13979 research outputs found
Sort by
Grammar-based object representations in a scene parsing task.
This paper addresses the nature of visual representations associated with complex structured objects, and the role of these representations in perceptual organization. We use a novel experimental paradigm to probe subjects’ intuitions about parsing a scene consisting of overlapping two-dimensional objects. The objects are generated from an abstract 2-dimensional image grammar, which specifies the set of possible configurations of object parts. We show that participants’ performance on the task depends on prior experience with the object class, and is based on structural cues. This indicates that structural representations exerted a top-down influence on parsing. To address the question of representation type, we used a computational model of object matching in conjunction with various probabilistic representational models. Our simulations indicate that grammar-based representations derived from the original grammars are superior to more restrictive exemplar-based representations in explaining human performance on this task, as well as to more inclusive, over-generalizing grammar-based representations
Training AI in Hostile Environments: Adversarially Robust Machine Learning
Artificial Intelligence (AI) and particularly Deep Learning (DL)-based techniques have recently achieved numerous remarkable milestones, allowing their application to increasingly complex and critical tasks, including tasks from the security domain. The capability of AI to autonomously process and analyze large amounts of data has enabled the development of advanced security systems that can evaluate large numbers of events within a system while taking into account a wide array of features that would otherwise overwhelm human analysts when performing manual inspections. This scalability and precision make DL a valuable analysis technique to be leveraged in various security-critical applications, allowing the development of sophisticated protection mechanisms.
Adversarial manipulations pose a significant threat in this context, as attackers can exploit the training process to introduce blind spots into the monitoring system. Unlike natural data corruptions, such as biases or mislabeled samples, adversarial manipulations are intentional and capable of adapting their characteristics and intensity in response to deployed defense mechanisms. Adversaries can modify attacks to bypass data-cleaning techniques and systematically compromise the system. Due to DL's fundamental reliance on the underlying training data, the presence of active adversaries in security applications of Deep Neural Networks (DNNs) introduces several unique challenges distinct from those encountered in non-security domains.
First, adversarial manipulations can exploit scenarios where models must dynamically adapt to evolving system behaviors to remain effective. Attackers can take advantage of these adaptive mechanisms by gradually altering behavior in subtle ways, thereby shifting the decision boundaries without triggering alerts in the active monitoring scheme.
The second challenge arises from the scarcity and sensitivity of training data. While traditional DL applications are often constrained by the availability of labeled datasets and the time-intensive nature of the labeling process, security applications face additional restrictions. The data used in such contexts often includes sensitive information, such as users' network traffic or sensor data from smart homes, where privacy concerns or legal constraints may limit access and prevent sharing of the data. Distributed learning paradigms, such as Federated Learning (FL), overcome the need for centralized data collection by outsourcing the training process to individual clients that keep their data locally, sharing only the parameters of the trained DNNs. However, in adversarial environments, this decentralized approach creates an opportunity for attackers to manipulate the trained model. By providing poisoned training contributions, malicious actors can inject blind spots into the aggregated model, undermining its integrity and effectiveness.
The third major challenge is raised by resource constraints in security deployments. While advanced security analyses often necessitate the use of complex DNNs, such models can exceed the computational capacities of resource-constrained devices that are deployed in the real world. To address this limitation, approaches like Split Learning (SL) partition the DNN into client-side layers, which are responsible for processing sensitive input and output data, as well as server-side layers, which handle computation-intensive calculations. This design enables multiple resource-constrained clients to train also large DNNs collaboratively. However, partitioning the model introduces a significant limitation, as the server's restricted access to only a portion of the DNN prevents the server from performing a comprehensive analysis of the model to detect poisoned contributions.
This cumulative dissertation systematically addresses these challenges to enhance the robustness and security of machine learning training processes in adversarial environments. We address the first challenge of a comprehensive and dynamically adapting but robust security-monitoring system with an autonomously trained anomaly-detection system that adapts to changes in the system's behavior while remaining resilient against manipulations. The system is showcased for detecting attacks on IoT smart homes. While the number of IoT devices continues to grow, many devices still lack even basic security measures. Existing literature for mitigating attacks focuses on network- or host-based intrusion detection of attacks that compromise the IoT device itself. However, these approaches cannot detect attacks that exploit insecure control planes, such as unauthorized commands issued via cloud services without user authentication, where the IoT device is not directly targeted. To address this gap, we propose a scheme that analyzes status changes while considering the device's context, i.e., the states of all other devices in the system. Leveraging DNNs, the scheme evaluates the comprehensive state of the monitored system, models regular behavioral patterns of the smart home, and computes an anomaly score for each triggered action. A significant challenge lies in classifying these scores, as different smart homes exhibit varying levels of behavioral variance, which may also change over time. Conversely, adversaries could exploit adaptive classification boundaries to manipulate the detection. We design a dynamic threshold-tuning scheme that incorporates historical information and the variance in the users' behavior while restricting the impact of short-term deviations, thereby mitigating manipulation attempts and ensuring robust adaptability.
