In this paper, we propose a framework of filter-based ensemble of deep neuralnetworks (DNNs) to defend against adversarial attacks. The framework builds an ensemble of sub-models -- DNNs with differentiated preprocessing filters. From the theoretical
perspective of DNN robustness, we argue that under the assumption of high quality of the filters, the weaker the correlations of the sensitivity of the filters are, the more robust the ensemble model tends to be, and this is corroborated by the experiments of transfer-based attacks. Correspondingly, we propose a principle that chooses the specific filters with smaller Pearson correlation coefficients, which ensures the diversity of the inputs received by DNNs, as well as the effectiveness of the entire framework against attacks. Our ensemble models are more robust than those constructed by previous defense methods like adversarial training, and even competitive with the classical ensemble of adversarial trained DNNs under adversarial attacks when the attacking radius is large.
This paper proposes a black box based approach for analysing deep neural networks (DNNs). We view a DNN as a function $boldsymbol{f}$ from inputs to outputs, and consider the local robustness property for a given input. Based on scenario optimization
technique in robust control design, we learn the score difference function $f_i-f_ell$ with respect to the target label $ell$ and attacking label $i$. We use a linear template over the input pixels, and learn the corresponding coefficients of the score difference function, based on a reduction to a linear programming (LP) problems. To make it scalable, we propose optimizations including components based learning and focused learning. The learned function offers a probably approximately correct (PAC) guarantee for the robustness property. Since the score difference function is an approximation of the local behaviour of the DNN, it can be used to generate potential adversarial examples, and the original network can be used to check whether they are spurious or not. Finally, we focus on the input pixels with large absolute coefficients, and use them to explain the attacking scenario. We have implemented our approach in a prototypical tool DeepPAC. Our experimental results show that our framework can handle very large neural networks like ResNet152 with $6.5$M neurons, and often generates adversarial examples which are very close to the decision boundary.
Crystal phase is well studied and presents a periodical atom arrangement in three dimensions lattice, but the amorphous phase is poorly understood. Here, by starting from cage-like bicyclocalix[2]arene[2]triazines building block, a brand-new 2D MOF i
s constructed with extremely weak interlaminar interaction existing between two adjacent 2D-crystal layer. Inter-layer slip happens under external disturbance and leads to the loss of periodicity at one dimension in the crystal lattice, resulting in an interim phase between the crystal and amorphous phase - the chaos phase, non-periodical in microscopic scale but orderly in mesoscopic scale. This chaos phase 2D MOF is a disordered self-assembly of black-phosphorus like 3D-layer, which has excellent mechanical-strength and a thickness of 1.15 nm. The bulky 2D-MOF material is readily to be exfoliated into monolayer nanosheets in gram-scale with unprecedented evenness and homogeneity, as well as previously unattained lateral size (>10 um), which present the first mass-producible monolayer 2D material and can form wafer-scale film on substrate.
Optical nonreciprocity is important in photonic information processing to route the optical signal or prevent the reverse flow of noise. By adopting the strong nonlinearity associated with a few atoms in a strongly coupled cavity QED system and an as
ymmetric cavity configuration, we experimentally demonstrate the nonreciprocal transmission between two counterpropagating light fields with extremely low power. This nonreciprocity can even occur on a few-photon level due to the high optical nonlinearity of the system. The working power can be flexibly tuned by changing the effective number of atoms strongly coupled to the cavity. The idea and result can be applied to optical chips as optical diodes by using fiber-based cavity QED systems. Our work opens up new perspectives for realizing optical nonreciprocity on a few-photon level based on the nonlinearities of atoms strongly coupled to an optical cavity.
A general force-perturbation-based criterion for solid instability is proposed, which can predict instability including crease without priori knowledge of instability configuration. The crease instability is analyzed in detail, we found that the occu
rrence of solid instability does not always correspond to the non-positive definiteness of global stiffness matrix. An element stiffness-based criterion based on material stiffness is proposed as a stronger criterion in order to fast determine the occurrence of instability. This criterion has been shown to degenerate into the criterion for judging instability of certain known phenomena, such as necking and shear band phenomena. Besides, instability in strongly anisotropic materials is also predicted by the element stiffness-based criterion.
