAS},
abstract = {Multi-Agent Systems (MAS) is the study of multi-agent interactions in a shared environment. Communication for cooperation is a fundamental construct for sharing information in partially observable environments. Cooperative Multi-Agent Reinforcement Learning (CoMARL) is a learning framework where we learn agent policies either with cooperative mechanisms or policies that exhibit cooperative behavior. Explicitly, there are works on learning to communicate messages from CoMARL agents; however, non-cooperative agents, when capable of access a cooperative team's communication channel, have been shown to learn adversarial communication messages, sabotaging the cooperative team's performance particularly when objectives depend on finite resources. To address this issue, we propose a technique which leverages local formulations of Theory-of-Mind (ToM) to distinguish exhibited cooperative behavior from non-cooperative behavior before accepting messages from any agent. We demonstrate the efficacy and feasibility of the proposed technique in empirical evaluations in a centralized training, decentralized execution (CTDE) CoMARL benchmark. Furthermore, while we propose our explicit ToM defense for test-time, we emphasize that ToM is a construct for designing a cognitive defense rather than be the objective of the defense.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Multi-Agent Systems (MAS) is the study of multi-agent interactions in a shared environment. Communication for cooperation is a fundamental construct for sharing information in partially observable environments. Cooperative Multi-Agent Reinforcement Learning (CoMARL) is a learning framework where we learn agent policies either with cooperative mechanisms or policies that exhibit cooperative behavior. Explicitly, there are works on learning to communicate messages from CoMARL agents; however, non-cooperative agents, when capable of access a cooperative team's communication channel, have been shown to learn adversarial communication messages, sabotaging the cooperative team's performance particularly when objectives depend on finite resources. To address this issue, we propose a technique which leverages local formulations of Theory-of-Mind (ToM) to distinguish exhibited cooperative behavior from non-cooperative behavior before accepting messages from any agent. We demonstrate the efficacy and feasibility of the proposed technique in empirical evaluations in a centralized training, decentralized execution (CTDE) CoMARL benchmark. Furthermore, while we propose our explicit ToM defense for test-time, we emphasize that ToM is a construct for designing a cognitive defense rather than be the objective of the defense.
Piazza, Nancirose; Behzadan, Vahid
A Theory of Mind Approach as Test-Time Mitigation Against Emergent Adversarial Communication Conference
AAMAS, https://arxiv.org/abs/2302.07176, 2023.
Abstract | Links | BibTeX | Tags:
@conference{nokey,
title = {A Theory of Mind Approach as Test-Time Mitigation Against Emergent Adversarial Communication},
author = {Piazza , Nancirose and Behzadan , Vahid },
url = {https://arxiv.org/abs/2302.07176},
doi = {arXiv:2302.07176},
year = {2023},
date = {2023-02-14},
urldate = {2023-02-14},
publisher = {AAMAS},
address = {https://arxiv.org/abs/2302.07176},
abstract = {Multi-Agent Systems (MAS) is the study of multi-agent interactions in a shared environment. Communication for cooperation is a fundamental construct for sharing information in partially observable environments. Cooperative Multi-Agent Reinforcement Learning (CoMARL) is a learning framework where we learn agent policies either with cooperative mechanisms or policies that exhibit cooperative behavior. Explicitly, there are works on learning to communicate messages from CoMARL agents; however, non-cooperative agents, when capable of access a cooperative team's communication channel, have been shown to learn adversarial communication messages, sabotaging the cooperative team's performance particularly when objectives depend on finite resources. To address this issue, we propose a technique which leverages local formulations of Theory-of-Mind (ToM) to distinguish exhibited cooperative behavior from non-cooperative behavior before accepting messages from any agent. We demonstrate the efficacy and feasibility of the proposed technique in empirical evaluations in a centralized training, decentralized execution (CTDE) CoMARL benchmark. Furthermore, while we propose our explicit ToM defense for test-time, we emphasize that ToM is a construct for designing a cognitive defense rather than be the objective of the defense.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Multi-Agent Systems (MAS) is the study of multi-agent interactions in a shared environment. Communication for cooperation is a fundamental construct for sharing information in partially observable environments. Cooperative Multi-Agent Reinforcement Learning (CoMARL) is a learning framework where we learn agent policies either with cooperative mechanisms or policies that exhibit cooperative behavior. Explicitly, there are works on learning to communicate messages from CoMARL agents; however, non-cooperative agents, when capable of access a cooperative team's communication channel, have been shown to learn adversarial communication messages, sabotaging the cooperative team's performance particularly when objectives depend on finite resources. To address this issue, we propose a technique which leverages local formulations of Theory-of-Mind (ToM) to distinguish exhibited cooperative behavior from non-cooperative behavior before accepting messages from any agent. We demonstrate the efficacy and feasibility of the proposed technique in empirical evaluations in a centralized training, decentralized execution (CTDE) CoMARL benchmark. Furthermore, while we propose our explicit ToM defense for test-time, we emphasize that ToM is a construct for designing a cognitive defense rather than be the objective of the defense.
2022
Alizadeh, Azar; Tavallali, Pooya; Behzadan, Vahid; Singhal, Mukesh
STOCHASTIC INDUCTION OF DECISION TREES WITH APPLICATION TO LEARNING HAAR TREES Conference
291 2022.
Abstract | Links | BibTeX | Tags:
@conference{nokey,
title = {STOCHASTIC INDUCTION OF DECISION TREES WITH APPLICATION TO LEARNING HAAR TREES},
author = {Alizadeh, Azar and Tavallali , Pooya and Behzadan , Vahid and Singhal , Mukesh},
url = {https://openreview.net/forum?id=Ihxw4h-JnC},
year = {2022},
date = {2022-12-14},
urldate = {2022-12-14},
series = {291},
abstract = {Decision trees are a convenient and established approach for any supervised learning task and are used in a broad
range of applications. Decision trees are trained by greedily splitting the leaf nodes into a split and two leaf nodes until
a certain stopping criterion is reached. The procedure of splitting a node consists of finding the best feature and
threshold that minimizes a criterion. The criterion minimization problem is solved through an exhaustive search
algorithm. However, this exhaustive search algorithm is very expensive, especially, if the number of samples and
features are high. In this paper, we propose a novel stochastic approach for the criterion minimization. Asymptotically,
the proposed algorithm
is faster than conventional exhaustive search by several orders of magnitude. It is further shown that the proposed
approach minimizes an upper bound for the criterion. Experimentally, the algorithm is compared with several other
related state-of-the-art decision tree learning methods, including the baseline non-stochastic approach. The proposed
algorithm outperforms every other decision tree learning (including online and fast) approaches and performs as well as
the baseline algorithm in terms of accuracy and computational cost, despite being non-deterministic. For empirical
evaluation, we apply the proposed algorithm to learn a Haar tree over MNIST dataset that consists of over 200, 000
features and 60, 000 samples. This tree achieved a test accuracy of 94% over MNIST which is 4% higher than for any
other known axis-aligned tree. This result is comparable to
the performance of oblique trees while providing a significant speed-up in both inference and training times.
},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Decision trees are a convenient and established approach for any supervised learning task and are used in a broad
range of applications. Decision trees are trained by greedily splitting the leaf nodes into a split and two leaf nodes until
a certain stopping criterion is reached. The procedure of splitting a node consists of finding the best feature and
threshold that minimizes a criterion. The criterion minimization problem is solved through an exhaustive search
algorithm. However, this exhaustive search algorithm is very expensive, especially, if the number of samples and
features are high. In this paper, we propose a novel stochastic approach for the criterion minimization. Asymptotically,
the proposed algorithm
is faster than conventional exhaustive search by several orders of magnitude. It is further shown that the proposed
approach minimizes an upper bound for the criterion. Experimentally, the algorithm is compared with several other
related state-of-the-art decision tree learning methods, including the baseline non-stochastic approach. The proposed
algorithm outperforms every other decision tree learning (including online and fast) approaches and performs as well as
the baseline algorithm in terms of accuracy and computational cost, despite being non-deterministic. For empirical
evaluation, we apply the proposed algorithm to learn a Haar tree over MNIST dataset that consists of over 200, 000
features and 60, 000 samples. This tree achieved a test accuracy of 94% over MNIST which is 4% higher than for any
other known axis-aligned tree. This result is comparable to
the performance of oblique trees while providing a significant speed-up in both inference and training times.
range of applications. Decision trees are trained by greedily splitting the leaf nodes into a split and two leaf nodes until
a certain stopping criterion is reached. The procedure of splitting a node consists of finding the best feature and
threshold that minimizes a criterion. The criterion minimization problem is solved through an exhaustive search
algorithm. However, this exhaustive search algorithm is very expensive, especially, if the number of samples and
features are high. In this paper, we propose a novel stochastic approach for the criterion minimization. Asymptotically,
the proposed algorithm
is faster than conventional exhaustive search by several orders of magnitude. It is further shown that the proposed
approach minimizes an upper bound for the criterion. Experimentally, the algorithm is compared with several other
related state-of-the-art decision tree learning methods, including the baseline non-stochastic approach. The proposed
algorithm outperforms every other decision tree learning (including online and fast) approaches and performs as well as
the baseline algorithm in terms of accuracy and computational cost, despite being non-deterministic. For empirical
evaluation, we apply the proposed algorithm to learn a Haar tree over MNIST dataset that consists of over 200, 000
features and 60, 000 samples. This tree achieved a test accuracy of 94% over MNIST which is 4% higher than for any
other known axis-aligned tree. This result is comparable to
the performance of oblique trees while providing a significant speed-up in both inference and training times.
Upadhayay, Bibek; Behzadan, Vahid
Adversarial Stimuli: Attacking Brain-Computer Interfaces via Perturbed Sensory Events Bachelor Thesis
2022.
@bachelorthesis{nokey,
title = {Adversarial Stimuli: Attacking Brain-Computer Interfaces via Perturbed Sensory Events},
author = {Upadhayay , Bibek and Behzadan , Vahid},
url = {https://arxiv.org/abs/2211.10033},
doi = { https://doi.org/10.48550/arXiv.2211.10033},
year = {2022},
date = {2022-11-18},
journal = {IEEE},
keywords = {},
pubstate = {published},
tppubtype = {bachelorthesis}
}
Alizadeh, Azar; Tavallali, Pooya; Behzadan, Vahid; Singhal, Mukesh; Ranganath, Aditya
2022 IEEE International Conference on Image Processing (ICIP), 2022.
Abstract | Links | BibTeX | Tags:
@conference{https://doi.org/10.1109/ICIP46576.2022.9897807,
title = {Adversarial Label-Poisoning Attacks and Defense for General Multi-Class Models Based on Synthetic Reduced Nearest Neighbor},
author = {Alizadeh, Azar and Tavallali , Pooya and Behzadan , Vahid and Singhal , Mukesh and Ranganath,Aditya},
url = {https://ieeexplore.ieee.org/abstract/document/9897807},
doi = {10.1109/ICIP46576.2022.9897807},
year = {2022},
date = {2022-10-18},
urldate = {2022-10-18},
publisher = {2022 IEEE International Conference on Image Processing (ICIP)},
abstract = {Machine learning models are vulnerable to data poisoning attacks whose purpose is to undermine the model’s integrity. However, the current literature on data poisoning attacks mainly focuses on ad hoc techniques that are generally limited to either binary classifiers or to gradient-based algorithms. To address these limitations, we propose a novel model-free label-flipping attack based on the multi-modality of the data, in which the adversary targets the clusters of classes while constrained by a label-flipping budget. The complexity of our proposed attack algorithm is linear in time over the size of the dataset. Also, the proposed attack can increase the error up to two times for the same attack budget. Second, a novel defense technique is proposed based on the Synthetic Reduced Nearest Neighbor model. The defense technique can detect and exclude flipped samples on the fly during the training procedure. Our empirical analysis demonstrates that (i) the proposed attack technique can deteriorate the accuracy of several models drastically, and (ii) under the proposed attack, the proposed defense technique significantly outperforms other conventional machine learning models in recovering the accuracy of the targeted model.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Machine learning models are vulnerable to data poisoning attacks whose purpose is to undermine the model’s integrity. However, the current literature on data poisoning attacks mainly focuses on ad hoc techniques that are generally limited to either binary classifiers or to gradient-based algorithms. To address these limitations, we propose a novel model-free label-flipping attack based on the multi-modality of the data, in which the adversary targets the clusters of classes while constrained by a label-flipping budget. The complexity of our proposed attack algorithm is linear in time over the size of the dataset. Also, the proposed attack can increase the error up to two times for the same attack budget. Second, a novel defense technique is proposed based on the Synthetic Reduced Nearest Neighbor model. The defense technique can detect and exclude flipped samples on the fly during the training procedure. Our empirical analysis demonstrates that (i) the proposed attack technique can deteriorate the accuracy of several models drastically, and (ii) under the proposed attack, the proposed defense technique significantly outperforms other conventional machine learning models in recovering the accuracy of the targeted model.
Alizadeh, Azar; Behzadan, Vahid; Tavallali, Pooya; Ranganath, Aditya; Singhal, Mukesh
A NOVEL APPROACH FOR SYNTHETIC REDUCED NEAREST-NEIGHBOR LEVERAGING NEURAL NETWORKS Conference Forthcoming
no. 304, IEEE 2022 International Conference on Machine Learning and Applications, Forthcoming.
