Reliability-based design optimization (RBDO) is intrinsically a double-loop procedure since it involves an overall optimization and an iterative reliability assessment at each search point. Due to the double-loop pr...Reliability-based design optimization (RBDO) is intrinsically a double-loop procedure since it involves an overall optimization and an iterative reliability assessment at each search point. Due to the double-loop procedure, the computational expense of RBDO is normally very high. Current RBDO research focuses on problems with explicitly expressed performance functions and readily available gradients. This paper addresses a more challenging type of RBDO problem in which the performance functions are computation intensive. These computation intensive functions are often considered as a "black-box" and their gradients are not available or not reliable. On the basis of the reliable design space (RDS) concept proposed earlier by the authors, this paper proposes a Reliable Space Pursuing (RSP) approach, in which RDS is first identified and then gradually refined while optimization is performed. It fundamentally avoids the nested optimization and probabilistic assessment loop. Three well known RBDO problems from the literature are used for testing and demonstrating the effectiveness of the proposed RSP method.展开更多
Selection of test cases plays a key role in improving testing efficiency.Black-box testing is an important way of testing,and its validity lies on the selection of test cases in some sense.A reasonable and effective m...Selection of test cases plays a key role in improving testing efficiency.Black-box testing is an important way of testing,and its validity lies on the selection of test cases in some sense.A reasonable and effective method about the selection and generation of test cases is urgently needed.This letter first introduces some usualmethods on black-box test case generation,then proposes a new algorithm based on interface parameters and discusses its properties,finally shows the effectiveness of the algorithm.展开更多
Deep learning networks are widely used in various systems that require classification.However,deep learning networks are vulnerable to adversarial attacks.The study on adversarial attacks plays an important role in de...Deep learning networks are widely used in various systems that require classification.However,deep learning networks are vulnerable to adversarial attacks.The study on adversarial attacks plays an important role in defense.Black-box attacks require less knowledge about target models than white-box attacks do,which means black-box attacks are easier to launch and more valuable.However,the state-of-arts black-box attacks still suffer in low success rates and large visual distances between generative adversarial images and original images.This paper proposes a kind of fast black-box attack based on the cross-correlation(FBACC)method.The attack is carried out in two stages.In the first stage,an adversarial image,which would be missclassified as the target label,is generated by using gradient descending learning.By far the image may look a lot different than the original one.Then,in the second stage,visual quality keeps getting improved on the condition that the label keeps being missclassified.By using the cross-correlation method,the error of the smooth region is ignored,and the number of iterations is reduced.Compared with the proposed black-box adversarial attack methods,FBACC achieves a better fooling rate and fewer iterations.When attacking LeNet5 and AlexNet respectively,the fooling rates are 100%and 89.56%.When attacking them at the same time,the fooling rate is 69.78%.FBACC method also provides a new adversarial attack method for the study of defense against adversarial attacks.展开更多
The multiplicity distribution (P(nch)) of charged particles produced in a high energy collision is a key quantity to understand the mechanism of multiparticle production. This paper describes the novel application of ...The multiplicity distribution (P(nch)) of charged particles produced in a high energy collision is a key quantity to understand the mechanism of multiparticle production. This paper describes the novel application of an artificial neural network (ANN) black-box modeling approach based on the cascade correlation (CC) algorithm formulated to calculate and predict multiplicity distribution of proton-proton (antiproton) (PP and PP ) inelastic interactions full phase space at a wide range of center-mass of energy . In addition, the formulated cascade correlation neural network (CCNN) model is used to empirically calculate the average multiplicity distribution nch> as a function of . The CCNN model was designed based on available experimental data for = 30.4 GeV, 44.5 GeV, 52.6 GeV, 62.2 GeV, 200 GeV, 300 GeV, 540 GeV, 900 GeV, 1000 GeV, 1800 GeV, and 7 TeV. Our obtained empirical results for P(nch), as well as nch> for (PP and PP) collisions are compared with the corresponding theoretical ones which obtained from other models. This comparison shows a good agreement with the available experimental data (up to 7 TeV) and other theoretical ones. At full large hadron collider (LHC) energy ( = 14 TeV) we have predicted P(nch) and nch> which also, show a good agreement with different theoretical models.展开更多
This paper provides an overview of black-box rare-event simulation methods applicable to the safety testing of artificial intelligence agents.We explore the challenges and efficiency criteria in black-box simulation,e...This paper provides an overview of black-box rare-event simulation methods applicable to the safety testing of artificial intelligence agents.We explore the challenges and efficiency criteria in black-box simulation,especially emphasizing the subtle occurrence and control of underestimation errors.The paper reviews various adaptive methods,such as the cross-entropy method and adaptive multilevel splitting,highlighting both their empirical effectiveness and theoretical limitations.Additionally,it offers a comparative analysis of different confidence interval constructions for crude Monte Carlo methods,aiming to mitigate underestimation errors through effective uncertainty quantification.The paper concludes with a certifiable deep importance sampling approach,using deep neural networks to develop conservative estimators that address underestimation issues.展开更多
