Search Results for author: Suman Jana

Found 30 papers, 18 papers with code

A Branch and Bound Framework for Stronger Adversarial Attacks of ReLU Networks

no code implementations29 Sep 2021 huan zhang, Shiqi Wang, Kaidi Xu, Yihan Wang, Suman Jana, Cho-Jui Hsieh, J Zico Kolter

In this work, we formulate an adversarial attack using a branch-and-bound (BaB) procedure on ReLU neural networks and search adversarial examples in the activation space corresponding to binary variables in a mixed integer programming (MIP) formulation.

Adversarial Attack

Beta-CROWN: Efficient Bound Propagation with Per-neuron Split Constraints for Neural Network Robustness Verification

no code implementations NeurIPS 2021 Shiqi Wang, huan zhang, Kaidi Xu, Xue Lin, Suman Jana, Cho-Jui Hsieh, J Zico Kolter

We develop $\beta$-CROWN, a new bound propagation based method that can fully encode neuron split constraints in branch-and-bound (BaB) based complete verification via optimizable parameters $\beta$.

Evaluating the Robustness of Trigger Set-Based Watermarks Embedded in Deep Neural Networks

no code implementations18 Jun 2021 Suyoung Lee, Wonho Song, Suman Jana, Meeyoung Cha, Sooel Son

Trigger set-based watermarking schemes have gained emerging attention as they provide a means to prove ownership for deep neural network model owners.

Learning Security Classifiers with Verified Global Robustness Properties

1 code implementation24 May 2021 Yizheng Chen, Shiqi Wang, Yue Qin, Xiaojing Liao, Suman Jana, David Wagner

Since data distribution shift is very common in security applications, e. g., often observed for malware detection, local robustness cannot guarantee that the property holds for unseen inputs at the time of deploying the classifier.

Malware Detection

Beta-CROWN: Efficient Bound Propagation with Per-neuron Split Constraints for Complete and Incomplete Neural Network Robustness Verification

3 code implementations NeurIPS 2021 Shiqi Wang, huan zhang, Kaidi Xu, Xue Lin, Suman Jana, Cho-Jui Hsieh, J. Zico Kolter

Compared to the typically tightest but very costly semidefinite programming (SDP) based incomplete verifiers, we obtain higher verified accuracy with three orders of magnitudes less verification time.

Adversarial Attack

Trex: Learning Execution Semantics from Micro-Traces for Binary Similarity

no code implementations16 Dec 2020 Kexin Pei, Zhou Xuan, Junfeng Yang, Suman Jana, Baishakhi Ray

We thus train the model to learn execution semantics from the functions' micro-traces, without any manual labeling effort.

Transfer Learning Vulnerability Detection

XDA: Accurate, Robust Disassembly with Transfer Learning

1 code implementation2 Oct 2020 Kexin Pei, Jonas Guan, David Williams-King, Junfeng Yang, Suman Jana

We present XDA, a transfer-learning-based disassembly framework that learns different contextual dependencies present in machine code and transfers this knowledge for accurate and robust disassembly.

Language Modelling Masked Language Modeling +2

Ensuring Fairness Beyond the Training Data

2 code implementations NeurIPS 2020 Debmalya Mandal, Samuel Deng, Suman Jana, Jeannette M. Wing, Daniel Hsu

In this work, we develop classifiers that are fair not only with respect to the training distribution, but also for a class of distributions that are weighted perturbations of the training samples.

Fairness online learning

Towards Understanding Fast Adversarial Training

no code implementations4 Jun 2020 Bai Li, Shiqi Wang, Suman Jana, Lawrence Carin

Current neural-network-based classifiers are susceptible to adversarial examples.

MTFuzz: Fuzzing with a Multi-Task Neural Network

1 code implementation25 May 2020 Dongdong She, Rahul Krishna, Lu Yan, Suman Jana, Baishakhi Ray

The compact embedding can be used to guide the mutation process effectively by focusing most of the mutations on the parts of the embedding where the gradient is high.

Software Engineering

Learning Nonlinear Loop Invariants with Gated Continuous Logic Networks (Extended Version)

no code implementations17 Mar 2020 Jianan Yao, Gabriel Ryan, Justin Wong, Suman Jana, Ronghui Gu

In this paper, we introduce a new neural architecture for general SMT learning, the Gated Continuous Logic Network (G-CLN), and apply it to nonlinear loop invariant learning.

Towards Practical Lottery Ticket Hypothesis for Adversarial Training

1 code implementation6 Mar 2020 Bai Li, Shiqi Wang, Yunhan Jia, Yantao Lu, Zhenyu Zhong, Lawrence Carin, Suman Jana

Recent research has proposed the lottery ticket hypothesis, suggesting that for a deep neural network, there exist trainable sub-networks performing equally or better than the original model with commensurate training steps.

HYDRA: Pruning Adversarially Robust Neural Networks

2 code implementations NeurIPS 2020 Vikash Sehwag, Shiqi Wang, Prateek Mittal, Suman Jana

We demonstrate that our approach, titled HYDRA, achieves compressed networks with state-of-the-art benign and robust accuracy, simultaneously.