Abstract | Links | BibTeX | Tags:
@conference{nokey,
title = {A NOVEL APPROACH FOR SYNTHETIC REDUCED NEAREST-NEIGHBOR LEVERAGING NEURAL NETWORKS},
author = {Alizadeh , Azar and Behzadan , Vahid and Tavallali , Pooya and Ranganath , Aditya and Singhal , Mukesh
},
url = {https://sail-lab.org/wp-content/uploads/2022/11/ICMLA1-1-2.pdf},
year = {2022},
date = {2022-09-02},
urldate = {2022-09-02},
number = {304},
publisher = {IEEE 2022 International Conference on Machine Learning and Applications},
abstract = {Synthetic Reduced Nearest Neighbor is the nearest
neighbor model which is constrained on synthetic samples (i.e.,
prototypes). The body of work on such models includes proposals for improving the interpretability and optimization of
SRNN models using expectation maximization. Motivated by the promise of this paradigm, we propose a novel
expectation maximization approach for Synthetic Reduced Nearest Neighbors leveraging neural networks.
Furthermore, we compare the performance of our proposed technique to classical state-of-the-art machine learning
methods such as random forest and ensemble models. The empirical results demonstrate the advantages of using
neural networks in lieu of an expectation maximization algorithm.},
keywords = {},
pubstate = {forthcoming},
tppubtype = {conference}
}
Synthetic Reduced Nearest Neighbor is the nearest
neighbor model which is constrained on synthetic samples (i.e.,
prototypes). The body of work on such models includes proposals for improving the interpretability and optimization of
SRNN models using expectation maximization. Motivated by the promise of this paradigm, we propose a novel
expectation maximization approach for Synthetic Reduced Nearest Neighbors leveraging neural networks.
Furthermore, we compare the performance of our proposed technique to classical state-of-the-art machine learning
methods such as random forest and ensemble models. The empirical results demonstrate the advantages of using
neural networks in lieu of an expectation maximization algorithm.
neighbor model which is constrained on synthetic samples (i.e.,
prototypes). The body of work on such models includes proposals for improving the interpretability and optimization of
SRNN models using expectation maximization. Motivated by the promise of this paradigm, we propose a novel
expectation maximization approach for Synthetic Reduced Nearest Neighbors leveraging neural networks.
Furthermore, we compare the performance of our proposed technique to classical state-of-the-art machine learning
methods such as random forest and ensemble models. The empirical results demonstrate the advantages of using
neural networks in lieu of an expectation maximization algorithm.
Mazinani, Mitra; Contreras-Correa, Zully E.; Behzadan, Vahid; Gopal, Shreya; O. Lemley, Caleb
2022.
@conference{nokey,
title = {Effects of Maternal Nutrient Restriction and Melatonin Supplementation on Cardiomyocyte Cell Development Parameters Using Machine Learning Techniques},
author = {Mazinani, Mitra and Zully E. Contreras-Correa and Behzadan,Vahid and Gopal,Shreya and O. Lemley,Caleb },
url = {https://www.mdpi.com/2076-2615/12/14/1818},
doi = {https://doi.org/10.3390/ani12141818},
year = {2022},
date = {2022-07-16},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Upadhayay, Bibek; Behzadan, Vahid
Hybrid Deep Learning Model for Fake News Detection in Social Networks (Student Abstract) Conference
2022.
Abstract | Links | BibTeX | Tags:
@conference{nokey,
title = {Hybrid Deep Learning Model for Fake News Detection in Social Networks (Student Abstract)},
author = {Upadhayay , Bibek and Behzadan , Vahid },
url = {https://ojs.aaai.org/index.php/AAAI/article/view/21670},
doi = { https://doi.org/10.1609/aaai.v36i11.21670},
year = {2022},
date = {2022-05-28},
urldate = {2022-05-28},
abstract = {The proliferation of fake news has grown into a global concern with adverse socio-political and economical impact. In recent years, machine learning has emerged as a promising approach to the automation of detecting and tracking fake news at scale. Current state of the art in the identification of fake news is generally focused on semantic analysis of the text, resulting in promising performance in automated detection of fake news. However, fake news campaigns are also evolving in response to such new technologies by mimicking semantic features of genuine news, which can significantly affect the performance of fake news classifiers trained on contextually limited features. In this work, we propose a novel hybrid deep learning model for fake news detection that augments the semantic characteristics of the news with features extracted from the structure of the dissemination network. To this end, we first extend the LIAR dataset by integrating sentiment and affective features to the data, and then use a BERT-based model to obtain a representation of the text. Moreover, we propose a novel approach for fake news detection based on Graph Attention Networks to leverage the user-centric features and graph features of news residing social network in addition to the features extracted in the previous steps. Experimental evaluation of our approach shows classification accuracy of 97% on the Politifact dataset. We also examined the generalizability of our proposed model on the BuzzFeed dataset, resulting in an accuracy 89.50%.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
The proliferation of fake news has grown into a global concern with adverse socio-political and economical impact. In recent years, machine learning has emerged as a promising approach to the automation of detecting and tracking fake news at scale. Current state of the art in the identification of fake news is generally focused on semantic analysis of the text, resulting in promising performance in automated detection of fake news. However, fake news campaigns are also evolving in response to such new technologies by mimicking semantic features of genuine news, which can significantly affect the performance of fake news classifiers trained on contextually limited features. In this work, we propose a novel hybrid deep learning model for fake news detection that augments the semantic characteristics of the news with features extracted from the structure of the dissemination network. To this end, we first extend the LIAR dataset by integrating sentiment and affective features to the data, and then use a BERT-based model to obtain a representation of the text. Moreover, we propose a novel approach for fake news detection based on Graph Attention Networks to leverage the user-centric features and graph features of news residing social network in addition to the features extracted in the previous steps. Experimental evaluation of our approach shows classification accuracy of 97% on the Politifact dataset. We also examined the generalizability of our proposed model on the BuzzFeed dataset, resulting in an accuracy 89.50%.
2021
Piazza, Nancirose; Behzadan, Vahid
Mitigation of Adversarial Policy Imitation via Constrained Randomization of Policy (CRoP) Conference
2021.
Abstract | Links | BibTeX | Tags:
@conference{,
title = {Mitigation of Adversarial Policy Imitation via Constrained Randomization of Policy (CRoP)},
author = {Piazza, Nancirose and Behzadan , Vahid },
doi = { https://doi.org/10.48550/arXiv.2109.14678},
year = {2021},
date = {2021-09-29},
urldate = {2021-09-29},
abstract = {Deep reinforcement learning (DRL) policies are vulnerable to unauthorized replication attacks, where an adversary exploits imitation learning to reproduce target policies from observed behavior. In this paper, we propose Constrained Randomization of Policy (CRoP) as a mitigation technique against such attacks. CRoP induces the execution of sub-optimal actions at random underperformance loss constraints. We present a parametric analysis of CRoP, address the optimality of CRoP, and establish theoretical bounds on the adversarial budget and the expectation of loss. Furthermore, we report the experimental evaluation of CRoP in Atari environments under adversarial imitation, which demonstrates the efficacy and feasibility of our proposed method against policy replication attacks. },
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Deep reinforcement learning (DRL) policies are vulnerable to unauthorized replication attacks, where an adversary exploits imitation learning to reproduce target policies from observed behavior. In this paper, we propose Constrained Randomization of Policy (CRoP) as a mitigation technique against such attacks. CRoP induces the execution of sub-optimal actions at random underperformance loss constraints. We present a parametric analysis of CRoP, address the optimality of CRoP, and establish theoretical bounds on the adversarial budget and the expectation of loss. Furthermore, we report the experimental evaluation of CRoP in Atari environments under adversarial imitation, which demonstrates the efficacy and feasibility of our proposed method against policy replication attacks.
Tavallali, Pooya; Behzadan, Vahid; Singhal, Mukesh
Synthetic Reduced Nearest Neighbor Model for Regression Journal Article
In: 2021.
Abstract | Links | BibTeX | Tags:
@article{behzadan2020foundingbcb,
title = {Synthetic Reduced Nearest Neighbor Model for Regression },
author = {Tavallali, Pooya and Behzadan , Vahid and Singhal , Mukesh },
url = {https://openreview.net/forum?id=0n1UvVzW99x},
year = {2021},
date = {2021-09-28},
urldate = {2021-09-28},
booktitle = {Under Review at CVPR 2021},
abstract = {Nearest neighbor models are among the most established and accurate approaches to machine learning. In this paper, we investigate Synthetic Reduced Nearest Neighbor (SRNN) as a novel approach to regression tasks. Existing prototype nearest neighbor models are initialized by training a k-means model over each class. However, such initialization is only applicable to classification tasks. In this work, we propose a novel initialization and expectation maximization approach for enabling the application of SRNN to regression. The proposed initialization approach is based on applying the k-means algorithm on the target responses of samples to create various clusters of targets. This is proceeded by learning several centroids in the input space for each cluster found over the targets. Essentially, the initialization consists of finding target clusters and running k-means in the space of feature vectors for the corresponding target cluster. The optimization procedure consists of applying an expectation maximization approach similar to the k-means algorithm that optimizes the centroids in the input space. This algorithm is comprised of two steps: (1) The assignment step, where assignments of the samples to each centroid is found and the target response (i.e., prediction) of each centroid is determined; and (2) the update/centroid step, where each centroid is updated such that the loss function of the entire model is minimized. We will show that the centroid step operates over all samples via solving a weighted binary classification. However, the centroid step is NP-hard and no surrogate objective function exists for solving this problem. Therefore, a new surrogate is proposed to approximate the solution for the centroid step. Furthermore, we consider the consistency of the model, and show that the model is consistent under mild assumptions. The bias-variance relationship in this model is also discussed. We report the empirical evaluation of the proposed SRNN regression model in comparison to several state-of-the-art techniques.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Nearest neighbor models are among the most established and accurate approaches to machine learning. In this paper, we investigate Synthetic Reduced Nearest Neighbor (SRNN) as a novel approach to regression tasks. Existing prototype nearest neighbor models are initialized by training a k-means model over each class. However, such initialization is only applicable to classification tasks. In this work, we propose a novel initialization and expectation maximization approach for enabling the application of SRNN to regression. The proposed initialization approach is based on applying the k-means algorithm on the target responses of samples to create various clusters of targets. This is proceeded by learning several centroids in the input space for each cluster found over the targets. Essentially, the initialization consists of finding target clusters and running k-means in the space of feature vectors for the corresponding target cluster. The optimization procedure consists of applying an expectation maximization approach similar to the k-means algorithm that optimizes the centroids in the input space. This algorithm is comprised of two steps: (1) The assignment step, where assignments of the samples to each centroid is found and the target response (i.e., prediction) of each centroid is determined; and (2) the update/centroid step, where each centroid is updated such that the loss function of the entire model is minimized. We will show that the centroid step operates over all samples via solving a weighted binary classification. However, the centroid step is NP-hard and no surrogate objective function exists for solving this problem. Therefore, a new surrogate is proposed to approximate the solution for the centroid step. Furthermore, we consider the consistency of the model, and show that the model is consistent under mild assumptions. The bias-variance relationship in this model is also discussed. We report the empirical evaluation of the proposed SRNN regression model in comparison to several state-of-the-art techniques.
Upadhayay, Bibek; M. Lodhia, Zeeshan Ahmed; Behzadan, Vahid
Combating Human Trafficking via Automatic OSINT Collection, Validation and Fusion Proceedings Article
In: Workshop Proceedings of the 15th International AAAI Conference on Web and Social Media, 2021.
Abstract | Links | BibTeX | Tags:
@inproceedings{nokey,
title = {Combating Human Trafficking via Automatic OSINT Collection, Validation and Fusion},
author = {Upadhayay, Bibek and M. Lodhia , Zeeshan Ahmed and Behzadan , Vahid },
url = {https://workshop-proceedings.icwsm.org/pdf/2021_17.pdf},
year = {2021},
date = {2021-06-01},
urldate = {2021-06-01},
publisher = {Workshop Proceedings of the 15th International AAAI Conference on Web and Social Media},
abstract = {A major challenge in combating global human trafficking is the availability of actionable intelligence about trafficking events and operations. The lack of timely and structured data remains a significant bottleneck in the monitoring and mitigation of human trafficking. In this collaborative work with Love Justice International1, we aim to address this issue by developing an automated pipeline based on recent advances in natural language processing and machine learning to streamline the curation, analysis, and extraction of actionable intelligence from multi-sourced news media as Open-sources of Intelligence (OSINT). In our solution, we utilize and enhance the BERT Question Answering language model for information extraction from the unstructured text of the news. Furthermore, we develop algorithms for measuring the relevance and novelty of curated news articles to reduce the computation cost and redundant processing. Moreover, we evaluate the proposed pipeline on a dataset of annotated news articles containing actionable intelligence about victims and perpetrators of human trafficking.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
A major challenge in combating global human trafficking is the availability of actionable intelligence about trafficking events and operations. The lack of timely and structured data remains a significant bottleneck in the monitoring and mitigation of human trafficking. In this collaborative work with Love Justice International1, we aim to address this issue by developing an automated pipeline based on recent advances in natural language processing and machine learning to streamline the curation, analysis, and extraction of actionable intelligence from multi-sourced news media as Open-sources of Intelligence (OSINT). In our solution, we utilize and enhance the BERT Question Answering language model for information extraction from the unstructured text of the news. Furthermore, we develop algorithms for measuring the relevance and novelty of curated news articles to reduce the computation cost and redundant processing. Moreover, we evaluate the proposed pipeline on a dataset of annotated news articles containing actionable intelligence about victims and perpetrators of human trafficking.