Wind power forecasting(WPF)is important for safe,stable,and reliable integration of new energy technologies into power systems.Machine learning(ML)algorithms have recently attracted increasing attention in the field o...Wind power forecasting(WPF)is important for safe,stable,and reliable integration of new energy technologies into power systems.Machine learning(ML)algorithms have recently attracted increasing attention in the field of WPF.However,opaque decisions and lack of trustworthiness of black-box models for WPF could cause scheduling risks.This study develops a method for identifying risky models in practical applications and avoiding the risks.First,a local interpretable model-agnostic explanations algorithm is introduced and improved for WPF model analysis.On that basis,a novel index is presented to quantify the level at which neural networks or other black-box models can trust features involved in training.Then,by revealing the operational mechanism for local samples,human interpretability of the black-box model is examined under different accuracies,time horizons,and seasons.This interpretability provides a basis for several technical routes for WPF from the viewpoint of the forecasting model.Moreover,further improvements in accuracy of WPF are explored by evaluating possibilities of using interpretable ML models that use multi-horizons global trust modeling and multi-seasons interpretable feature selection methods.Experimental results from a wind farm in China show that error can be robustly reduced.展开更多
Membership inference attacks on machine learning models have drawn significant attention.While current research primarily utilizes shadow modeling techniques,which require knowledge of the target model and training da...Membership inference attacks on machine learning models have drawn significant attention.While current research primarily utilizes shadow modeling techniques,which require knowledge of the target model and training data,practical scenarios involve black-box access to the target model with no available information.Limited training data further complicate the implementation of these attacks.In this paper,we experimentally compare common data enhancement schemes and propose a data synthesis framework based on the variational autoencoder generative adversarial network(VAE-GAN)to extend the training data for shadow models.Meanwhile,this paper proposes a shadow model training algorithm based on adversarial training to improve the shadow model's ability to mimic the predicted behavior of the target model when the target model's information is unknown.By conducting attack experiments on different models under the black-box access setting,this paper verifies the effectiveness of the VAE-GAN-based data synthesis framework for improving the accuracy of membership inference attack.Furthermore,we verify that the shadow model,trained by using the adversarial training approach,effectively improves the degree of mimicking the predicted behavior of the target model.Compared with existing research methods,the method proposed in this paper achieves a 2%improvement in attack accuracy and delivers better attack performance.展开更多
The popularity of small office and home office routers has brought convenience,but it also caused many security issues due to vulnerabilities.Black-box fuzzing through network protocols to discover vulnerabilities bec...The popularity of small office and home office routers has brought convenience,but it also caused many security issues due to vulnerabilities.Black-box fuzzing through network protocols to discover vulnerabilities becomes a viable option.The main drawbacks of state-of-the-art black-box fuzzers can be summarized as follows.First,the feedback process neglects to discover the mising felds in the raw message.Secondly,the guidance of the raw message content in the mutation process is aimless.Finally,the randomized validity of the test case structure can cause most fuzzing tests to end up with an invalid response of the tested device.To address these challenges,we propose a novel black-box fuzzing framework called MSL Fuzzer.MSL Fuzzer infers the raw message structure according to the response from a tested device and generates a message segment list.Furthermore,MSL Fuzzer performs semantic,sequence,and stability analyses on each message segment to enhance the complementation of missing fields in the raw message and guide the mutation process.We construct a dataset of 35 real-world vulnerabilities and evaluate MSL Fuzzer.The evaluation results show that MSL Fuzzer can find more vulnerabilities and elicit more types of responses from fuzzing targets.Additionally,MSL Fuzzer successfully discovered 10 previously unknown vulnerabilities.展开更多
基金supported by Natural Science and Engineering Research Council (NSERC) of Canada
文摘Reliability-based design optimization (RBDO) is intrinsically a double-loop procedure since it involves an overall optimization and an iterative reliability assessment at each search point. Due to the double-loop procedure, the computational expense of RBDO is normally very high. Current RBDO research focuses on problems with explicitly expressed performance functions and readily available gradients. This paper addresses a more challenging type of RBDO problem in which the performance functions are computation intensive. These computation intensive functions are often considered as a "black-box" and their gradients are not available or not reliable. On the basis of the reliable design space (RDS) concept proposed earlier by the authors, this paper proposes a Reliable Space Pursuing (RSP) approach, in which RDS is first identified and then gradually refined while optimization is performed. It fundamentally avoids the nested optimization and probabilistic assessment loop. Three well known RBDO problems from the literature are used for testing and demonstrating the effectiveness of the proposed RSP method.
