REU Site: Secure, Robust, and Resilient AI-enabled System Engineering

Adversarial samples have been widely discussed in visual and high-dimensional data due to its significant impacts on learning model performance yet making unnoticeable change on the data. The most popular cases in social media is Deepfake, which is able to swap the faces in images/videos with very little trace or artifacts perceptible to humans. When adding pixel-level noise through adversarial attack, the recognition accuracy and confidence can be compromised. These facts have raised security concerns, especially in the context of biometrics, where identity is the key to access critical resources. The project will investigate the effectiveness of adversarial attacks on biometrics data and develop corresponding countermeasures to improve the robustness of the system. More specifically, the participants will create passive and active noises on biometrics (e.g., face, gait) and examine the degradation of an existing system. Quantitative and qualitative analysis on computational cost and changes of data will be conducted to ensure a valid attack. Second, defense algorithms including data pre-processing, adversarial training, and anomaly detection will be developed. Performance after implementing defense will be re-assessed. To improve engagement, real-world data will be collected by students through visual sensing devices in the PI’s lab. Third, the PI will lead quantitative analysis and provide interpretable results to help participants understand the mechanism of each attack/defense algorithm and the ways in which features may be compromised. The students are expected to master these algorithms, understand the benefits and disadvantages of each, and be able to apply them correctly in different scenarios.

Fueled by the massive influx of data and advanced algorithms, modern deep neural network (DNN) has surprisingly benefited IoT applications in a spectrum of domains. In recent years, enabling efficient integration of DNNs and IoT is receiving increasing attention from both academia and industry. Given the fact that complex DNN tasks can contain a large number of computational operations, their execution on resource-constrained IoT devices becomes challenging, especially when time-sensitive tasks are taken into consideration. To relieve IoT devices from heavy computation and energy consumption, outsourcing complex DNN inference tasks to public cloud computing platforms has become a popular choice in the literature. However, this type of “cloud-backed” system can raise privacy concerns when the data sent to remote cloud servers contain sensitive information. In this project, students will first learn the characteristics of popular DNN architectures as well as different levels of privacy protection requirements when applying DNNs for IoT tasks. Then, students will compare privacy protection approaches (e.g., differential privacy, noise-based protection, functional encryption) for the execution of DNNs on IoT devices in terms of efficiency, energy consumption, accuracy, and security levels. By exploring the architectures of DNNs, students will identify key data and operations that need to be protected, and design strategies to enable privacy-preserving execution of DNNs on IoT devices with the connection of external computing resources (e.g., cloud and edge computing). These strategies will be designed in an adjustable manner in terms of efficiency and security. Hence, students will have a better understanding of the trade-off between efficiency and security in practical applications.

Brainwaves are a promising biometric approach for security authentication. Since brainwave is an innate neurophysiological signal, unlike traditional password and other biometrics such as fingerprint, brainwave cannot be forgotten, lost, faked, or stolen. Specifically, brain electrical activity is recorded by Electroencephalography (EEG) and modeled for representing each persons identity. However, EEG data is not stable due to humans different mental states and non-stationarity of neurophysiological signal. In this REU project, advanced analysis approaches will be investigated to identify each persons unique brainwave. Two undergraduate students with machine learning, signal processing, or statistics background will be recruited in summer. Since mis-classification is caused by different mental emotions, a novel approach of emotion recognition [30] will be developed to reduce effect of emotions on EEG data used for biometric authentication. Furthermore, mean value and variance change during the non-stationary data acquisition process, and independent and identically distribution (IID) assumption is not satisfied in EEG. A novel method to deal with non-IID data and stabilize classification results of the same subjects inter-sessions data will be proposed. After completing this project, students are expected to have a deep understanding of EEG analysis and its potential challenges. They will receive training on how to apply their undergraduate study to solve problems of neurophysiological data analysis. Methods to achieve stability despite problems induced by emotions and non-stationarity will be developed.

AI and especially machine learning have attracted significant attention as enablers of autonomous systems for military and commercial applications. While various attacks and defenses on machine learning have begun to emerge, a formal framework incorporating known and future methods to rigorously test and quantitatively evaluate the resilience of machine learning components and systems is needed. This project will address this shortcoming. Students will learn to take the perspective of both red and blue team testers as they identify attacks and defenses in machine learning systems. This will include engineering exploits with adversarial machine learning libraries, followed by techniques to harden systems against various classes of attacks. Time between failure as well as severity and failure mode will be documented in order to apply statistical techniques from software reliability and security engineering. Students will then explore architectural implications, including concepts of AI attack surface as well as techniques to enumerate failure modes and effects criticality analysis that characterize the potential consequences of such exploits and probability of success. Mitigation techniques such as fault tolerance, hardware security, and other attack detection methods will be explored to enhance system resilience without degrading performance.

During the software development lifecycle, requirements are often modified, and they continue changing even when the software is deployed and being used. There may be various reasons to modify a working software: changing needs, advances in technology, library updates, bugs, and security flaws are just a couple of examples. One of the key aspects of requirements management is performing an impact analysis to understand the implications of making the change. However, the present focus of impact analysis is on the liveness and functionality of the software. Software development teams set up extensive testing infrastructure to verify and validate that the software still functions as expected. Unfortunately, these tests rarely measure the performance implications of any change even though failing to do so can have serious consequences. Updates to the security layer of a software system require additional computing time due to encryption, decryption, key exchange and other protocols. The students will analyze the impacts of various versions of updates in different phases of the software development lifecycle to provide insights and decision support for the software development teams. The students are expected to develop a deep understanding of software development lifecycle, learn how to create and work with a software development pipeline, and master performing impact analysis through artificial intelligence techniques. Therefore, this project aims to help students acquire both research experience and a fusion of skills required in the industry for software engineering workforce.

With the emergence of software defined radio (SDR), where software defines the physical layer functions of the radio, radio waveforms can be changed dynamically. Therefore, it is easy to alter or mimic licensed or authorized transmission to attack the transmission system and make the system vulnerable and unsecure. In this project, students will develop methods to detect and identify such altered or mimicked signals. Moreover, convolutional neural network (CNN) possesses a number of merits such as local perception, weight sharing and shift invariance. An essential hypothesis of CNN is that input data is localized and shift invariant. The sampled data of communication signals are in accordance with the basic hypothesis. Therefore, students will customize and optimize a CNN model for such detection and identification. The features of the licensed or authorized transmission waveforms as well as physical unclonable function (PUF) of the transmission devices will be extracted and learned to train and validate the model. Then, the malicious signals will be detected and identified by the model. The students will be expected to learn universal software radio peripheral (USRP) to generate authorized RF signals and altered/mimicked signals using GNU Radio SDR platform, develop CNN models using MATLAB deep learning toolbox or Python, extract features of the RF signals as well as the PUF of USRPs, and detect and identify over-the-air malicious signals.