Zinzuvadiya, Milan; Behzadan, Vahid
Proceedings of the AAAI Conference on Artificial Intelligence, 2021.
Abstract | Links | BibTeX | Tags:
@conference{behzadan2020foundingb,
title = {State-Wise Adaptive Discounting from Experience (SADE): A Novel Discounting Scheme for Reinforcement Learning (Student Abstract)},
author = {Zinzuvadiya , Milan and Behzadan , Vahid },
url = {https://ojs.aaai.org/index.php/AAAI/article/view/17973},
doi = {https://doi.org/10.1609/aaai.v35i18.17973},
year = {2021},
date = {2021-05-18},
urldate = {2021-05-18},
booktitle = {Proceedings of the AAAI Conference on Artificial Intelligence},
journal = {Proceedings of the AAAI Conference on Artificial Intelligence},
abstract = {In Markov Decision Process (MDP) models of sequential decision-making, it is common practice to account for temporal discounting by incorporating a constant discount factor. While the effectiveness of fixed-rate discounting in various Reinforcement Learning (RL) settings is well-established, the efficiency of this scheme has been questioned in recent studies. Another notable shortcoming of fixed-rate discounting stems from abstracting away the experiential information of the agent, which is shown to be a significant component of delay discounting in human cognition. To address this issue, we propose State-wise Adaptive Discounting from Experience (SADE) as a novel adaptive discounting scheme for RL agents. SADE leverages the experiential observations of state values in episodic trajectories to iteratively adjust state-specific discount rates. We report experimental evaluations of SADE in Q-learning agents, which demonstrate significant enhancement of sample complexity and convergence rate compared to fixed-rate discounting.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
In Markov Decision Process (MDP) models of sequential decision-making, it is common practice to account for temporal discounting by incorporating a constant discount factor. While the effectiveness of fixed-rate discounting in various Reinforcement Learning (RL) settings is well-established, the efficiency of this scheme has been questioned in recent studies. Another notable shortcoming of fixed-rate discounting stems from abstracting away the experiential information of the agent, which is shown to be a significant component of delay discounting in human cognition. To address this issue, we propose State-wise Adaptive Discounting from Experience (SADE) as a novel adaptive discounting scheme for RL agents. SADE leverages the experiential observations of state values in episodic trajectories to iteratively adjust state-specific discount rates. We report experimental evaluations of SADE in Q-learning agents, which demonstrate significant enhancement of sample complexity and convergence rate compared to fixed-rate discounting.
Vahid; Tavallali Behzadan, P. Pooya
2021.
Abstract | Links | BibTeX | Tags:
@unpublished{behzadan2020foundingbc,
title = {Adversarial Poisoning Attacks and Defense for General Multi-Class Models Based On Synthetic Reduced Nearest Neighbors.},
author = {Behzadan, Vahid; Tavallali, P. Pooya},
url = {https://arxiv.org/abs/2102.05867},
year = {2021},
date = {2021-01-01},
booktitle = {Under Review at CVPR 2021},
abstract = {State-of-the-art machine learning models are vulnerable to data poisoning attacks whose purpose is to undermine the integrity of the model. However, the current literature on data poisoning attacks is mainly focused on ad hoc techniques that are only applicable to specific machine learning models. Additionally, the existing data poisoning attacks in the literature are limited to either binary classifiers or to gradient-based algorithms. To address these limitations, this paper first proposes a novel model-free label-flipping attack based on the multi-modality of the data, in which the adversary targets the clusters of classes while constrained by a label-flipping budget. The complexity of our proposed attack algorithm is linear in time over the size of the dataset. Also, the proposed attack can increase the error up to two times for the same attack budget. Second, a novel defense technique based on the Synthetic Reduced Nearest Neighbor (SRNN) model is proposed. The defense technique can detect and exclude flipped samples on the fly during the training procedure. Through extensive experimental analysis, we demonstrate that (i) the proposed attack technique can deteriorate the accuracy of several models drastically, and (ii) under the proposed attack, the proposed defense technique significantly outperforms other conventional machine learning models in recovering the accuracy of the targeted model.},
keywords = {},
pubstate = {published},
tppubtype = {unpublished}
}
State-of-the-art machine learning models are vulnerable to data poisoning attacks whose purpose is to undermine the integrity of the model. However, the current literature on data poisoning attacks is mainly focused on ad hoc techniques that are only applicable to specific machine learning models. Additionally, the existing data poisoning attacks in the literature are limited to either binary classifiers or to gradient-based algorithms. To address these limitations, this paper first proposes a novel model-free label-flipping attack based on the multi-modality of the data, in which the adversary targets the clusters of classes while constrained by a label-flipping budget. The complexity of our proposed attack algorithm is linear in time over the size of the dataset. Also, the proposed attack can increase the error up to two times for the same attack budget. Second, a novel defense technique based on the Synthetic Reduced Nearest Neighbor (SRNN) model is proposed. The defense technique can detect and exclude flipped samples on the fly during the training procedure. Through extensive experimental analysis, we demonstrate that (i) the proposed attack technique can deteriorate the accuracy of several models drastically, and (ii) under the proposed attack, the proposed defense technique significantly outperforms other conventional machine learning models in recovering the accuracy of the targeted model.
2020
Baggili, Ibrahim; Behzadan, Vahid
Founding the domain of AI forensics Conference
SafeAI@ AAAI, 2020.
Abstract | Links | BibTeX | Tags:
@conference{behzadan2020founding,
title = {Founding the domain of AI forensics},
author = {Baggili, Ibrahim and Behzadan , Vahid },
doi = { https://doi.org/10.48550/arXiv.1912.06497},
year = {2020},
date = {2020-12-11},
urldate = {2020-01-11},
booktitle = {SafeAI@ AAAI},
pages = {31--35},
abstract = {With the widespread integration of AI in everyday and critical technologies, it seems inevitable to witness increasing instances of failure in AI systems. In such cases, there arises a need for technical investigations that produce legally acceptable and scientifically indisputable findings and conclusions on the causes of such failures. Inspired by the domain of cyber forensics, this paper introduces the need for the establishment of AI Forensics as a new discipline under AI safety. Furthermore, we propose a taxonomy of the subfields under this discipline, and present a discussion on the foundational challenges that lay ahead of this new research area.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
With the widespread integration of AI in everyday and critical technologies, it seems inevitable to witness increasing instances of failure in AI systems. In such cases, there arises a need for technical investigations that produce legally acceptable and scientifically indisputable findings and conclusions on the causes of such failures. Inspired by the domain of cyber forensics, this paper introduces the need for the establishment of AI Forensics as a new discipline under AI safety. Furthermore, we propose a taxonomy of the subfields under this discipline, and present a discussion on the foundational challenges that lay ahead of this new research area.
Upadhayay, Bibek; Behzadan, Vahid
Sentimental LIAR: Extended Corpus and Deep Learning Models for Fake Claim Classification Conference
IEEE, 2020.
Abstract | Links | BibTeX | Tags:
@conference{nokey,
title = {Sentimental LIAR: Extended Corpus and Deep Learning Models for Fake Claim Classification},
author = {Upadhayay, Bibek and Behzadan , Vahid },
doi = {10.1109/ISI49825.2020.9280528},
year = {2020},
date = {2020-11-10},
urldate = {2020-11-10},
publisher = {IEEE},
abstract = {The rampant integration of social media in our every day lives and culture has given rise to fast and easier access to the flow of information than ever in human history. However, the inherently unsupervised nature of social media platforms has also made it easier to spread false information and fake news. Furthermore, the high volume and velocity of information flow in such platforms make manual supervision and control of information propagation infeasible. This paper aims to address this issue by proposing a novel deep learning approach for automated detection of false short-text claims on social media. We first introduce Sentimental LIAR, which extends the LIAR dataset of short claims by adding features based on sentiment and emotion analysis of claims. Furthermore, we propose a novel deep learning architecture based on the BERT-Base language model for classification of claims as genuine or fake. Our results demonstrate that the proposed architecture trained on Sentimental LIAR can achieve an accuracy of 70%, which is an improvement of 30% over previously reported results for the LIAR benchmark.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
The rampant integration of social media in our every day lives and culture has given rise to fast and easier access to the flow of information than ever in human history. However, the inherently unsupervised nature of social media platforms has also made it easier to spread false information and fake news. Furthermore, the high volume and velocity of information flow in such platforms make manual supervision and control of information propagation infeasible. This paper aims to address this issue by proposing a novel deep learning approach for automated detection of false short-text claims on social media. We first introduce Sentimental LIAR, which extends the LIAR dataset of short claims by adding features based on sentiment and emotion analysis of claims. Furthermore, we propose a novel deep learning architecture based on the BERT-Base language model for classification of claims as genuine or fake. Our results demonstrate that the proposed architecture trained on Sentimental LIAR can achieve an accuracy of 70%, which is an improvement of 30% over previously reported results for the LIAR benchmark.
Faghan, Yaser; Piazza, Nancirose; Behzadan, Vahid; Fathi, Ali.
Adversarial Attacks on Deep Algorithmic Trading Policies. Conference
Under Review at RSEML 2021 – arXiv preprint arXiv:2010.11388 (2020), 2020.
Abstract | Links | BibTeX | Tags:
@conference{behzadan2020foundingbb,
title = {Adversarial Attacks on Deep Algorithmic Trading Policies. },
author = {Faghan, Yaser and Piazza , Nancirose and Behzadan , Vahid and Fathi , Ali .},
url = {https://arxiv.org/abs/2010.11388},
year = {2020},
date = {2020-10-22},
urldate = {2021-01-01},
booktitle = {Under Review at RSEML 2021 – arXiv preprint arXiv:2010.11388 (2020)},
abstract = {Deep Reinforcement Learning (DRL) has become an appealing solution to algorithmic trading such as high frequency trading of stocks and cyptocurrencies. However, DRL have been shown to be susceptible to adversarial attacks. It follows that algorithmic trading DRL agents may also be compromised by such adversarial techniques, leading to policy manipulation. In this paper, we develop a threat model for deep trading policies, and propose two attack techniques for manipulating the performance of such policies at test-time. Furthermore, we demonstrate the effectiveness of the proposed attacks against benchmark and real-world DQN trading agents.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Deep Reinforcement Learning (DRL) has become an appealing solution to algorithmic trading such as high frequency trading of stocks and cyptocurrencies. However, DRL have been shown to be susceptible to adversarial attacks. It follows that algorithmic trading DRL agents may also be compromised by such adversarial techniques, leading to policy manipulation. In this paper, we develop a threat model for deep trading policies, and propose two attack techniques for manipulating the performance of such policies at test-time. Furthermore, we demonstrate the effectiveness of the proposed attacks against benchmark and real-world DQN trading agents.
Piazza, Nancirose
Classification Between Machine Translated Text and Original Text By Part Of Speech Tagging Representation Proceedings Article
In: 2020 IEEE 7th International Conference on Data Science and Advanced Analytics (DSAA), IEEE, 2020, ISBN: 978-1-7281-8207-0.
Abstract | Links | BibTeX | Tags:
@inproceedings{behzadan2020foundingbe,
title = {Classification Between Machine Translated Text and Original Text By Part Of Speech Tagging Representation},
author = {Piazza, Nancirose },
doi = {10.1109/DSAA49011.2020.00092},
isbn = {978-1-7281-8207-0},
year = {2020},
date = {2020-10-09},
urldate = {2020-10-09},
booktitle = {2020 IEEE 7th International Conference on Data Science and Advanced Analytics (DSAA)},
journal = {IEEE 7th International Conference on Data Science and Advanced Analytics (DSAA)},
publisher = {IEEE},
abstract = {Classification between machine-translated text and original text are often tokenized on vocabulary of the corpi. With N-grams larger than uni-gram, one can create a model that estimates a decision boundary based on word frequency probability distribution; however, this approach is exponentially expensive because of high dimensionality and sparsity. Instead, we let samples of the corpi be represented by part-of-speech tagging which is significantly less vocabulary. With less trigram permutations, we can create a model with its tri-gram frequency probability distribution. In this paper, we explore less conventional ways of approaching techniques for handling documents, dictionaries, and the likes.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Classification between machine-translated text and original text are often tokenized on vocabulary of the corpi. With N-grams larger than uni-gram, one can create a model that estimates a decision boundary based on word frequency probability distribution; however, this approach is exponentially expensive because of high dimensionality and sparsity. Instead, we let samples of the corpi be represented by part-of-speech tagging which is significantly less vocabulary. With less trigram permutations, we can create a model with its tri-gram frequency probability distribution. In this paper, we explore less conventional ways of approaching techniques for handling documents, dictionaries, and the likes.
Bose, Avishek; Behzadan, Vahid; Aguirre, Carlos; H. Hsu, William
A novel approach for detection and ranking of trendy and emerging cyber threat events in twitter streams Proceedings Article
In: 2020.