基金the National Natural Science Foundation of China(NSFC)(60073012)Natural Science Foundation of Jiangsu(BK2001004)
文摘Selection of test cases plays a key role in improving testing efficiency.Black-box testing is an important way of testing,and its validity lies on the selection of test cases in some sense.A reasonable and effective method about the selection and generation of test cases is urgently needed.This letter first introduces some usualmethods on black-box test case generation,then proposes a new algorithm based on interface parameters and discusses its properties,finally shows the effectiveness of the algorithm.
基金This work is supported by the National Key R&D Program of China(2017YFB0802703)Research on the education mode for complicate skill students in new media with cross specialty integration(22150117092)+3 种基金Major Scientific and Technological Special Project of Guizhou Province(20183001)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ014)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ019)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ022).
文摘Deep learning networks are widely used in various systems that require classification.However,deep learning networks are vulnerable to adversarial attacks.The study on adversarial attacks plays an important role in defense.Black-box attacks require less knowledge about target models than white-box attacks do,which means black-box attacks are easier to launch and more valuable.However,the state-of-arts black-box attacks still suffer in low success rates and large visual distances between generative adversarial images and original images.This paper proposes a kind of fast black-box attack based on the cross-correlation(FBACC)method.The attack is carried out in two stages.In the first stage,an adversarial image,which would be missclassified as the target label,is generated by using gradient descending learning.By far the image may look a lot different than the original one.Then,in the second stage,visual quality keeps getting improved on the condition that the label keeps being missclassified.By using the cross-correlation method,the error of the smooth region is ignored,and the number of iterations is reduced.Compared with the proposed black-box adversarial attack methods,FBACC achieves a better fooling rate and fewer iterations.When attacking LeNet5 and AlexNet respectively,the fooling rates are 100%and 89.56%.When attacking them at the same time,the fooling rate is 69.78%.FBACC method also provides a new adversarial attack method for the study of defense against adversarial attacks.
文摘The multiplicity distribution (P(nch)) of charged particles produced in a high energy collision is a key quantity to understand the mechanism of multiparticle production. This paper describes the novel application of an artificial neural network (ANN) black-box modeling approach based on the cascade correlation (CC) algorithm formulated to calculate and predict multiplicity distribution of proton-proton (antiproton) (PP and PP ) inelastic interactions full phase space at a wide range of center-mass of energy . In addition, the formulated cascade correlation neural network (CCNN) model is used to empirically calculate the average multiplicity distribution nch> as a function of . The CCNN model was designed based on available experimental data for = 30.4 GeV, 44.5 GeV, 52.6 GeV, 62.2 GeV, 200 GeV, 300 GeV, 540 GeV, 900 GeV, 1000 GeV, 1800 GeV, and 7 TeV. Our obtained empirical results for P(nch), as well as nch> for (PP and PP) collisions are compared with the corresponding theoretical ones which obtained from other models. This comparison shows a good agreement with the available experimental data (up to 7 TeV) and other theoretical ones. At full large hadron collider (LHC) energy ( = 14 TeV) we have predicted P(nch) and nch> which also, show a good agreement with different theoretical models.
基金supported by the National Natural Science Foundation of China(No.72301195)the Shanghai Rising-Star Program(No.22YF1451100)the Fundamental Research Funds for the Central Universities.Henry Lam’s research is supported by the Columbia Innovation Hub Award,the InnoHK initiative,the Government of the HKSAR,and Laboratory for AI-Powered Financial Technologies.
