Showing papers by "Chen Wang published in 2019"

Adversarial Examples for Graph Data: Deep Insights into Attack and Defense.

Abstract: Graph deep learning models, such as graph convolutional networks (GCN) achieve state-of-the-art performance for tasks on graph data. However, similar to other deep learning models, graph deep learning models are susceptible to adversarial attacks. However, compared with non-graph data the discrete nature of the graph connections and features provide unique challenges and opportunities for adversarial attacks and defenses. In this paper, we propose techniques for both an adversarial attack and a defense against adversarial attacks. Firstly, we show that the problem of discrete graph connections and the discrete features of common datasets can be handled by using the integrated gradient technique that accurately determines the effect of changing selected features or edges while still benefiting from parallel computations. In addition, we show that an adversarially manipulated graph using a targeted attack statistically differs from un-manipulated graphs. Based on this observation, we propose a defense approach which can detect and recover a potential adversarial perturbation. Our experiments on a number of datasets show the effectiveness of the proposed techniques.

Adversarial Examples on Graph Data: Deep Insights into Attack and Defense

Abstract: Graph deep learning models, such as graph convolutional networks (GCN) achieve remarkable performance for tasks on graph data. Similar to other types of deep models, graph deep learning models often suffer from adversarial attacks. However, compared with non-graph data, the discrete features, graph connections and different definitions of imperceptible perturbations bring unique challenges and opportunities for the adversarial attacks and defenses for graph data. In this paper, we propose both attack and defense techniques. For attack, we show that the discreteness problem could easily be resolved by introducing integrated gradients which could accurately reflect the effect of perturbing certain features or edges while still benefiting from the parallel computations. For defense, we observe that the adversarially manipulated graph for the targeted attack differs from normal graphs statistically. Based on this observation, we propose a defense approach which inspects the graph and recovers the potential adversarial perturbations. Our experiments on a number of datasets show the effectiveness of the proposed methods.

DeepCU: Integrating both Common and Unique Latent Information for Multimodal Sentiment Analysis

Abstract: Multimodal sentiment analysis combines information available from visual, textual, and acoustic representations for sentiment prediction. The recent multimodal fusion schemes combine multiple modalities as a tensor and obtain either; the common information by utilizing neural networks, or the unique information by modeling low-rank representation of the tensor. However, both of these information are essential as they render inter-modal and intra-modal relationships of the data. In this research, we first propose a novel deep architecture to extract the common information from the multi-mode representations. Furthermore, we propose unique networks to obtain the modality-specific information that enhances the generalization performance of our multimodal system. Finally, we integrate these two aspects of information via a fusion layer and propose a novel multimodal data fusion architecture, which we call DeepCU (Deep network with both Common and Unique latent information). The proposed DeepCU consolidates the two networks for joint utilization and discovery of all-important latent information. Comprehensive experiments are conducted to demonstrate the effectiveness of utilizing both common and unique information discovered by DeepCU on multiple real-world datasets. The source code of proposed DeepCU is available at https://github.com/sverma88/DeepCU-IJCAI19.

Digital-Physical Parity for Food Fraud Detection

Abstract: Food fraud has an adverse impact on all stakeholders in the food production and distribution process. Lack of transparency in food supply chains is a strong factor contributing to food fraud. With limited transparency, the insights on food supply chains are fragmented, and every participant has to rely on trusted third parties to assess food quality. Blockchain has been introduced to the food industry to enable transparency and visibility, but it can only protect the integrity of a digital representation of physical food, not the physical food directly. Tagging techniques, like barcodes and QR codes that are used to connect the physical food to its digital representation, are vulnerable to attacks. In this paper, we propose a blockchain-based solution to link physical items, like food, to their digital representations using physical attributes of the item. This solution is generic in its support for different methods to perform the physical checks; as a concrete example, we use machine learning models on visual features of food products, through regular and thermal photos. Furthermore, we use blockchain to introduce a reward system for supply chain participants, which incentivizes honesty and supplying data. We evaluate the technical feasibility of components of this architecture for food fraud detection using a real-world scenario, including machine-learning models for distinguishing between grain-fed and grass-fed beef.

The Vulnerabilities of Graph Convolutional Networks: Stronger Attacks and Defensive Techniques.

Abstract: Graph deep learning models, such as graph convolutional networks (GCN) achieve remarkable performance for tasks on graph data. Similar to other types of deep models, graph deep learning models often suffer from adversarial attacks. However, compared with non-graph data, the discrete features, graph connections and different definitions of imperceptible perturbations bring unique challenges and opportunities for the adversarial attacks and defences for graph data. In this paper, we propose both attack and defence techniques. For attack, we show that the discrete feature problem could easily be resolved by introducing integrated gradients which could accurately reflect the effect of perturbing certain features or edges while still benefiting from the parallel computations. For defence, we propose to partially learn the adjacency matrix to integrate the information of distant nodes so that the prediction of a certain target is supported by more global graph information rather than just few neighbour nodes. This, therefore, makes the attacks harder since one need to perturb more features/edges to make the attacks succeed. Our experiments on a number of datasets show the effectiveness of the proposed methods.

A Framework for Discovering Variable-length Motifs in Medical Data Streams

Abstract: In this paper, we explore two key problems in time series motif discovery: releasing the constraints of trivial matching between subsequence with different lengths and improving the time and space efficiency. The purpose of avoiding trivial matching is to avoid too much repetition between subsequence in calculating their similarities. We describe a limited-length enhanced suffix array based framework (LiSAM) to resolve the two problems. We first convert the continuous time series to the discrete time series using the Symbolic Aggregate approXimation procedure, and then introduce two covering relations of the discrete subsequence: α-covering between the instances of LCP (Longest Common Prefix) intervals and β-covering between LCP intervals to support the motif discovery: if an LCP interval is βuncovered, its instances form a motif. The βUncover algorithm of LiSAM identifies the β-uncovered l-intervals, in which we introduce two LCP tabs: presuf and nextsuf to support the identification of the αuncovered instances of an l-interval. Experimental results on Electrocardiogram signals indicate the accuracy of LiSAM on finding motifs with different lengths.

A Compliance Checking Framework for DNN Models

Abstract: Growing awareness towards ethical use of machine learning (ML) models has created a surge for the development of fair models. Existing work in this regard assumes the presence of sensitive attributes in the data and hence can build classifiers whose decisions remain agnostic to such attributes. However, in the real world settings, the end-user of the ML model is unaware of the training data; besides, building custom models is not always feasible. Moreover, utilizing a pre-trained model with high accuracy on certain dataset can not be assumed to be fair. Unknown biases in the training data are the true culprit for unfair models (i.e., disparate performance for groups in the dataset). In this preliminary research, we propose a different lens for building fair models by enabling the user with tools to discover blind spots and biases in a pre-trained model and augment them with corrective measures.

Towards Effective Data Augmentations via Unbiased GAN Utilization

Abstract: The parameters of any machine learning (ML) model are obtained from the dataset on which the model is trained. However, existing research reveals that many datasets appear to have strong build-in biases. These biases are inherently learned by the learning mechanism of the ML model which adversely affects their generalization performance. In this research, we propose a new supervised data augmentation mechanism which we call as Data Augmentation Pursuit (DAP). The DAP generates labelled synthetic data instances for augmenting the raw datasets. To demonstrate the effectiveness of utilizing DAP for reducing model bias, we perform comprehensive experiments on real world image dataset. CNN models trained on augmented dataset obtained using DAP achieves significantly better classification performance and exhibits reduction in the bias learned by their learning mechanism.