Abstract | Links | BibTeX | Tags:
@inproceedings{bose2019novel,
title = {A novel approach for detection and ranking of trendy and emerging cyber threat events in twitter streams},
author = {Bose, Avishek and Behzadan , Vahid and Aguirre , Carlos and H. Hsu , William },
url = {https://dl.acm.org/doi/abs/10.1145/3341161.3344379},
doi = {10.1145/3341161.3344379},
year = {2020},
date = {2020-08-30},
urldate = {2020-08-30},
journal = {arXiv preprint arXiv:1907.07768},
abstract = {We present a new machine learning and text information extraction approach to detection of cyber threat events in Twitter that are novel (previously non-extant) and developing (marked by significance with respect to similarity with a previously detected event). While some existing approaches to event detection measure novelty and trendiness, typically as independent criteria and occasionally as a holistic measure, this work focuses on detecting both novel and developing events using an unsupervised machine learning approach. Furthermore, our proposed approach enables the ranking of cyber threat events based on an importance score by extracting the tweet terms that are characterized as named entities, keywords, or both. We also impute influence to users in order to assign a weighted score to noun phrases in proportion to user influence and the corresponding event scores for named entities and keywords. To evaluate the performance of our proposed approach, we measure the efficiency and detection error rate for events over a specified time interval, relative to human annotator ground truth.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We present a new machine learning and text information extraction approach to detection of cyber threat events in Twitter that are novel (previously non-extant) and developing (marked by significance with respect to similarity with a previously detected event). While some existing approaches to event detection measure novelty and trendiness, typically as independent criteria and occasionally as a holistic measure, this work focuses on detecting both novel and developing events using an unsupervised machine learning approach. Furthermore, our proposed approach enables the ranking of cyber threat events based on an importance score by extracting the tweet terms that are characterized as named entities, keywords, or both. We also impute influence to users in order to assign a weighted score to noun phrases in proportion to user influence and the corresponding event scores for named entities and keywords. To evaluate the performance of our proposed approach, we measure the efficiency and detection error rate for events over a specified time interval, relative to human annotator ground truth.
2019
Behzadan, Vahid; Hsu, William
Rl-based method for benchmarking the adversarial resilience and robustness of deep reinforcement learning policies Journal Article
In: arXiv preprint arXiv:1906.01110, 2019.
Abstract | Links | BibTeX | Tags:
@article{behzadan2019rl,
title = {Rl-based method for benchmarking the adversarial resilience and robustness of deep reinforcement learning policies},
author = {Behzadan, Vahid and Hsu , William },
doi = {10.1007/978-3-030-26250-1_25},
year = {2019},
date = {2019-08-09},
urldate = {2019-08-09},
journal = {arXiv preprint arXiv:1906.01110},
abstract = {This paper investigates the resilience and robustness of Deep Reinforcement Learning (DRL) policies to adversarial perturbations in the state space. We first present an approach for the disentanglement of vulnerabilities caused by representation learning of DRL agents from those that stem from the sensitivity of the DRL policies to distributional shifts in state transitions. Building on this approach, we propose two RL-based techniques for quantitative benchmarking of adversarial resilience and robustness in DRL policies against perturbations of state transitions. We demonstrate the feasibility of our proposals through experimental evaluation of resilience and robustness in DQN, A2C, and PPO2 policies trained in the Cartpole environment.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper investigates the resilience and robustness of Deep Reinforcement Learning (DRL) policies to adversarial perturbations in the state space. We first present an approach for the disentanglement of vulnerabilities caused by representation learning of DRL agents from those that stem from the sensitivity of the DRL policies to distributional shifts in state transitions. Building on this approach, we propose two RL-based techniques for quantitative benchmarking of adversarial resilience and robustness in DRL policies against perturbations of state transitions. We demonstrate the feasibility of our proposals through experimental evaluation of resilience and robustness in DQN, A2C, and PPO2 policies trained in the Cartpole environment.
Behzadan, Vahid; Hsu, William
Adversarial exploitation of policy imitation Journal Article
In: arXiv preprint arXiv:1906.01121, 2019.
Abstract | Links | BibTeX | Tags:
@article{behzadan2019adversarial,
title = {Adversarial exploitation of policy imitation},
author = {Behzadan, Vahid and Hsu , William },
doi = { https://doi.org/10.48550/arXiv.1906.01121},
year = {2019},
date = {2019-06-03},
urldate = {2019-06-03},
journal = {arXiv preprint arXiv:1906.01121},
abstract = {This paper investigates a class of attacks targeting the confidentiality aspect of security in Deep Reinforcement Learning (DRL) policies. Recent research have established the vulnerability of supervised machine learning models (e.g., classifiers) to model extraction attacks. Such attacks leverage the loosely-restricted ability of the attacker to iteratively query the model for labels, thereby allowing for the forging of a labeled dataset which can be used to train a replica of the original model. In this work, we demonstrate the feasibility of exploiting imitation learning techniques in launching model extraction attacks on DRL agents. Furthermore, we develop proof-of-concept attacks that leverage such techniques for black-box attacks against the integrity of DRL policies. We also present a discussion on potential solution concepts for mitigation techniques.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper investigates a class of attacks targeting the confidentiality aspect of security in Deep Reinforcement Learning (DRL) policies. Recent research have established the vulnerability of supervised machine learning models (e.g., classifiers) to model extraction attacks. Such attacks leverage the loosely-restricted ability of the attacker to iteratively query the model for labels, thereby allowing for the forging of a labeled dataset which can be used to train a replica of the original model. In this work, we demonstrate the feasibility of exploiting imitation learning techniques in launching model extraction attacks on DRL agents. Furthermore, we develop proof-of-concept attacks that leverage such techniques for black-box attacks against the integrity of DRL policies. We also present a discussion on potential solution concepts for mitigation techniques.
Behzadan, Vahid; Hsu, William
Analysis and improvement of adversarial training in DQN agents with adversarially-guided exploration (AGE) Journal Article
In: arXiv preprint arXiv:1906.01119, 2019.
Abstract | Links | BibTeX | Tags:
@article{behzadan2019analysis,
title = {Analysis and improvement of adversarial training in DQN agents with adversarially-guided exploration (AGE)},
author = {Behzadan, Vahid and Hsu , William },
doi = { https://doi.org/10.48550/arXiv.1906.01119},
year = {2019},
date = {2019-06-03},
urldate = {2019-01-01},
journal = {arXiv preprint arXiv:1906.01119},
abstract = {This paper investigates the effectiveness of adversarial training in enhancing the robustness of Deep Q-Network (DQN) policies to state-space perturbations. We first present a formal analysis of adversarial training in DQN agents and its performance with respect to the proportion of adversarial perturbations to nominal observations used for training. Next, we consider the sample-inefficiency of current adversarial training techniques, and propose a novel Adversarially-Guided Exploration (AGE) mechanism based on a modified hybrid of the ϵ-greedy algorithm and Boltzmann exploration. We verify the feasibility of this exploration mechanism through experimental evaluation of its performance in comparison with the traditional decaying ϵ-greedy and parameter-space noise exploration algorithms.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper investigates the effectiveness of adversarial training in enhancing the robustness of Deep Q-Network (DQN) policies to state-space perturbations. We first present a formal analysis of adversarial training in DQN agents and its performance with respect to the proportion of adversarial perturbations to nominal observations used for training. Next, we consider the sample-inefficiency of current adversarial training techniques, and propose a novel Adversarially-Guided Exploration (AGE) mechanism based on a modified hybrid of the ϵ-greedy algorithm and Boltzmann exploration. We verify the feasibility of this exploration mechanism through experimental evaluation of its performance in comparison with the traditional decaying ϵ-greedy and parameter-space noise exploration algorithms.
Hahn, Dalton; Munir, Arslan; Behzadan, Vahid
Security and privacy issues in intelligent transportation systems: Classification and challenges Journal Article
In: IEEE Intell. Transp. Syst, 2019.
Abstract | Links | BibTeX | Tags:
@article{hahn2019security,
title = {Security and privacy issues in intelligent transportation systems: Classification and challenges},
author = {Hahn, Dalton and Munir , Arslan and Behzadan , Vahid },
doi = {10.1109/MITS.2019.2898973},
year = {2019},
date = {2019-04-11},
urldate = {2019-01-01},
journal = {IEEE Intell. Transp. Syst},
abstract = {Intelligent Transportation Systems (ITS) aim at integrating sensing, control, analysis, and communication technologies into travel infrastructure and transportation to improve mobility, comfort, safety, and efficiency. Car manufacturers are continuously creating smarter vehicles, and advancements in roadways and infrastructure are changing the feel of travel. Traveling is becoming more efficient and reliable with a range of novel technologies, and research and development in ITS. Safer vehicles are introduced every year with greater considerations for passenger and pedestrian safety, nevertheless, the new technology and increasing connectivity in ITS present unique attack vectors for malicious actors. Smart cities with connected public transportation systems introduce new privacy concerns with the data collected about passengers and their travel habits. In this paper, we provide a comprehensive classification of security and privacy vulnerabilities in ITS. Furthermore, we discuss challenges in addressing security and privacy issues in ITS and contemplate potential mitigation techniques. Finally, we highlight future research directions to make ITS more safe, secure, and privacy-preserving.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Intelligent Transportation Systems (ITS) aim at integrating sensing, control, analysis, and communication technologies into travel infrastructure and transportation to improve mobility, comfort, safety, and efficiency. Car manufacturers are continuously creating smarter vehicles, and advancements in roadways and infrastructure are changing the feel of travel. Traveling is becoming more efficient and reliable with a range of novel technologies, and research and development in ITS. Safer vehicles are introduced every year with greater considerations for passenger and pedestrian safety, nevertheless, the new technology and increasing connectivity in ITS present unique attack vectors for malicious actors. Smart cities with connected public transportation systems introduce new privacy concerns with the data collected about passengers and their travel habits. In this paper, we provide a comprehensive classification of security and privacy vulnerabilities in ITS. Furthermore, we discuss challenges in addressing security and privacy issues in ITS and contemplate potential mitigation techniques. Finally, we highlight future research directions to make ITS more safe, secure, and privacy-preserving.
Behzadan, Vahid; Minton, James; Munir, Arslan
Proceedings of the 2019 AAAI/ACM Conference on AI, Ethics, and Society, ACM 2019.
Abstract | Links | BibTeX | Tags:
@conference{behzadan2019trolleymod,
title = {TrolleyMod v1.0: An Open-Source Simulation and Data-Collection Platform for Ethical Decision Making in Autonomous Vehicles},
author = {Behzadan, Vahid and Minton , James and Munir , Arslan },
doi = {https://doi.org/10.1145/3306618.3314239},
year = {2019},
date = {2019-01-27},
urldate = {2019-01-27},
booktitle = {Proceedings of the 2019 AAAI/ACM Conference on AI, Ethics, and Society},
pages = {391--395},
organization = {ACM},
abstract = {This paper presents TrolleyMod v1.0, an open-source platform based on the CARLA simulator for the collection of ethical decision-making data for autonomous vehicles. This platform is designed to facilitate experiments aiming to observe and record human decisions and actions in high-fidelity simulations of ethical dilemmas that occur in the context of driving. Targeting experiments in the class of trolley problems, TrolleyMod provides a seamless approach to creating new experimental settings and environments with the realistic physics-engine and the high-quality graphical capabilities of CARLA and the Unreal Engine. Also, TrolleyMod provides a straightforward interface between the CARLA environment and Python to enable the implementation of custom controllers, such as deep reinforcement learning agents. The results of such experiments can be used for sociological analyses, as well as the training and tuning of value-aligned autonomous vehicles based on social values that are inferred from observations.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
This paper presents TrolleyMod v1.0, an open-source platform based on the CARLA simulator for the collection of ethical decision-making data for autonomous vehicles. This platform is designed to facilitate experiments aiming to observe and record human decisions and actions in high-fidelity simulations of ethical dilemmas that occur in the context of driving. Targeting experiments in the class of trolley problems, TrolleyMod provides a seamless approach to creating new experimental settings and environments with the realistic physics-engine and the high-quality graphical capabilities of CARLA and the Unreal Engine. Also, TrolleyMod provides a straightforward interface between the CARLA environment and Python to enable the implementation of custom controllers, such as deep reinforcement learning agents. The results of such experiments can be used for sociological analyses, as well as the training and tuning of value-aligned autonomous vehicles based on social values that are inferred from observations.
Behzadan, Vahid; Hsu, William
Sequential Triggers for Watermarking of Deep Reinforcement Learning Policies Journal Article
In: arXiv preprint arXiv:1906.01126, 2019.
@article{behzadan2019sequential,
title = {Sequential Triggers for Watermarking of Deep Reinforcement Learning Policies},
author = {Behzadan , Vahid and Hsu , William },
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
journal = {arXiv preprint arXiv:1906.01126},
abstract = {This paper proposes a novel scheme for the watermarking of Deep Reinforcement Learning (DRL) policies. This scheme provides a mechanism for the integration of a unique identifier within the policy in the form of its response to a designated sequence of state transitions, while incurring minimal impact on the nominal performance of the policy. The applications of this watermarking scheme include detection of unauthorized replications of proprietary policies, as well as enabling the graceful interruption or termination of DRL activities by authorized entities. We demonstrate the feasibility of our proposal via experimental evaluation of watermarking a DQN policy trained in the Cartpole environment.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper proposes a novel scheme for the watermarking of Deep Reinforcement Learning (DRL) policies. This scheme provides a mechanism for the integration of a unique identifier within the policy in the form of its response to a designated sequence of state transitions, while incurring minimal impact on the nominal performance of the policy. The applications of this watermarking scheme include detection of unauthorized replications of proprietary policies, as well as enabling the graceful interruption or termination of DRL activities by authorized entities. We demonstrate the feasibility of our proposal via experimental evaluation of watermarking a DQN policy trained in the Cartpole environment.
