Publications

2024

1. 

   Deep-TROJ: An Inference Stage Trojan Insertion Algorithm through Efficient Weight Replacement Attack

   Sabbir Ahmed, Ranyang Zhou, Shaahin Angizi, and Adnan Siraj Rakin

   Computer Vision and Pattern Recognition Conference (CVPR) (yet to appear), 2024

   Abs

   To insert Trojan into a Deep Neural Network (DNN), the existing attack assumes the attacker can access the victim’s training facilities. However, a realistic threat model was recently developed by leveraging memory fault to inject Trojans at the inference stage. In this work, we develop a novel Trojan attack by adopting a unique memory fault injection technique that can inject bit-flip into the page table of the main memory. In the main memory, each weight block consists of a group of weights located at a specific address of a DRAM row. A bit-flip in the page frame number replaces a target weight block of a DNN model with another replacement weight block. To develop a successful Trojan attack leveraging this unique fault model, the attacker must solve three key challenges: i) how to identify a minimum set of target weight blocks to be modified? ii) how to identify the corresponding optimal replacement weight block? iii) how to optimize the trigger to maximize the attacker’s objective given a target and replacement weight block set? We address them by proposing a novel Deep-TROJ attack algorithm that can identify a minimum set of vulnerable target and corresponding replacement weight blocks while optimizing the trigger at the same time. We evaluate the performance of our proposed Deep-TROJ on CIFAR-10, CIFAR-100, and ImageNet dataset for fifteen different DNN architectures, including vision transformers. Proposed Deep-TROJ is the most successful one to date that does not require access to training facilities while successfully bypassing the existing defenses. Our code is available at https://github.com/ML-Security-Research-LAB/Deep-TROJ.

2023

1. 

   SSDA: Secure Source-Free Domain Adaptation

   Sabbir Ahmed, Abdullah Al Arafat, Mamshad Nayeem Rizvee, Rahim Hossain, and 2 more authors

   International Conference of Computer Vision (ICCV), 2023

   Abs HTML

   Source-free domain adaptation (SFDA) is a popular unsupervised domain adaptation method where a pre-trained model from a source domain is adapted to a target domain without accessing any source data. Despite rich results in this area, existing literature overlooks the security challenges of the unsupervised SFDA setting in presence of a malicious source domain owner. This work investigates the effect of a source adversary which may inject a hidden malicious behavior (Backdoor/Trojan) during source training and potentially transfer it to the target domain even after benign training by the victim (target domain owner). Our investigation of the current SFDA setting reveals that because of the unique challenges present in SFDA (e.g., no source data, target label), defending against backdoor attack using existing defenses become practically ineffective in protecting the target model. To address this, we propose a novel target domain protection scheme called secure source-free domain adaptation (SSDA). SSDA adopts a single-shot model compression of a pre-trained source model and a novel knowledge transfer scheme with a spectral-norm-based loss penalty for target training. The proposed static compression and the dynamic training loss penalty are designed to suppress the malicious channels responsive to the backdoor during the adaptation stage. At the same time, the knowledge transfer from an uncompressed auxiliary model helps to recover the benign test accuracy. Our extensive evaluation on multiple dataset and domain tasks against recent backdoor attacks reveal that the proposed SSDA can successfully defend against strong backdoor attacks with little to no degradation in test accuracy compared to the vulnerable baseline SFDA methods. Our code is available at https://github.com/ML-Security-Research-LAB/SSDA.

2. 

   On the Linearizing Effect of Temporal Averaging in Nonlinear Dynamical Systems

   Sabbir Ahmed, and Erfan Nozari

   In 2023 American Control Conference (ACC), 2023

2022

1. 