文摘This paper provides an overview of black-box rare-event simulation methods applicable to the safety testing of artificial intelligence agents.We explore the challenges and efficiency criteria in black-box simulation,especially emphasizing the subtle occurrence and control of underestimation errors.The paper reviews various adaptive methods,such as the cross-entropy method and adaptive multilevel splitting,highlighting both their empirical effectiveness and theoretical limitations.Additionally,it offers a comparative analysis of different confidence interval constructions for crude Monte Carlo methods,aiming to mitigate underestimation errors through effective uncertainty quantification.The paper concludes with a certifiable deep importance sampling approach,using deep neural networks to develop conservative estimators that address underestimation issues.
基金supported by the National Key R&D Program of China(Technology and application of wind power/photovoltaic power prediction for promoting renewable energy consumption)under Grant(2018YFB0904200).
文摘Wind power forecasting(WPF)is important for safe,stable,and reliable integration of new energy technologies into power systems.Machine learning(ML)algorithms have recently attracted increasing attention in the field of WPF.However,opaque decisions and lack of trustworthiness of black-box models for WPF could cause scheduling risks.This study develops a method for identifying risky models in practical applications and avoiding the risks.First,a local interpretable model-agnostic explanations algorithm is introduced and improved for WPF model analysis.On that basis,a novel index is presented to quantify the level at which neural networks or other black-box models can trust features involved in training.Then,by revealing the operational mechanism for local samples,human interpretability of the black-box model is examined under different accuracies,time horizons,and seasons.This interpretability provides a basis for several technical routes for WPF from the viewpoint of the forecasting model.Moreover,further improvements in accuracy of WPF are explored by evaluating possibilities of using interpretable ML models that use multi-horizons global trust modeling and multi-seasons interpretable feature selection methods.Experimental results from a wind farm in China show that error can be robustly reduced.
文摘Membership inference attacks on machine learning models have drawn significant attention.While current research primarily utilizes shadow modeling techniques,which require knowledge of the target model and training data,practical scenarios involve black-box access to the target model with no available information.Limited training data further complicate the implementation of these attacks.In this paper,we experimentally compare common data enhancement schemes and propose a data synthesis framework based on the variational autoencoder generative adversarial network(VAE-GAN)to extend the training data for shadow models.Meanwhile,this paper proposes a shadow model training algorithm based on adversarial training to improve the shadow model's ability to mimic the predicted behavior of the target model when the target model's information is unknown.By conducting attack experiments on different models under the black-box access setting,this paper verifies the effectiveness of the VAE-GAN-based data synthesis framework for improving the accuracy of membership inference attack.Furthermore,we verify that the shadow model,trained by using the adversarial training approach,effectively improves the degree of mimicking the predicted behavior of the target model.Compared with existing research methods,the method proposed in this paper achieves a 2%improvement in attack accuracy and delivers better attack performance.
基金supported by the major project of Science and Technology Innovation 2030,"The next generation of Artificial Intelligence"under Grant Number 2021ZD0111400the Open project of the State Key Laboratory of Computer Architecture,Neural Network Enhanced Symbolic Execution Algorithm Research under Grant Number CARCH201910the Fundamental Research Fundsfor the Central Universities under Grant Number 3132018XNG1814 and 3132018XNG1815.
文摘The popularity of small office and home office routers has brought convenience,but it also caused many security issues due to vulnerabilities.Black-box fuzzing through network protocols to discover vulnerabilities becomes a viable option.The main drawbacks of state-of-the-art black-box fuzzers can be summarized as follows.First,the feedback process neglects to discover the mising felds in the raw message.Secondly,the guidance of the raw message content in the mutation process is aimless.Finally,the randomized validity of the test case structure can cause most fuzzing tests to end up with an invalid response of the tested device.To address these challenges,we propose a novel black-box fuzzing framework called MSL Fuzzer.MSL Fuzzer infers the raw message structure according to the response from a tested device and generates a message segment list.Furthermore,MSL Fuzzer performs semantic,sequence,and stability analyses on each message segment to enhance the complementation of missing fields in the raw message and guide the mutation process.We construct a dataset of 35 real-world vulnerabilities and evaluate MSL Fuzzer.The evaluation results show that MSL Fuzzer can find more vulnerabilities and elicit more types of responses from fuzzing targets.Additionally,MSL Fuzzer successfully discovered 10 previously unknown vulnerabilities.