Behzadan, Vahid
Security of Deep Reinforcement Learning PhD Thesis
2019.
@phdthesis{behzadan2019security,
title = {Security of Deep Reinforcement Learning},
author = {Behzadan, Vahid },
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
abstract = {Since the inception of Deep Reinforcement Learning (DRL) algorithms, there has been
a growing interest from both the research and the industrial communities in the promising
potentials of this paradigm. The list of current and envisioned applications of deep RL
ranges from autonomous navigation and robotics to control applications in the critical infrastructure, air traffic control, defense technologies, and cybersecurity. While the landscape
of opportunities and the advantages of deep RL algorithms are justifiably vast, the security
risks and issues in such algorithms remain largely unexplored. It has been shown that DRL
algorithms are very brittle in terms of their sensitivity to small perturbations of their observations of the state. Furthermore, recent reports demonstrate that such perturbations can
be applied by an adversary to manipulate the performance and behavior of DRL agents. To
address such problems, this dissertation aims to advance the current state of the art in three
separate, but interdependent directions. First, I build on the recent developments in adversarial machine learning and robust reinforcement learning to develop techniques and metrics
for evaluating the resilience and robustness of DRL agents to adversarial perturbations applied to the observations of state transitions. A main objective of this task is to disentangle
the vulnerabilities in the learned representation of state from those that stem from the sensitivity of DRL policies to changes in transition dynamics. A further objective is to investigate
evaluation methods that are independent of attack techniques and their specific parameters.
Accordingly, I develop two DRL-based algorithms that enable the quantitative measurement
and benchmarking of worst-case resilience and robustness in DRL policies. Second, I present
an analysis of adversarial training as a solution to the brittleness of Deep Q-Network (DQN)
policies, and investigate the impact of hyperparameters on the training-time resilience of
policies. I also propose a new exploration mechanism for sample-efficient adversarial training of DRL agents. Third, I address the previously unexplored problem of model extraction
attacks on DRL agents. Accordingly, I demonstrate that imitation learning techniques can
be used to effectively replicate a DRL policy from observations of its behavior. Moreover,
I establish that the replicated policies can be used to launch effective black-box adversarial
attacks through the transferability of adversarial examples. Lastly, I address the problem of
detecting replicated models by developing a novel technique for embedding sequential watermarks in DRL policies. The dissertation concludes with remarks on the remaining challenges
and future directions of research in emerging domain of DRL security},
keywords = {},
pubstate = {published},
tppubtype = {phdthesis}
}
Since the inception of Deep Reinforcement Learning (DRL) algorithms, there has been
a growing interest from both the research and the industrial communities in the promising
potentials of this paradigm. The list of current and envisioned applications of deep RL
ranges from autonomous navigation and robotics to control applications in the critical infrastructure, air traffic control, defense technologies, and cybersecurity. While the landscape
of opportunities and the advantages of deep RL algorithms are justifiably vast, the security
risks and issues in such algorithms remain largely unexplored. It has been shown that DRL
algorithms are very brittle in terms of their sensitivity to small perturbations of their observations of the state. Furthermore, recent reports demonstrate that such perturbations can
be applied by an adversary to manipulate the performance and behavior of DRL agents. To
address such problems, this dissertation aims to advance the current state of the art in three
separate, but interdependent directions. First, I build on the recent developments in adversarial machine learning and robust reinforcement learning to develop techniques and metrics
for evaluating the resilience and robustness of DRL agents to adversarial perturbations applied to the observations of state transitions. A main objective of this task is to disentangle
the vulnerabilities in the learned representation of state from those that stem from the sensitivity of DRL policies to changes in transition dynamics. A further objective is to investigate
evaluation methods that are independent of attack techniques and their specific parameters.
Accordingly, I develop two DRL-based algorithms that enable the quantitative measurement
and benchmarking of worst-case resilience and robustness in DRL policies. Second, I present
an analysis of adversarial training as a solution to the brittleness of Deep Q-Network (DQN)
policies, and investigate the impact of hyperparameters on the training-time resilience of
policies. I also propose a new exploration mechanism for sample-efficient adversarial training of DRL agents. Third, I address the previously unexplored problem of model extraction
attacks on DRL agents. Accordingly, I demonstrate that imitation learning techniques can
be used to effectively replicate a DRL policy from observations of its behavior. Moreover,
I establish that the replicated policies can be used to launch effective black-box adversarial
attacks through the transferability of adversarial examples. Lastly, I address the problem of
detecting replicated models by developing a novel technique for embedding sequential watermarks in DRL policies. The dissertation concludes with remarks on the remaining challenges
and future directions of research in emerging domain of DRL security
a growing interest from both the research and the industrial communities in the promising
potentials of this paradigm. The list of current and envisioned applications of deep RL
ranges from autonomous navigation and robotics to control applications in the critical infrastructure, air traffic control, defense technologies, and cybersecurity. While the landscape
of opportunities and the advantages of deep RL algorithms are justifiably vast, the security
risks and issues in such algorithms remain largely unexplored. It has been shown that DRL
algorithms are very brittle in terms of their sensitivity to small perturbations of their observations of the state. Furthermore, recent reports demonstrate that such perturbations can
be applied by an adversary to manipulate the performance and behavior of DRL agents. To
address such problems, this dissertation aims to advance the current state of the art in three
separate, but interdependent directions. First, I build on the recent developments in adversarial machine learning and robust reinforcement learning to develop techniques and metrics
for evaluating the resilience and robustness of DRL agents to adversarial perturbations applied to the observations of state transitions. A main objective of this task is to disentangle
the vulnerabilities in the learned representation of state from those that stem from the sensitivity of DRL policies to changes in transition dynamics. A further objective is to investigate
evaluation methods that are independent of attack techniques and their specific parameters.
Accordingly, I develop two DRL-based algorithms that enable the quantitative measurement
and benchmarking of worst-case resilience and robustness in DRL policies. Second, I present
an analysis of adversarial training as a solution to the brittleness of Deep Q-Network (DQN)
policies, and investigate the impact of hyperparameters on the training-time resilience of
policies. I also propose a new exploration mechanism for sample-efficient adversarial training of DRL agents. Third, I address the previously unexplored problem of model extraction
attacks on DRL agents. Accordingly, I demonstrate that imitation learning techniques can
be used to effectively replicate a DRL policy from observations of its behavior. Moreover,
I establish that the replicated policies can be used to launch effective black-box adversarial
attacks through the transferability of adversarial examples. Lastly, I address the problem of
detecting replicated models by developing a novel technique for embedding sequential watermarks in DRL policies. The dissertation concludes with remarks on the remaining challenges
and future directions of research in emerging domain of DRL security
2018
Behzadan, Vahid; Munir, Arslan; V. Yampolskiy, Roman
A psychopathological approach to safety engineering in ai and agi Conference
International Conference on Computer Safety, Reliability, and Security, Springer, Cham 2018.
Abstract | Links | BibTeX | Tags:
@conference{behzadan2018psychopathological,
title = {A psychopathological approach to safety engineering in ai and agi},
author = {Behzadan, Vahid and Munir , Arslan and V. Yampolskiy , Roman },
doi = {10.1007/978-3-319-99229-7_46},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {International Conference on Computer Safety, Reliability, and Security},
pages = {513--520},
organization = {Springer, Cham},
abstract = {The complexity of dynamics in AI techniques is already approaching that of complex adaptive systems, thus curtailing the feasibility of formal controllability and reachability analysis in the context of AI safety. It follows that the envisioned instances of Artificial General Intelligence (AGI) will also suffer from challenges of complexity. To tackle such issues, we propose the modeling of deleterious behaviors in AI and AGI as psychological disorders, thereby enabling the employment of psychopathological approaches to analysis and control of misbehaviors. Accordingly, we present a discussion on the feasibility of the psychopathological approaches to AI safety, and propose general directions for research on modeling, diagnosis, and treatment of psychological disorders in AGI.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
The complexity of dynamics in AI techniques is already approaching that of complex adaptive systems, thus curtailing the feasibility of formal controllability and reachability analysis in the context of AI safety. It follows that the envisioned instances of Artificial General Intelligence (AGI) will also suffer from challenges of complexity. To tackle such issues, we propose the modeling of deleterious behaviors in AI and AGI as psychological disorders, thereby enabling the employment of psychopathological approaches to analysis and control of misbehaviors. Accordingly, we present a discussion on the feasibility of the psychopathological approaches to AI safety, and propose general directions for research on modeling, diagnosis, and treatment of psychological disorders in AGI.
Papernot, Nicolas; Faghri, Fartash; Carlini, Nicholas; Goodfellow, Ian; Feinman, Reuben; Kurakin, Alexey; Xie et al, Cihang
Technical report on the cleverhans v2. 1.0 adversarial examples library Journal Article
In: arXiv preprint arXiv:1610.00768v6, vol. 10, 2018.
Abstract | Links | BibTeX | Tags:
@article{papernot2018technical,
title = {Technical report on the cleverhans v2. 1.0 adversarial examples library},
author = {Papernot, Nicolas and Faghri , Fartash and Carlini , Nicholas and Goodfellow , Ian and Feinman , Reuben and Kurakin , Alexey and Xie et al , Cihang },
doi = { https://doi.org/10.48550/arXiv.1610.00768},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {arXiv preprint arXiv:1610.00768v6},
volume = {10},
abstract = {CleverHans is a software library that provides standardized reference implementations of adversarial example construction techniques and adversarial training. The library may be used to develop more robust machine learning models and to provide standardized benchmarks of models' performance in the adversarial setting. Benchmarks constructed without a standardized implementation of adversarial example construction are not comparable to each other, because a good result may indicate a robust model or it may merely indicate a weak implementation of the adversarial example construction procedure.
This technical report is structured as follows. Section 1 provides an overview of adversarial examples in machine learning and of the CleverHans software. Section 2 presents the core functionalities of the library: namely the attacks based on adversarial examples and defenses to improve the robustness of machine learning models to these attacks. Section 3 describes how to report benchmark results using the library. Section 4 describes the versioning system.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
CleverHans is a software library that provides standardized reference implementations of adversarial example construction techniques and adversarial training. The library may be used to develop more robust machine learning models and to provide standardized benchmarks of models’ performance in the adversarial setting. Benchmarks constructed without a standardized implementation of adversarial example construction are not comparable to each other, because a good result may indicate a robust model or it may merely indicate a weak implementation of the adversarial example construction procedure.
This technical report is structured as follows. Section 1 provides an overview of adversarial examples in machine learning and of the CleverHans software. Section 2 presents the core functionalities of the library: namely the attacks based on adversarial examples and defenses to improve the robustness of machine learning models to these attacks. Section 3 describes how to report benchmark results using the library. Section 4 describes the versioning system.
This technical report is structured as follows. Section 1 provides an overview of adversarial examples in machine learning and of the CleverHans software. Section 2 presents the core functionalities of the library: namely the attacks based on adversarial examples and defenses to improve the robustness of machine learning models to these attacks. Section 3 describes how to report benchmark results using the library. Section 4 describes the versioning system.
Behzadan, Vahid; Munir, Arslan
Adversarial reinforcement learning framework for benchmarking collision avoidance mechanisms in autonomous vehicles Journal Article
In: IEEE Intelligent Transportation Systems Magazine ( Volume: 13, Issue: 2, Summer 2021), 2018.
@article{behzadan2018adversarial,
title = {Adversarial reinforcement learning framework for benchmarking collision avoidance mechanisms in autonomous vehicles},
author = {Behzadan, Vahid and Munir ,Arslan },
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {IEEE Intelligent Transportation Systems Magazine ( Volume: 13, Issue: 2, Summer 2021)},
abstract = {With the rapidly growing interest in autonomous navigation, the body of research on motion planning and collision avoidance techniques has enjoyed an accelerating rate of novel proposals and developments. However, the complexity of new techniques and their safety requirements render the bulk of current benchmarking frameworks inadequate, thus leaving the need for efficient comparison techniques unanswered. This work proposes a novel framework based on deep reinforcement learning for benchmarking the behavior of collision avoidance mechanisms under the worst-case scenario of dealing with an optimal adversarial agent, trained to drive the system into unsafe states. We describe the architecture and flow of this framework as a benchmarking solution, and demonstrate its efficacy via a practical case study of comparing the reliability of two collision avoidance mechanisms in response to adversarial attempts to cause collisions.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
With the rapidly growing interest in autonomous navigation, the body of research on motion planning and collision avoidance techniques has enjoyed an accelerating rate of novel proposals and developments. However, the complexity of new techniques and their safety requirements render the bulk of current benchmarking frameworks inadequate, thus leaving the need for efficient comparison techniques unanswered. This work proposes a novel framework based on deep reinforcement learning for benchmarking the behavior of collision avoidance mechanisms under the worst-case scenario of dealing with an optimal adversarial agent, trained to drive the system into unsafe states. We describe the architecture and flow of this framework as a benchmarking solution, and demonstrate its efficacy via a practical case study of comparing the reliability of two collision avoidance mechanisms in response to adversarial attempts to cause collisions.
