In his years-long career developing software for power grids, Stan McHann had never before heard the ominous noise that rang out last Wednesday. Standing in the middle of a utility command center, he flinched as a cyberattack tripped the breakers in all seven of the grid's low voltage substations, plunging the system into darkness. "I heard all the substations trip off and it was just like bam bam bam bam bam bam bam bam," McHann says. All you can do is say, OK, we have to start from scratch bringing the power back up. You just take a deep breath and dig in." Thankfully, what McHann experienced wasn't the first-ever blackout caused by a cyberattack in the United States. Instead, it was part of a live, week-long federal research exercise in which more than 100 grid and cybersecurity experts worked to restore power to an isolated, custom-built test grid. In doing so they faced not just blackout conditions and rough weather, but also a group of fellow researchers throwing a steady ...
With the increasing adoption of AI, inherent security and privacy vulnerabilities formachine learning systems are being discovered. One such vulnerability makes itpossible for an adversary to obtain private information about the types of instancesused to train the targeted machine learning model. This so-called model inversionattack is based on sequential leveraging of classification scores towards obtaininghigh confidence representations for various classes. However, for deep networks,such procedures usually lead to unrecognizable representations that are uselessfor the adversary. In this paper, we introduce a more realistic definition of modelinversion, where the adversary is aware of the general purpose of the attackedmodel (for instance, whether it is an OCR system or a facial recognition system),and the goal is to find realistic class representations within the corresponding lower-dimensional manifold (of, respectively, general symbols or general faces). To thatend, we leverage properties of generative adversarial networks for constructinga connected lower-dimensional manifold, and demonstrate the efficiency of ourmodel inversion attack that is carried out within that manifold.
This is a guest post. The views expressed here are solely those of the authors and do not represent positions of IEEE Spectrum or the IEEE. Light detection and ranging, or lidar, is a sensing technology based on laser light. It's similar to radar, but can have a higher resolution, since the wavelength of light is about 100,000 times smaller than radio wavelengths. For robots, this is very important: Since radar cannot accurately image small features, a robot equipped with only a radar module would have a hard time grasping a complex object.
The Defense Advanced Research Projects Agency (DARPA) has awarded a contract of up to $4.7 million to BAE Systems to integrate machine learning (ML) into platforms deciphering radio frequency signals. Officials said the Controllable Hardware Integration for Machine-learning Enabled Real-time Adaptivity (CHIMERA) program provides a reconfigurable hardware platform for ML algorithm developers to make sense of radio frequency (RF) signals in increasingly crowded electromagnetic spectrum environments. "CHIMERA brings the flexibility of a software solution to hardware," said Dave Logan, vice president and general manager of Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) Systems at BAE Systems. "Machine-learning is on the verge of revolutionizing signals intelligence technology, just as it has in other industries." CHIMERA will enable ML software development to adapt the hardware's Radio Frequency (RF) configuration in real-time to optimize mission performance, officials said, adding the capability has never before been available in a hardware solution, with the system providing multiple control surfaces for the user, enabling on-the-fly performance trade-offs maximizing sensitivity, selectivity and scalability depending on mission need.
Adversarial attacks against machine learning models are a rather hefty obstacle to our increasing reliance on these models. Due to this, provably robust (certified) machine learning models are a major topic of interest. Lipschitz continuous models present a promising approach to solving this problem. By leveraging the expressive power of a variant of neural networks which maintain low Lipschitz constants, we prove that three layer neural networks using the FullSort activation function are Universal Lipschitz function Approximators (ULAs). This both explains experimental results and paves the way for the creation of better certified models going forward. We conclude by presenting experimental results that suggest that ULAs are a not just a novelty, but a competitive approach to providing certified classifiers, using these results to motivate several potential topics of further research.