To address the second challenge concerning the availability of potentially sensitive training data, we investigate backdoor-resilient distributed learning schemes. Backdoor attacks introduce well-defined misbehavior for inputs containing a certain activation pattern, making them eligible to intentionally inject a blind spot for certain attacks. To build robust FL systems, we propose a dynamic noising scheme to remove backdoors from the aggregated model, minimizing utility loss and noise magnitude by integrating outlier detection and clipping techniques. Combining these components makes the defense scheme resilient even against adaptive attacks. However, outlier detection may exclude models from benign clients whose datasets are not independently and identically distributed (non-IID) and significantly differ from the data of other clients. In such scenarios, the models trained on these datasets also differ significantly from one another. A critical challenge is to determine whether such discrepancies are caused by benign variations in training data or malicious manipulations. To address this challenge, we build on the first work and design several novel techniques for analyzing model updates, identifying artifacts characteristic of backdoored models, and measuring data similarities using DNN models trained on the clients' datasets. These techniques, combined with similarity estimations for the clients' datasets, are incorporated into a classifier to effectively distinguish between benign and backdoored models. Building on these insights, we design DeepSight, which combines the filtering mechanism with a dynamic clipping scheme to effectively eliminate backdoor attacks, particularly in scenarios where the clients' data show similar complexity. To secure FL in other settings, we introduce CrowdGuard, a scheme that analyzes changes in model behavior using validation data. Addressing the challenge that servers lack validation data and cannot share the models with other clients due to privacy concerns, we propose a novel architecture based on client-side secure enclaves for confidentiality-preserving model validation leveraging the clients' datasets. This architecture enables secure sharing of model updates among clients while isolating applications to prevent privacy breaches. Using this framework, we design an algorithm that detects backdoors by analyzing subtle changes in the behavior of individual neurons and integrates a robust server-side voting mechanism to prevent malicious clients from manipulating the validation result through manipulated validation data. Together, these contributions allow the design of attack-resilient FL systems, advancing defenses against sophisticated adversarial threats.
To address the third challenge, we extend the detection of poisoned training contributions to learning paradigms such as SL, where only certain parts of the DNN can be monitored, and clients train sequentially, preventing direct comparisons of updates. To address these limitations, we inspect the observable parameters using static and dynamic analysis techniques to validate and compare the clients' training objectives. For the dynamic analysis, we design a novel technique that measures the rotational distance between models, capturing subtle changes in updates by considering rotation and orientation. Combined with frequency domain analysis inspecting the models from the static perspective, this ensemble creates a comprehensive fingerprint of the training objectives. Given the inherently sequential structure of SL, we design a circular architecture to analyze each model change, enabling the identification and reversal of malicious training contributions
On the Lp-theory of elliptic operators in divergence form
This thesis investigates the Lp-theory of elliptic operators in divergence form. In particular, it studies the Lp-mapping properties of the associated heat semigroup and Riesz transform on the whole space, their relation to elliptic boundary value problems via the first-order approach, and aspects in rough geometric settings with mixed or dynamical boundary conditions
Montanarchäologische Befunde als Quellengattung - ein Überblick: Relikte der Montanwirtschaft und ihr Spiegelbild in der Flussaue
Die Montanarchäologie beschäftigt sich mit den technischen, wirtschaftlichen und sozialen Aspekten der Nutzung natürlicher Rohstoffvorkommen durch den Menschen im Wandel der Zeiten. Dabei werden mittels zerstörungsfreier Prospektionsmethoden und/oder durch Grabungen die materiellen Hinterlassenschaften an Gewinnungsorten einerseits und an Lokationen der Weiterverarbeitung andererseits untersucht. Beide sind eingebettet in die historische Kulturlandschaft sowie deren Siedlungs- und Infrastruktur. Ausgangspunkt für die interdisziplinär-naturwissenschaftliche Beurteilung der Befunde und Funde sind die geologisch-lagerstättenkundliche Betrachtung der Rohstoffvorkommen und die geographische Analyse der weiteren natürlichen Ressourcen im Kontext des Montansektors. Bergbau, Steingewinnung und die Verarbeitung von mineralischen Rohstoffen hinterlassen direkte und indirekte Spuren in der Landschaft, die als Teil der fluvialen Anthroposphäre oder als ihr weiteres Einzugsgebiet interpretiert werden können