Behzadan, Vahid; Munir, Arslan
Mitigation of policy manipulation attacks on deep q-networks with parameter-space noise Conference
International Conference on Computer Safety, Reliability, and Security, Springer, Cham 2018.
@conference{behzadan2018mitigation,
title = {Mitigation of policy manipulation attacks on deep q-networks with parameter-space noise},
author = {Behzadan, Vahid and Munir , Arslan },
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {International Conference on Computer Safety, Reliability, and Security},
pages = {406--417},
organization = {Springer, Cham},
abstract = {Recent developments establish the vulnerability of deep reinforcement learning to policy manipulation attack. In this work, we propose a technique for mitigation of such attacks based on addition of noise to the parameter space of deep reinforcement learners during training. We experimentally verify the effect of parameter-space noise in reducing the transferability of adversarial examples, and demonstrate the promising performance of this technique in mitigating the impact of whitebox and blackbox attacks at both test and training times.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Recent developments establish the vulnerability of deep reinforcement learning to policy manipulation attack. In this work, we propose a technique for mitigation of such attacks based on addition of noise to the parameter space of deep reinforcement learners during training. We experimentally verify the effect of parameter-space noise in reducing the transferability of adversarial examples, and demonstrate the promising performance of this technique in mitigating the impact of whitebox and blackbox attacks at both test and training times.
Behzadan, Vahid; Munir, Arslan
The faults in our pi stars: Security issues and open challenges in deep reinforcement learning Journal Article
In: arXiv preprint arXiv:1810.10369, 2018.
@article{behzadan2018faults,
title = {The faults in our pi stars: Security issues and open challenges in deep reinforcement learning},
author = {Behzadan, Vahid and Munir , Arslan },
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {arXiv preprint arXiv:1810.10369},
abstract = {Since the inception of Deep Reinforcement Learning (DRL) algorithms, there has been a growing interest in both research and industrial communities in the promising potentials of this paradigm. The list of current and envisioned applications of deep RL ranges from autonomous navigation and robotics to control applications in the critical infrastructure, air traffic control, defense technologies, and cybersecurity. While the landscape of opportunities and the advantages of deep RL algorithms are justifiably vast, the security risks and issues in such algorithms remain largely unexplored. To facilitate and motivate further research on these critical challenges, this paper presents a foundational treatment of the security problem in DRL. We formulate the security requirements of DRL, and provide a high-level threat model through the classification and identification of vulnerabilities, attack vectors, and adversarial capabilities. Furthermore, we present a review of current literature on security of deep RL from both offensive and defensive perspectives. Lastly, we enumerate critical research venues and open problems in mitigation and prevention of intentional attacks against deep RL as a roadmap for further research in this area.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Since the inception of Deep Reinforcement Learning (DRL) algorithms, there has been a growing interest in both research and industrial communities in the promising potentials of this paradigm. The list of current and envisioned applications of deep RL ranges from autonomous navigation and robotics to control applications in the critical infrastructure, air traffic control, defense technologies, and cybersecurity. While the landscape of opportunities and the advantages of deep RL algorithms are justifiably vast, the security risks and issues in such algorithms remain largely unexplored. To facilitate and motivate further research on these critical challenges, this paper presents a foundational treatment of the security problem in DRL. We formulate the security requirements of DRL, and provide a high-level threat model through the classification and identification of vulnerabilities, attack vectors, and adversarial capabilities. Furthermore, we present a review of current literature on security of deep RL from both offensive and defensive perspectives. Lastly, we enumerate critical research venues and open problems in mitigation and prevention of intentional attacks against deep RL as a roadmap for further research in this area.
Behzadan, Vahid; V. Yampolskiy, Roman; Munir, Arslan
Emergence of addictive behaviors in reinforcement learning agents Journal Article
In: arXiv preprint arXiv:1811.05590, 2018.
Abstract | Links | BibTeX | Tags:
@article{behzadan2018emergence,
title = {Emergence of addictive behaviors in reinforcement learning agents},
author = {Behzadan, Vahid and V. Yampolskiy , Roman and Munir , Arslan },
doi = { https://doi.org/10.48550/arXiv.1811.05590},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
journal = {arXiv preprint arXiv:1811.05590},
abstract = {This paper presents a novel approach to the technical analysis of wireheading in intelligent agents. Inspired by the natural analogues of wireheading and their prevalent manifestations, we propose the modeling of such phenomenon in Reinforcement Learning (RL) agents as psychological disorders. In a preliminary step towards evaluating this proposal, we study the feasibility and dynamics of emergent addictive policies in Q-learning agents in the tractable environment of the game of Snake. We consider a slightly modified settings for this game, in which the environment provides a "drug" seed alongside the original "healthy" seed for the consumption of the snake. We adopt and extend an RL-based model of natural addiction to Q-learning agents in this settings, and derive sufficient parametric conditions for the emergence of addictive behaviors in such agents. Furthermore, we evaluate our theoretical analysis with three sets of simulation-based experiments. The results demonstrate the feasibility of addictive wireheading in RL agents, and provide promising venues of further research on the psychopathological modeling of complex AI safety problems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This paper presents a novel approach to the technical analysis of wireheading in intelligent agents. Inspired by the natural analogues of wireheading and their prevalent manifestations, we propose the modeling of such phenomenon in Reinforcement Learning (RL) agents as psychological disorders. In a preliminary step towards evaluating this proposal, we study the feasibility and dynamics of emergent addictive policies in Q-learning agents in the tractable environment of the game of Snake. We consider a slightly modified settings for this game, in which the environment provides a "drug" seed alongside the original "healthy" seed for the consumption of the snake. We adopt and extend an RL-based model of natural addiction to Q-learning agents in this settings, and derive sufficient parametric conditions for the emergence of addictive behaviors in such agents. Furthermore, we evaluate our theoretical analysis with three sets of simulation-based experiments. The results demonstrate the feasibility of addictive wireheading in RL agents, and provide promising venues of further research on the psychopathological modeling of complex AI safety problems.
Behzadan, Vahid; Munir, Arslan
Adversarial Exploitation of Emergent Dynamics in Smart Cities Conference
IEEE 2018 IEEE International Smart Cities Conference (ISC2), 2018.
Abstract | Links | BibTeX | Tags:
@conference{behzadan2018adversarialb,
title = {Adversarial Exploitation of Emergent Dynamics in Smart Cities},
author = {Behzadan, Vahid and Munir , Arslan },
doi = {10.1109/ISC2.2018.8656789},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
pages = {1--8},
publisher = {2018 IEEE International Smart Cities Conference (ISC2)},
organization = {IEEE},
abstract = {We investigate the paradigm of adversarial attacks that target the emergent dynamics of Complex Adaptive Smart Cities (CASCs). To facilitate the analysis of such attacks, we develop quantitative definitions and metrics of attack, vulnerability, and resilience in the context of CASC security. Furthermore, we propose multiple schemes for classification of attack surfaces and vectors in CASC, complemented with examples of practical attacks. Building on this foundation, we propose a framework based on reinforcement learning for simulation and analysis of such attacks on CASC, and demonstrate its performance through two real-world case studies of targeting power grids and traffic management systems. We also remark on future research directions in analysis and design of secure smart cities and complex adaptive systems.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
We investigate the paradigm of adversarial attacks that target the emergent dynamics of Complex Adaptive Smart Cities (CASCs). To facilitate the analysis of such attacks, we develop quantitative definitions and metrics of attack, vulnerability, and resilience in the context of CASC security. Furthermore, we propose multiple schemes for classification of attack surfaces and vectors in CASC, complemented with examples of practical attacks. Building on this foundation, we propose a framework based on reinforcement learning for simulation and analysis of such attacks on CASC, and demonstrate its performance through two real-world case studies of targeting power grids and traffic management systems. We also remark on future research directions in analysis and design of secure smart cities and complex adaptive systems.
Behzadan, Vahid; Aguirre, Carlos; Bose, Avishek; Hsu, William
Corpus and Deep Learning Classifier for Collection of Cyber Threat Indicators in Twitter Stream Conference
2018 IEEE International Conference on Big Data (Big Data), IEEE 2018 IEEE International Conference on Big Data (Big Data), 2018.
Abstract | Links | BibTeX | Tags:
@conference{behzadan2018corpus,
title = {Corpus and Deep Learning Classifier for Collection of Cyber Threat Indicators in Twitter Stream},
author = {Behzadan, Vahid and Aguirre ,Carlos and Bose , Avishek and Hsu ,William },
doi = {10.1109/BigData.2018.8622506},
year = {2018},
date = {2018-01-01},
urldate = {2018-01-01},
booktitle = {2018 IEEE International Conference on Big Data (Big Data)},
pages = {5002--5007},
publisher = {2018 IEEE International Conference on Big Data (Big Data)},
organization = {IEEE},
abstract = {This paper presents a framework for detection and classification of cyber threat indicators in the Twitter stream. Contrary to the bulk of similar proposals that rely on manually-designed heuristics and keywordbased filtering of tweets, our framework provides a data-driven approach for modeling and classification of tweets that are related to cybersecurity events. We present a cascaded Convolutional Neural Network (CNN) architecture, comprised of a binary classifier for detection of cyber-related tweets, and a multi-class model for the classification of cyber-related tweets into multiple types of cyber threats. Furthermore, we present an open-source dataset of 21000 annotated cyber-related tweets to facilitate the validation and further research in this area.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
This paper presents a framework for detection and classification of cyber threat indicators in the Twitter stream. Contrary to the bulk of similar proposals that rely on manually-designed heuristics and keywordbased filtering of tweets, our framework provides a data-driven approach for modeling and classification of tweets that are related to cybersecurity events. We present a cascaded Convolutional Neural Network (CNN) architecture, comprised of a binary classifier for detection of cyber-related tweets, and a multi-class model for the classification of cyber-related tweets into multiple types of cyber threats. Furthermore, we present an open-source dataset of 21000 annotated cyber-related tweets to facilitate the validation and further research in this area.
2017
Behzadan, Vahid; Munir, Arslan
Vulnerability of deep reinforcement learning to policy induction attacks Proceedings Article
In: International Conference on Machine Learning and Data Mining in Pattern Recognition, pp. 262–275, Springer, Cham 2017.
Abstract | Links | BibTeX | Tags:
@inproceedings{behzadan2017vulnerability,
title = {Vulnerability of deep reinforcement learning to policy induction attacks},
author = {Behzadan, Vahid and Munir, Arslan },
doi = {10.1007/978-3-319-62416-7_19},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {International Conference on Machine Learning and Data Mining in Pattern Recognition},
pages = {262--275},
organization = {Springer, Cham},
abstract = {Deep learning classifiers are known to be inherently vulnerable to manipulation by intentionally perturbed inputs, named adversarial examples. In this work, we establish that reinforcement learning techniques based on Deep Q-Networks (DQNs) are also vulnerable to adversarial input perturbations, and verify the transferability of adversarial examples across different DQN models. Furthermore, we present a novel class of attacks based on this vulnerability that enable policy manipulation and induction in the learning process of DQNs. We propose an attack mechanism that exploits the transferability of adversarial examples to implement policy induction attacks on DQNs, and demonstrate its efficacy and impact through experimental study of a game-learning scenario.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Deep learning classifiers are known to be inherently vulnerable to manipulation by intentionally perturbed inputs, named adversarial examples. In this work, we establish that reinforcement learning techniques based on Deep Q-Networks (DQNs) are also vulnerable to adversarial input perturbations, and verify the transferability of adversarial examples across different DQN models. Furthermore, we present a novel class of attacks based on this vulnerability that enable policy manipulation and induction in the learning process of DQNs. We propose an attack mechanism that exploits the transferability of adversarial examples to implement policy induction attacks on DQNs, and demonstrate its efficacy and impact through experimental study of a game-learning scenario.
Behzadan, Vahid; Rekabdar, Banafsheh
A game-theoretic model for analysis and design of self-organization mechanisms in IoT Proceedings Article
In: International Conference on Game Theory for Networks, pp. 74–85, Springer, Cham 2017.
Abstract | Links | BibTeX | Tags:
@inproceedings{behzadan2017game,
title = {A game-theoretic model for analysis and design of self-organization mechanisms in IoT},
author = {Behzadan, Vahid and Rekabdar , Banafsheh },
url = {https://link.springer.com/chapter/10.1007/978-3-319-67540-4_7},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {International Conference on Game Theory for Networks},
pages = {74--85},
organization = {Springer, Cham},
abstract = {We propose a framework based on Network Formation Game for self-organization in the Internet of Things (IoT). In this framework, heterogeneous and multi-interface nodes are modeled as self-interested agents who individually decide on establishment and severance of links to other agents. Through analysis of the static game, we formally confirm the emergence of realistic topologies from our model, and analytically establish the criteria that lead to stable multi-hop network structures.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We propose a framework based on Network Formation Game for self-organization in the Internet of Things (IoT). In this framework, heterogeneous and multi-interface nodes are modeled as self-interested agents who individually decide on establishment and severance of links to other agents. Through analysis of the static game, we formally confirm the emergence of realistic topologies from our model, and analytically establish the criteria that lead to stable multi-hop network structures.