Network Pruning

Cost-Aware Robust Tree Ensembles for Security Applications

1 code implementation3 Dec 2019 Yizheng Chen, Shiqi Wang, Weifan Jiang, Asaf Cidon, Suman Jana

There are various costs for attackers to manipulate the features of security classifiers.

Spam detection

CLN2INV: Learning Loop Invariants with Continuous Logic Networks

1 code implementation ICLR 2020 Gabriel Ryan, Justin Wong, Jianan Yao, Ronghui Gu, Suman Jana

We use CLNs to implement a new inference system for loop invariants, CLN2INV, that significantly outperforms existing approaches on the popular Code2Inv dataset.

Fine Grained Dataflow Tracking with Proximal Gradients

no code implementations8 Sep 2019 Gabriel Ryan, Abhishek Shah, Dongdong She, Koustubha Bhat, Suman Jana

Dataflow tracking with Dynamic Taint Analysis (DTA) is an important method in systems security with many applications, including exploit analysis, guided fuzzing, and side-channel information leak detection.

Cryptography and Security

Neutaint: Efficient Dynamic Taint Analysis with Neural Networks

no code implementations8 Jul 2019 Dongdong She, Yizheng Chen, Baishakhi Ray, Suman Jana

Dynamic taint analysis (DTA) is widely used by various applications to track information flow during runtime execution.

Cryptography and Security

Towards Compact and Robust Deep Neural Networks

no code implementations14 Jun 2019 Vikash Sehwag, Shiqi Wang, Prateek Mittal, Suman Jana

In this work, we rigorously study the extension of network pruning strategies to preserve both benign accuracy and robustness of a network.

Adversarial Robustness Network Pruning

Enhancing Gradient-based Attacks with Symbolic Intervals

no code implementations5 Jun 2019 Shiqi Wang, Yizheng Chen, Ahmed Abdou, Suman Jana

In this paper, we present interval attacks, a new technique to find adversarial examples to evaluate the robustness of neural networks.

On Training Robust PDF Malware Classifiers

1 code implementation6 Apr 2019 Yizheng Chen, Shiqi Wang, Dongdong She, Suman Jana

A practically useful malware classifier must be robust against evasion attacks.

MixTrain: Scalable Training of Verifiably Robust Neural Networks

1 code implementation6 Nov 2018 Shiqi Wang, Yizheng Chen, Ahmed Abdou, Suman Jana

Making neural networks robust against adversarial inputs has resulted in an arms race between new defenses and attacks.

Efficient Formal Safety Analysis of Neural Networks

2 code implementations NeurIPS 2018 Shiqi Wang, Kexin Pei, Justin Whitehouse, Junfeng Yang, Suman Jana

Our approach can check different safety properties and find concrete counterexamples for networks that are 10$\times$ larger than the ones supported by existing analysis techniques.

Adversarial Attack Adversarial Defense +2

NEUZZ: Efficient Fuzzing with Neural Program Smoothing

1 code implementation15 Jul 2018 Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, Suman Jana

However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs.

Formal Security Analysis of Neural Networks using Symbolic Intervals

3 code implementations28 Apr 2018 Shiqi Wang, Kexin Pei, Justin Whitehouse, Junfeng Yang, Suman Jana

In this paper, we present a new direction for formally checking security properties of DNNs without using SMT solvers.

Autonomous Vehicles

Certified Robustness to Adversarial Examples with Differential Privacy

3 code implementations9 Feb 2018 Mathias Lecuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana

Adversarial examples that fool machine learning models, particularly deep neural networks, have been a topic of intense research interest, with attacks and defenses being developed in a tight back-and-forth.

Towards Practical Verification of Machine Learning: The Case of Computer Vision Systems

no code implementations5 Dec 2017 Kexin Pei, Yinzhi Cao, Junfeng Yang, Suman Jana

Finally, we show that retraining using the safety violations detected by VeriVis can reduce the average number of violations up to 60. 2%.

Medical Diagnosis

SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities

no code implementations28 Aug 2017 Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, Suman Jana

When such conditions are met, an attacker can launch Denial-of-Service attacks against a vulnerable application by providing inputs that trigger the worst-case behavior.

Cryptography and Security

DeepTest: Automated Testing of Deep-Neural-Network-driven Autonomous Cars

1 code implementation28 Aug 2017 Yuchi Tian, Kexin Pei, Suman Jana, Baishakhi Ray

Most existing testing techniques for DNN-driven vehicles are heavily dependent on the manual collection of test data under different driving conditions which become prohibitively expensive as the number of test conditions increases.

Autonomous Vehicles

DeepXplore: Automated Whitebox Testing of Deep Learning Systems

3 code implementations18 May 2017 Kexin Pei, Yinzhi Cao, Junfeng Yang, Suman Jana

First, we introduce neuron coverage for systematically measuring the parts of a DL system exercised by test inputs.

Malware Detection Self-Driving Cars

Cannot find the paper you are looking for? You can Submit a new open access paper.