"Was ist schon normal?" Schwermetalle in Auensedimenten und die Schwierigkeit erwartete Konzentrationen zu definieren
Schwermetalle in Sedimenten sind ein seit vielen Jahrzehnten adressiertes Thema, da von ihnen bei entsprechender Konzentration ein Risiko für Mensch und Umwelt ausgehen kann. Um das Gefahrenpotential abschätzen zu können, ist es erforderlich, die Schwermetallkonzentrationen in den jeweiligen Umweltmedien (Boden, Luft, Wasser) zu dokumentieren und zu bewerten. Erhöhte Schwermetallkonzentration sind jedoch nicht nur durch menschliches Handeln verursacht, sondern können auch auf den geologischen Untergrund zurückgeführt werden. Der natürliche Erwartungswert wird meist als geochemischer Hintergrund oder Grundlinie (englisch: geochemical background, geochemical baseline) bezeichnet. Seine genaue Definition, die Interpretation des Wertes sowie die Methoden zur Ermittlung der Werte sind allerdings nicht einheitlich. Dieser Aufsatz gibt einen kurzen Überblick über die verschiedenen ermittelbaren Werte und die dazu üblicherweise eingesetzten Methoden
Flüsse erzählen Geschichten - Zur Stratigraphie und Datierung von Auensedimenten
Ähnlich wie das Leben eines Menschen, das durch Erfahrungen, Veränderungen und Entwicklungen geprägt ist, werden auch Flusslandschaften durch ihre Geschichte charakterisiert. Diese Geschichte ist in den Ablagerungen (Sedimenten) gespeichert, die sich über die Zeit von Jahrhunderten bis Jahrmillionen entlang von Flüssen abgelagert haben. Besonders in den Auen, den Bereichen, die bei Hochwasser überflutet werden, lagern sich Jahr für Jahr und Schicht für Schicht Sedimente ab, die wie die Seiten eines Geschichtsbuches die Entwicklung des Flusses und seiner Landschaft dokumentieren. Um die Geschichten der Sedimente und damit der Landschafts- und Umweltveränderungen rekonstruieren zu können, muss der Sedimentationszeitpunkt, also der Zeitpunkt der Sedimentablagerung, bekannt sein. Den Geowissenschaften stehen hierfür verschiedene Methoden der Zeiterfassung zur Verfügung, um so die chronologische, also zeitliche Abfolge der Ereignisse und Veränderungen erfassen zu können. Diese zeitliche Einordnung der Ereignisse ist grundlegend, denn ohne eine präzise Zeitangabe können die vergangenen Landschafts- und Umweltbedingungen sowie deren Veränderungen durch beispielsweise den menschlichen Einfluss nicht interpretiert werden
Auf dem richtigen Gleis. 175 Jahre Eisenbahn in Deutschland - 150 Jahre Eisenbahnwesen an der TU Darmstadt.
Vor 175 Jahren begann mit der Eröffnung der Strecke Nürnberg–Fürth die Erfolgsgeschichte der Eisenbahn in Deutschland. Vor 150 Jahren wurde mit der Berufung von Friedrich Heinzerling zum Leiter der Ingenieurklasse an der Höheren Gewerbeschule das wissenschaftliche Eisenbahnwesen in Darmstadt begründet
Vor 50 Jahren … Todestag des Elektrotechnikers Franklin Punga
Am 15. Mai des Jahres 1962 verstarb der emeritierte Professor für Elektromaschinenbau in Darmstadt-Eberstadt. Erwin Albin Franklin Punga wurde am 29.9.1879 in Alsmannsdorf
(Thüringen) geboren
Vor 50 Jahren … Ehrensenatorenwürde für Pionier des Raketenantriebs
Im Jahre 1962 verlieh die TH Darmstadt auf Antrag der Fakultät für Maschinenbau die Würde eines Ehrensenators an Fritz von Opel, einen Pionier in der Anwendung von Raketentriebwerken. Der Unternehmer, geboren am 4. Mai 1899, war Enkel von Adam Opel, Gründer der gleichnamigen Firma
Data acquisition for AI-aided identification of mapped acoustic radiation modes
Acoustic Radiation Modes (ARMs) and their corresponding radiation efficiencies characterize the emission of sound from the surface of a vibrating structure to the air [1]. This gives a more accurate prediction of sound power than using the hypothesis of monopole radiator. Previous research shows that the ARMs of different geometries are similar. Thus, the assumption is made that the ARMs of a three-dimensional convex geometry can be obtained from the known ARMs of simple geometries, for example, spheres [2]. Other than the traditional mapped ARM using Boundary Element Method (BEM) [3], Artificial Intelligence (AI) techniques gain our attention to optimize and accelerate the identification process. In this work, a set of virtual data from numerical simulations are acquired for AI-aided identification of mapped ARMs. Besides, the numerical simulation is validated with theoretical knowledge