Behzadan, Vahid
Cyber-physical attacks on uas networks-challenges and open research problems Journal Article
In: arXiv preprint arXiv:1702.01251, 2017.
Abstract | Links | BibTeX | Tags:
@article{behzadan2017cyber,
title = {Cyber-physical attacks on uas networks-challenges and open research problems},
author = {Behzadan, Vahid },
url = {https://arxiv.org/abs/1702.01251},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
journal = {arXiv preprint arXiv:1702.01251},
abstract = {Assignment of critical missions to unmanned aerial vehicles (UAV) is bound to widen the grounds for adversarial intentions in the cyber domain, potentially ranging from disruption of command and control links to capture and use of airborne nodes for kinetic attacks. Ensuring the security of electronic and communications in multi-UAV systems is of paramount importance for their safe and reliable integration with military and civilian airspaces. Over the past decade, this active field of research has produced many notable studies and novel proposals for attacks and mitigation techniques in UAV networks. Yet, the generic modeling of such networks as typical MANETs and isolated systems has left various vulnerabilities out of the investigative focus of the research community. This paper aims to emphasize on some of the critical challenges in securing UAV networks against attacks targeting vulnerabilities specific to such systems and their cyber-physical aspects.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Assignment of critical missions to unmanned aerial vehicles (UAV) is bound to widen the grounds for adversarial intentions in the cyber domain, potentially ranging from disruption of command and control links to capture and use of airborne nodes for kinetic attacks. Ensuring the security of electronic and communications in multi-UAV systems is of paramount importance for their safe and reliable integration with military and civilian airspaces. Over the past decade, this active field of research has produced many notable studies and novel proposals for attacks and mitigation techniques in UAV networks. Yet, the generic modeling of such networks as typical MANETs and isolated systems has left various vulnerabilities out of the investigative focus of the research community. This paper aims to emphasize on some of the critical challenges in securing UAV networks against attacks targeting vulnerabilities specific to such systems and their cyber-physical aspects.
Behzadan, Vahid; Nourmohammadi, Amin; Gunes, Mehmet; Yuksel, Murat
On Fighting Fire with Fire: Strategic Destabilization of Terrorist Networks Proceedings Article
In: Proceedings of the 2017 $$IEEE/ACM$$ International Conference on Advances in Social Networks Analysis and Mining 2017, Sydney, Australia, July 31 – August 03, 2017, pp. 1120–1127, 2017.
Abstract | Links | BibTeX | Tags:
@inproceedings{behzadan2017fighting,
title = {On Fighting Fire with Fire: Strategic Destabilization of Terrorist Networks},
author = {Behzadan, Vahid and Nourmohammadi ,Amin and Gunes , Mehmet and Yuksel , Murat },
url = {https://dl.acm.org/doi/abs/10.1145/3110025.3119404},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
booktitle = {Proceedings of the 2017 $$IEEE/ACM$$ International Conference on Advances in Social Networks Analysis and Mining 2017, Sydney, Australia, July 31 - August 03, 2017},
pages = {1120--1127},
abstract = {Terrorist organizations have social networks that enable them to recruit and operate around the world. This paper presents a novel computational framework for derivation of optimal destabilization strategies against dynamic social networks of terrorists. We develop a game-theoretic model to capture the distributed and complex dynamics of terrorist organizations, and introduce a technique for estimation of such dynamics from incomplete snapshots of target networks. Furthermore, we propose a mechanism for devising the optimal sequence of actions that drive the internal dynamics of targeted organizations towards an arbitrary state of instability. The performance of this framework is evaluated on a model of the Al-Qaeda network in 2001, verifying the efficacy of our proposals for counter-terrorism applications.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Terrorist organizations have social networks that enable them to recruit and operate around the world. This paper presents a novel computational framework for derivation of optimal destabilization strategies against dynamic social networks of terrorists. We develop a game-theoretic model to capture the distributed and complex dynamics of terrorist organizations, and introduce a technique for estimation of such dynamics from incomplete snapshots of target networks. Furthermore, we propose a mechanism for devising the optimal sequence of actions that drive the internal dynamics of targeted organizations towards an arbitrary state of instability. The performance of this framework is evaluated on a model of the Al-Qaeda network in 2001, verifying the efficacy of our proposals for counter-terrorism applications.
Behzadan, Vahid; Munir, Arslan
Models and Framework for Adversarial Attacks on Complex Adaptive Systems Journal Article
In: arXiv preprint arXiv:1709.04137, 2017.
Abstract | Links | BibTeX | Tags:
@article{behzadan2017models,
title = {Models and Framework for Adversarial Attacks on Complex Adaptive Systems},
author = {Behzadan, Vahid and Munir , Arslan },
url = {https://arxiv.org/abs/1709.04137},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
journal = {arXiv preprint arXiv:1709.04137},
abstract = {We introduce the paradigm of adversarial attacks that target the dynamics of Complex Adaptive Systems (CAS). To facilitate the analysis of such attacks, we present multiple approaches to the modeling of CAS as dynamical, data-driven, and game-theoretic systems, and develop quantitative definitions of attack, vulnerability, and resilience in the context of CAS security. Furthermore, we propose a comprehensive set of schemes for classification of attacks and attack surfaces in CAS, complemented with examples of practical attacks. Building on this foundation, we propose a framework based on reinforcement learning for simulation and analysis of attacks on CAS, and demonstrate its performance through three real-world case studies of targeting power grids, destabilization of terrorist organizations, and manipulation of machine learning agents. We also discuss potential mitigation techniques, and remark on future research directions in analysis and design of secure complex adaptive systems.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
We introduce the paradigm of adversarial attacks that target the dynamics of Complex Adaptive Systems (CAS). To facilitate the analysis of such attacks, we present multiple approaches to the modeling of CAS as dynamical, data-driven, and game-theoretic systems, and develop quantitative definitions of attack, vulnerability, and resilience in the context of CAS security. Furthermore, we propose a comprehensive set of schemes for classification of attacks and attack surfaces in CAS, complemented with examples of practical attacks. Building on this foundation, we propose a framework based on reinforcement learning for simulation and analysis of attacks on CAS, and demonstrate its performance through three real-world case studies of targeting power grids, destabilization of terrorist organizations, and manipulation of machine learning agents. We also discuss potential mitigation techniques, and remark on future research directions in analysis and design of secure complex adaptive systems.
Behzadan, Vahid; Munir, Arslan
Whatever does not kill deep reinforcement learning, makes it stronger Journal Article
In: arXiv preprint arXiv:1712.09344, 2017.
Abstract | Links | BibTeX | Tags:
@article{behzadan2017whatever,
title = {Whatever does not kill deep reinforcement learning, makes it stronger},
author = {Behzadan, Vahid and Munir ,Arslan },
url = {https://arxiv.org/abs/1712.09344},
year = {2017},
date = {2017-01-01},
urldate = {2017-01-01},
journal = {arXiv preprint arXiv:1712.09344},
abstract = {Recent developments have established the vulnerability of deep Reinforcement Learning (RL) to policy manipulation attacks via adversarial perturbations. In this paper, we investigate the robustness and resilience of deep RL to training-time and test-time attacks. Through experimental results, we demonstrate that under noncontiguous training-time attacks, Deep Q-Network (DQN) agents can recover and adapt to the adversarial conditions by reactively adjusting the policy. Our results also show that policies learned under adversarial perturbations are more robust to test-time attacks. Furthermore, we compare the performance of ϵ-greedy and parameter-space noise exploration methods in terms of robustness and resilience against adversarial perturbations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Recent developments have established the vulnerability of deep Reinforcement Learning (RL) to policy manipulation attacks via adversarial perturbations. In this paper, we investigate the robustness and resilience of deep RL to training-time and test-time attacks. Through experimental results, we demonstrate that under noncontiguous training-time attacks, Deep Q-Network (DQN) agents can recover and adapt to the adversarial conditions by reactively adjusting the policy. Our results also show that policies learned under adversarial perturbations are more robust to test-time attacks. Furthermore, we compare the performance of ϵ-greedy and parameter-space noise exploration methods in terms of robustness and resilience against adversarial perturbations.
2016
Suman, Bhunia; Behzadan, Vahid; Alexandre Regis, Paulo; Sengupta, Shamik.
Adaptive beam nulling in multihop ad hoc networks against a jammer in motion Journal Article
In: Computer Networks, vol. 109, pp. 50–66, 2016.
Abstract | Links | BibTeX | Tags:
@article{bhunia2016adaptive,
title = {Adaptive beam nulling in multihop ad hoc networks against a jammer in motion},
author = {Suman , Bhunia and Behzadan, Vahid and Alexandre Regis, Paulo and Sengupta, Shamik .},
url = {https://www.sciencedirect.com/science/article/abs/pii/S1389128616302109},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {Computer Networks},
volume = {109},
pages = {50--66},
publisher = {Elsevier},
abstract = {In multihop ad hoc networks, a jammer can drastically disrupt the flow of information by intentionally interfering with links between a subset of nodes. The impact of such attacks can escalate when the jammer is moving. As a countermeasure for such attacks, adaptive beam-forming techniques can be employed for spatial filtering of the jamming signal. This paper investigates the performance of adaptive beam nulling as a mitigation technique against jamming attacks in multihop ad hoc networks. Considering a moving jammer, a distributed beam nulling framework is proposed. The framework uses periodic measurements of the RF environment to detect direction of arrival (DoA) of jamming signal and suppresses the signals arriving from the current and predicted locations of the jammer. Also, in the calculation of the nulled region, this framework considers and counters the effects of randomness in the mobility of the jammer, as well as errors in beam nulling and DoA measurements. Survivability of links and connectivity in such scenarios are studied by simulating various node distributions and different mobility patterns of the attacker. Also, the impact of errors in the estimation of DoA and beam-forming on the overall network performance is also examined. In comparison with an omnidirectional configuration, results indicate a 57.27% improvement in connectivity under jamming when the proposed framework is applied.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In multihop ad hoc networks, a jammer can drastically disrupt the flow of information by intentionally interfering with links between a subset of nodes. The impact of such attacks can escalate when the jammer is moving. As a countermeasure for such attacks, adaptive beam-forming techniques can be employed for spatial filtering of the jamming signal. This paper investigates the performance of adaptive beam nulling as a mitigation technique against jamming attacks in multihop ad hoc networks. Considering a moving jammer, a distributed beam nulling framework is proposed. The framework uses periodic measurements of the RF environment to detect direction of arrival (DoA) of jamming signal and suppresses the signals arriving from the current and predicted locations of the jammer. Also, in the calculation of the nulled region, this framework considers and counters the effects of randomness in the mobility of the jammer, as well as errors in beam nulling and DoA measurements. Survivability of links and connectivity in such scenarios are studied by simulating various node distributions and different mobility patterns of the attacker. Also, the impact of errors in the estimation of DoA and beam-forming on the overall network performance is also examined. In comparison with an omnidirectional configuration, results indicate a 57.27% improvement in connectivity under jamming when the proposed framework is applied.
Behzadan, Vahid
2016.
Abstract | Links | BibTeX | Tags:
@phdthesis{behzadan2016real,
title = {Real-time inference of topological structure and vulnerabilities for adaptive jamming against covert ad hoc networks},
author = {Behzadan, Vahid},
url = {https://www.proquest.com/openview/f295d3e61f5a4ce82112c1f28545a483/1?pq-origsite=gscholar&cbl=18750
},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
abstract = {With the emerging reliance of critical communications on ad hoc architectures, ensuring the security of such networks is paramount. Even though the independence
of ad hoc networks from a single point of failure is seen as an advantage, the distributed nature of ad hoc communications introduces a variety of complex security
problems. These problems are further intensified in mission critical networks deployed
in hostile environments such as modern battlefields, where analysis and disruption of
opponents’ wireless communications is an essential component of combat. Therefore,
resilience of network connectivity to disruption and concealment of communications
is a priority in design of critical ad hoc networks. To this end, various techniques have
been proposed for mitigation of disruptive attacks, the majority of which focus on
routing and upper layers of the protocol stack, while very few consider implementing
mitigation in the physical and link layers.
This thesis aims at demonstrating the vulnerability of covert ad hoc networks to
adaptive jamming attacks that rely only on physical layer parameters. A novel transmission timing analysis technique is proposed to estimate the existence of hop-to-hop
links based on the synchronicity of transmission timings in both time and frequency
domains, complemented with a minimal thresholding method for classification of link
estimations. Furthermore, this work proposes a computationally efficient method for
identification of the most vulnerable region of the network via graph theoretical modeling. The computational cost of this method is further reduced by employment of a
fast search space generation algorithm, as well as percolation modeling of the system.