   On the Linearizing Effect of Spatial Averaging in Large-Scale Populations of Homogeneous Nonlinear Systems

   Sabbir Ahmed, and Erfan Nozari

   In 2022 IEEE 61st Conference on Decision and Control (CDC), 2022

   Abs HTML

   Understanding the dynamics resulting from large-scale populations of systems poses one of the greatest challenges ahead of modern science. While it is often expected that the emerging dynamics from such populations compound in complexity, we here show that, on the contrary, the aggregation of complex individual dynamics can in fact lead to simpler behavior overall. In particular, mounting empirical evidence from neuroscience and beyond has pointed out the linearity of macroscopic dynamics that result from the interaction of large populations of microscopic subsystems, despite the highly nonlinear dynamics possessed by the individual subsystems. Rigorous analyses and theoretical grounds for such observations, however, have remained lacking. In this paper, we develop a general theoretical framework showing that the average dynamics of a broad family of populations of nonlinear stochastic subsystems converge to linear time-varying (LTV) dynamics transiently and to linear time-invariant (LTI) dynamics in steady state. Simulations are provided to illustrate this effect in populations of static (feedforward) nonlinear maps as well as a wide range of nonlinear systems exhibiting bistable, limit cycle, and chaotic dynamics.

2021

1. 

   DFR-TSD: A deep learning based framework for robust traffic sign detection under challenging weather conditions

   Sabbir Ahmed, Uday Kamal, and Md Kamrul Hasan

   IEEE Transactions on Intelligent Transportation Systems (T-ITS), 2021

   Abs HTML

   Robust traffic sign detection and recognition (TSDR) is of paramount importance for the successful realization of autonomous vehicle technology. The importance of this task has led to vast amount of research efforts and many promising methods have been proposed in the existing literature. However, most of these methods have been evaluated on clean and challenge-free datasets and overlooked the performance deterioration associated with different challenging conditions (CCs) that obscure the traffic-sign images captured in the wild. In this paper, we look at the TSDR problem under CCs and focus on the performance degradation associated with them. To this end, we propose a Convolutional Neural Network (CNN) based prior enhancement focused TSDR framework. Our modular approach consists of a CNN-based challenge classifier, Enhance-Net–an encoder-decoder CNN architecture for image enhancement, and two separate CNN architectures for sign-detection and classification. We propose a novel training pipeline for Enhance-Net that focuses on the enhancement of the traffic sign regions (instead of the whole image) in the challenging images subject to their accurate detection. We used CURE-TSD dataset consisting of traffic videos captured under different CCs to evaluate the efficacy of our approach. We experimentally show that our method obtains an overall precision and recall of 91.1% and 70.71% that is 7.58% and 35.90% improvement in precision and recall, respectively, compared to the current benchmark. Furthermore, we compare our approach with different CNN-based TSDR methods and show that our approach outperforms them by a large margin.

2020

1. 

   Reconet: Multi-level preprocessing of chest x-rays for covid-19 detection using convolutional neural networks

   Sabbir Ahmed, Moi Hoon Yap, Maxine Tan, and Md Kamrul Hasan

   medrxiv, 2020

   Abs HTML

   Life-threatening COVID-19 detection from radiomic features has become a dire need of the present time for infection control and socio-economic crisis management around the world. In this paper, a novel convolutional neural network (CNN) architecture, ReCoNet (residual image-based COVID-19 detection network), is proposed for COVID-19 detection. This is achieved from chest X-ray (CXR) images shedding light on the preprocessing task considered to be very useful for enhancing the COVID-19 fingerprints. The proposed modular architecture consists of a CNN-based multi-level preprocessing filter block in cascade with a multi-layer CNN-based feature extractor and a classification block. A multi-task learning loss function is adopted for optimization of the preprocessing block trained end-to-end with the rest of the proposed network. Additionally, a data augmentation technique is applied for boosting the network performance. The whole network when pre-trained end-to-end on the CheXpert open source dataset, and trained and tested with the COVIDx dataset of 15,134 original CXR images yielded an overall benchmark accuracy, sensitivity, and specificity of 97.48%, 96.39%, and 97.53%, respectively. The immense potential of ReCoNet may be exploited in clinics for rapid and safe detection of COVID-19 globally, in particular in the low and middle income countries where RT-PCR labs and/or kits are in a serious crisis.