The arms race between attacks and defenses for machine learning models has come to a forefront in recent years, both the security community privacy community. However, one big limitation of previous research is that domain have typically been considered separately. It thus unclear whether defense methods will any unexpected impact on other domain. In this paper, we take step towards resolving by combining two domains. particular, measure success membership inference against six...

In recent years, the research community has increasingly focused on understanding security and privacy challenges posed by deep learning models. However, domain have typically been considered separately. It is thus unclear whether defense methods in one will any unexpected impact other domain. this paper, we take a step towards enhancing our of models when two domains are combined together. We do measuring success membership inference attacks against state-of-the-art adversarial that...

Machine learning models are prone to memorizing sensitive data, making them vulnerable membership inference attacks in which an adversary aims guess if input sample was used train the model. In this paper, we show that prior work on may severely underestimate privacy risks by relying solely training custom neural network classifiers perform and focusing only aggregate results over data samples, such as attack accuracy. To overcome these limitations, first propose benchmark improving existing...

When deploying machine learning models in real-world applications, an open-world framework is needed to deal with both normal in-distribution inputs and undesired out-of-distribution (OOD) inputs. Open-world frameworks include OOD detectors that aim discard input examples which are not from the same distribution as training data of classifiers. However, our understanding current limited setting benign data, open question whether they robust presence adversaries. In this paper, we present...

Liwei Song, Xinwei Yu, Hsuan-Tung Peng, Karthik Narasimhan. Proceedings of the 2021 Conference North American Chapter Association for Computational Linguistics: Human Language Technologies. 2021.

This letter describes a synthesis method of uniformly excited, unequally spaced planar array with maximum beam collection efficiency based on the chaotic particle swarm optimization algorithm. Here, multiple constrains include number elements, aperture, minimum element spacing, and sidelobe level outside receiving region. Through this method, feeding network becomes simple compact. Effectiveness proposed is validated by comparing simulation results obtained in to those reported...

Voice assistants like Siri enable us to control IoT devices conveniently with voice commands, however, they also provide new attack opportunities for adversaries. Previous papers obfuscated commands by leveraging the gap between speech recognition system and human perception. The limitation is that these are audible thus conspicuous device owners. In this paper, we propose a novel mechanism directly microphone used sensing data inaudible commands. We show adversary can exploit microphone's...

The right to be forgotten, also known as the erasure, is of individuals have their data erased from an entity storing it. status this long held notion was legally solidified recently by General Data Protection Regulation (GDPR) in European Union. Consequently, there a need for mechanisms whereby users can verify if service providers comply with deletion requests. In work, we take first step proposing formal framework study design such verification requests -- machine unlearning context...

The right to be forgotten, also known as the erasure, is of individuals have their data erased from an entity storing it. status this long held notion was legally solidified recently by General Data Protection Regulation (GDPR) in European Union. As a consequence, there need for mechanisms whereby users can verify if service providers comply with deletion requests. In work, we take first step proposing formal framework, called Athena, study design such verification requests – machine...

The device in conventional half-duplex (HD) WiFi networks cannot perform carrier sensing while data transmission, thus it suffers from long collision duration. To mitigate this problem, letter presents a new cross-layer protocol design based on CSMA/CD, which facilitates simultaneous and transmission by using the full-duplex (FD) technology. As FD technology introduces residual self-interference (RSI), we study two types of errors caused RSI against FD-WiFi (i.e., false alarm miss...

A novel stepped amplitude distribution (SAD) taper for microwave power transmission space solar satellite is proposed in this paper. The SAD described by the summation of Heaviside step functions. Through optimizing "height" and "radius" each descriptive function, maximal beam collection efficiency (BCE) with without constraints on radiation levels can be obtained. large set numerical experiments continuous apertures discrete antenna arrays are carried out. results show that obtained BCEs...

This article presents a low radar cross section (RCS) single-layer multifunctional shared aperture (MSA) with tunable manipulation of radiation and bistatic scattering patterns over the same wide frequency band. A low-cost positive-intrinsic-negative (p-i-n) diode is used in unit cell to evoke <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$180^{\circ } \pm 20^{\circ }$ </tex-math></inline-formula>...

As the geometry thickness error of composite radome impacts electromagnetic (EM) performance antenna-radome system, a novel interval arithmetic analytic approach to analysis effect on average power pattern system with in radome-based is proposed. The radome's material modeled as interval-valued errors. link between and along some main EM characteristics (sidelobe level, peak power, half-power beamwidth) expressed intervals are efficiently constructed. Some comparisons measured simulated...

Voice assistants like Siri enable us to control IoT devices conveniently with voice commands, however, they also provide new attack opportunities for adversaries. Previous papers obfuscated commands by leveraging the gap between speech recognition system and human perception. The limitation is that these are audible thus conspicuous device owners. In this poster, we propose a novel mechanism directly microphone used sensing data inaudible commands. We show adversary can exploit microphone's...

The design of microwave wireless power transmission systems sometimes requires the synthesis large phased arrays, and objective is to obtain maximum beam collection efficiency (BCE). To reduce feeding network complexity as well system costs, subarray partition usually indispensable, which especially essential for arrays in context long-range high-power applications. Through minimizing difference between subarrayed BCE reference one, problem can be reduced an excitation matching one. Toward...

Membership inference attacks are a key measure to evaluate privacy leakage in machine learning (ML) models. These aim distinguish training members from non-members by exploiting differential behavior of the models on member and non-member inputs. The goal this work is train ML that have high membership while largely preserving their utility; we therefore for an empirical guarantee as opposed provable guarantees provided techniques like privacy, such shown deteriorate model utility....

Label differential privacy is a relaxation of for machine learning scenarios where the labels are only sensitive information that needs to be protected in training data. For example, imagine survey from participant university class about their vaccination status. Some attributes students publicly available but status and must remain private. Now if we want train model predicts whether student has received using public information, can use label-DP. Recent works on label-DP different ways...

Bridging concepts from information security and resonance theory, we propose a novel denial of service attack against hard disk drives (HDDs). In this attack, acoustic signals are used to cause rotational vibrations in HDD platters an attempt create failures read/write operations, ultimately halting the correct operation HDDs. We perform comprehensive examination multiple HDDs characterize show feasibility two real-world systems, namely, surveillance devices personal computers. Our...

Panel-setting errors associated with a segmented primary reflector limit the electrical performance of antenna. This paper addresses influence panel-setting on performance, in order to determine realistic error budgets, and adjust reflector-surface accuracy for such antennas. From viewpoint electromechanical coupling, an approximate expression error-transformation matrix (ETM) between aperture is derived. By comparing numerical simulations experimental results, it found that less than 11%....

A low-profile, wideband, and high-gain antenna array, based on a novel double-H-shaped slot microstrip patch radiating element robust against high temperature variations, is proposed in this work. The was designed to operate the frequency range between 12 GHz 18.25 GHz, with 41.3% fractional bandwidth (FBW) an obtained peak gain equal 10.2 dBi. planar characterized by feed network flexible 1 16 power divider, comprised 4 × elements generated pattern of 19.1 dBi at 15.5 GHz. An array...

The digital model of airborne frequency selective surface radomes (AFSSRs) is the basis design, simulation analysis, manufacturing, and other related research AFSSRs. This paper proposes a rapid modeling method AFSSRs based on dynamic customizable primitives. Firstly, layered construction scheme AFSSR presented typical radome wall structure. Then, according to characteristics various configurations complex wireframe information AFSSRs, primitives are raised express boundary contour all kinds...