Both methods are shown to increase the efficiency of adaptive jamming when no a
priori information about the topology or protocols of the network is available. Performance of the proposed methods is measured through graph theoretical and network
simulations.},
keywords = {},
pubstate = {published},
tppubtype = {phdthesis}
}
With the emerging reliance of critical communications on ad hoc architectures, ensuring the security of such networks is paramount. Even though the independence
of ad hoc networks from a single point of failure is seen as an advantage, the distributed nature of ad hoc communications introduces a variety of complex security
problems. These problems are further intensified in mission critical networks deployed
in hostile environments such as modern battlefields, where analysis and disruption of
opponents’ wireless communications is an essential component of combat. Therefore,
resilience of network connectivity to disruption and concealment of communications
is a priority in design of critical ad hoc networks. To this end, various techniques have
been proposed for mitigation of disruptive attacks, the majority of which focus on
routing and upper layers of the protocol stack, while very few consider implementing
mitigation in the physical and link layers.
This thesis aims at demonstrating the vulnerability of covert ad hoc networks to
adaptive jamming attacks that rely only on physical layer parameters. A novel transmission timing analysis technique is proposed to estimate the existence of hop-to-hop
links based on the synchronicity of transmission timings in both time and frequency
domains, complemented with a minimal thresholding method for classification of link
estimations. Furthermore, this work proposes a computationally efficient method for
identification of the most vulnerable region of the network via graph theoretical modeling. The computational cost of this method is further reduced by employment of a
fast search space generation algorithm, as well as percolation modeling of the system.
Both methods are shown to increase the efficiency of adaptive jamming when no a
priori information about the topology or protocols of the network is available. Performance of the proposed methods is measured through graph theoretical and network
simulations.
of ad hoc networks from a single point of failure is seen as an advantage, the distributed nature of ad hoc communications introduces a variety of complex security
problems. These problems are further intensified in mission critical networks deployed
in hostile environments such as modern battlefields, where analysis and disruption of
opponents’ wireless communications is an essential component of combat. Therefore,
resilience of network connectivity to disruption and concealment of communications
is a priority in design of critical ad hoc networks. To this end, various techniques have
been proposed for mitigation of disruptive attacks, the majority of which focus on
routing and upper layers of the protocol stack, while very few consider implementing
mitigation in the physical and link layers.
This thesis aims at demonstrating the vulnerability of covert ad hoc networks to
adaptive jamming attacks that rely only on physical layer parameters. A novel transmission timing analysis technique is proposed to estimate the existence of hop-to-hop
links based on the synchronicity of transmission timings in both time and frequency
domains, complemented with a minimal thresholding method for classification of link
estimations. Furthermore, this work proposes a computationally efficient method for
identification of the most vulnerable region of the network via graph theoretical modeling. The computational cost of this method is further reduced by employment of a
fast search space generation algorithm, as well as percolation modeling of the system.
Both methods are shown to increase the efficiency of adaptive jamming when no a
priori information about the topology or protocols of the network is available. Performance of the proposed methods is measured through graph theoretical and network
simulations.
Fissel, Lauren
2016.
Abstract | Links | BibTeX | Tags:
@phdthesis{fissel2016evaluation,
title = {Evaluation of Uncertainty for Soil Water Characteristic Curve Measurements and the Implications for Predicting the Hydro-Mechanical Behavior of Unsaturated Soils},
author = {Fissel, Lauren },
url = {https://ascelibrary.org/doi/abs/10.1061/9780784480472.061},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
booktitle = {Geotechnical Frontiers 2017},
pages = {579--588},
abstract = {In engineering design and classical soil mechanics, the assumption of saturated soil is the most conservative, weakest state that can be assumed. Classical soil mechanics involves the use of saturated soil parameters, including effective stress, effective cohesion, and effective friction angle. The use of unsaturated soils in design would be less conservative, but could lead to savings. Unsaturated soil mechanics also involves additional stress state variables net normal stress and matric suction. Because of the involvement of matric suction, determination of the soil water characteristic curve (SWCC) must occur simultaneously with strength testing of unsaturated soils. The calculation of unsaturated soil strength in design should have reliable reproducibility because unsaturated soil is a less conservative state. Variability in predictions of unsaturated shear strength may result do to variability in SWCC parameters. This possibility was investigated in this study, with emphasis on SWCC parameter variability. Variability of inter-specimen SWCC measurements was quantified for six soil samples. The hanging column method, an evaporation method with the UMS HYPROP apparatus, and the dew point potentiometer method provided measurement of discrete SWCC data. The van Genuchten SWCC function was parameterized using regression on data from at least 10 HYPROP trials per soil, individual measurements from the hanging column, and the same two dew point potentiometer data per soil. The HYPROP apparatus measures suction with upper and lower tensiometers within the soil specimens. Variability in water content was + 0.13 to + 0.16 at any given suction, indicating random variability in SWCC prediction despite identical specimen preparation. Variability in replicate parameter estimates for a single soil may be greater than 14% of median estimates. This result may impact testing programs that commonly rely upon a single SWCC measurement and subsequent parameterization. Additionally, this variability could affect strength testing reliant upon replicate specimen preparation. Unsaturated shear strength was predicted with a model that relies on the SWCC parameters estimated in this study. Based on this model, SWCC parameter variability resulted in minimal unsaturated strength prediction variability at suctions less than 1 kPa and increasing variability beyond this point. However, the same model failed to predict unsaturated shear strength results of this study obtained from unsaturated direct shear testing.},
keywords = {},
pubstate = {published},
tppubtype = {phdthesis}
}
In engineering design and classical soil mechanics, the assumption of saturated soil is the most conservative, weakest state that can be assumed. Classical soil mechanics involves the use of saturated soil parameters, including effective stress, effective cohesion, and effective friction angle. The use of unsaturated soils in design would be less conservative, but could lead to savings. Unsaturated soil mechanics also involves additional stress state variables net normal stress and matric suction. Because of the involvement of matric suction, determination of the soil water characteristic curve (SWCC) must occur simultaneously with strength testing of unsaturated soils. The calculation of unsaturated soil strength in design should have reliable reproducibility because unsaturated soil is a less conservative state. Variability in predictions of unsaturated shear strength may result do to variability in SWCC parameters. This possibility was investigated in this study, with emphasis on SWCC parameter variability. Variability of inter-specimen SWCC measurements was quantified for six soil samples. The hanging column method, an evaporation method with the UMS HYPROP apparatus, and the dew point potentiometer method provided measurement of discrete SWCC data. The van Genuchten SWCC function was parameterized using regression on data from at least 10 HYPROP trials per soil, individual measurements from the hanging column, and the same two dew point potentiometer data per soil. The HYPROP apparatus measures suction with upper and lower tensiometers within the soil specimens. Variability in water content was + 0.13 to + 0.16 at any given suction, indicating random variability in SWCC prediction despite identical specimen preparation. Variability in replicate parameter estimates for a single soil may be greater than 14% of median estimates. This result may impact testing programs that commonly rely upon a single SWCC measurement and subsequent parameterization. Additionally, this variability could affect strength testing reliant upon replicate specimen preparation. Unsaturated shear strength was predicted with a model that relies on the SWCC parameters estimated in this study. Based on this model, SWCC parameter variability resulted in minimal unsaturated strength prediction variability at suctions less than 1 kPa and increasing variability beyond this point. However, the same model failed to predict unsaturated shear strength results of this study obtained from unsaturated direct shear testing.
2015
Bhunia, Suman; Behzadan, Vahid; Sengupta, Shamik
Enhancement of spectrum utilization in non-contiguous DSA with online defragmentation Conference
IEEE MILCOM 2015-2015 IEEE Military Communications Conference, 2015.
Abstract | Links | BibTeX | Tags:
@conference{bhunia2015enhancement,
title = {Enhancement of spectrum utilization in non-contiguous DSA with online defragmentation},
author = {Bhunia, Suman and Behzadan, Vahid and Sengupta, Shamik},
doi = {10.1109/MILCOM.2015.7357481},
year = {2015},
date = {2015-10-28},
urldate = {2015-10-28},
pages = {432--437},
publisher = {MILCOM 2015-2015 IEEE Military Communications Conference},
organization = {IEEE},
abstract = {Rampant dynamic spectrum allocation over time leads to creation of narrow spectrum holes which can be aggregated to fulfill the bandwidth requirements of users. Even though this approach increases the throughput, it comes at the cost of degraded spectrum utilization due to a rise in the number of required guard bands. This paper proposes a framework for online defragmentation of non-contiguous channels as a way to mitigate the wastage of spectrum in channel aggregating DSA networks. The efficiency of this framework is studied through a testbed implementation and simulations.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Rampant dynamic spectrum allocation over time leads to creation of narrow spectrum holes which can be aggregated to fulfill the bandwidth requirements of users. Even though this approach increases the throughput, it comes at the cost of degraded spectrum utilization due to a rise in the number of required guard bands. This paper proposes a framework for online defragmentation of non-contiguous channels as a way to mitigate the wastage of spectrum in channel aggregating DSA networks. The efficiency of this framework is studied through a testbed implementation and simulations.
Suman, Bhunia; Behzadan, Vahid; Paulo Alexandre Regis,; Sengupta, Shamik
Performance of adaptive beam nulling in multihop ad-hoc networks under jamming Conference
IEEE 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, 2015.
Abstract | Links | BibTeX | Tags:
@conference{bhunia2015performance,
title = {Performance of adaptive beam nulling in multihop ad-hoc networks under jamming},
author = {Suman, Bhunia and Behzadan, Vahid and Alexandre Regis, Paulo , and Sengupta, Shamik },
doi = {10.1109/HPCC-CSS-ICESS.2015.144},
year = {2015},
date = {2015-01-01},
urldate = {2015-01-01},
pages = {1236--1241},
publisher = {2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems},
organization = {IEEE},
abstract = {In a multihop ad hoc network, end-to-end data transmissions traverse through multiple inter-node wireless links. A jammer can disrupt the entire data transfer of a network by intentionally interfering with links between a subset of nodes. The impact of such attacks is escalated when the jammer is moving. While the majority of current ad hoc protocols consider omnidirectional transmission and reception, adaptive antennas can be utilized for spatial filtering of the jamming signal. This paper investigates the performance of employing adaptive beam nulling as a mitigation technique against jamming attacks in multihop ad hoc networks. Considering a moving jammer, the survivability of links and connectivity in such networks are studied by simulating various node distributions and different mobility patterns of the attacker. In addition, the impact of errors in estimation of direction of arrival and beamforming on the overall network performance are also examined. The results indicate a significant improvement in retaining connectivity under jamming when adaptive beam nulling is applied.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
In a multihop ad hoc network, end-to-end data transmissions traverse through multiple inter-node wireless links. A jammer can disrupt the entire data transfer of a network by intentionally interfering with links between a subset of nodes. The impact of such attacks is escalated when the jammer is moving. While the majority of current ad hoc protocols consider omnidirectional transmission and reception, adaptive antennas can be utilized for spatial filtering of the jamming signal. This paper investigates the performance of employing adaptive beam nulling as a mitigation technique against jamming attacks in multihop ad hoc networks. Considering a moving jammer, the survivability of links and connectivity in such networks are studied by simulating various node distributions and different mobility patterns of the attacker. In addition, the impact of errors in estimation of direction of arrival and beamforming on the overall network performance are also examined. The results indicate a significant improvement in retaining connectivity under jamming when adaptive beam nulling is applied.
2011
Ebrahimi, Mohammad Sadegh; Daraei, Mohammad Hossein; Behzadan, Vahid; Khajooeizadeh, Anahid; Behrostaghi, Shervin Ardeshir; Tajvidi, Milad
A novel utilization of cluster-tree wireless sensor networks for situation awareness in smart grids Conference
IEEE 2011 IEEE PES Innovative Smart Grid Technologies, 2011.
Abstract | Links | BibTeX | Tags:
@conference{ebrahimi2011novel,
title = {A novel utilization of cluster-tree wireless sensor networks for situation awareness in smart grids},
author = {Ebrahimi, Mohammad Sadegh and Daraei, Mohammad Hossein and Behzadan, Vahid and Khajooeizadeh, Anahid and Behrostaghi, Shervin Ardeshir and Tajvidi, Milad},
doi = {10.1109/ISGT-Asia.2011.6167088},
year = {2011},
date = {2011-01-01},
urldate = {2011-01-01},
pages = {1--5},
publisher = {2011 IEEE PES Innovative Smart Grid Technologies},
organization = {IEEE},
abstract = {One of the most concerning problems in Smart Grids is the lack of a proper data acquisition system with high security, desired flexibility and required network capacity. These demands prove the vital role of communications in conjunction with smart girds. In this paper, Wireless Sensor Networks are proposed as a compatible choice for satisfying these requirements. However, Wireless Sensor Networks utilized for smart grids necessitate some specifications. We will study these specifications and suggest viable manipulations in the architecture of sensor nodes and network topology. Furthermore, after analyzing the properties of various communication systems, an appropriate choice is included in the design of WSN. With proposed specifications, computer simulations are provided to evaluate the suggested method and emphasis the satisfaction of demands.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
One of the most concerning problems in Smart Grids is the lack of a proper data acquisition system with high security, desired flexibility and required network capacity. These demands prove the vital role of communications in conjunction with smart girds. In this paper, Wireless Sensor Networks are proposed as a compatible choice for satisfying these requirements. However, Wireless Sensor Networks utilized for smart grids necessitate some specifications. We will study these specifications and suggest viable manipulations in the architecture of sensor nodes and network topology. Furthermore, after analyzing the properties of various communication systems, an appropriate choice is included in the design of WSN. With proposed specifications, computer simulations are provided to evaluate the suggested method and emphasis the satisfaction of demands.