BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Chao Shen

Chao Shen contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Machine Learningeess.SPInformation Theorymath.ITCryptography and SecurityArtificial Intelligenceeess.SYMultimediaSystems and Controleess.ASSoftware EngineeringSoundComputer Visioncond-mat.mes-halleess.IVInformation Retrievalmath.STNeurons and Cognitionphysics.app-phQuantitative MethodsStatistics Theory

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
24works
0followers
21topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

24 published item(s)

preprint2026arXiv

CMTA: Leveraging Cross-Modal Temporal Artifacts for Generalizable AI-Generated Video Detection

The proliferation of advanced AI video synthesis techniques poses an unprecedented challenge to digital video authenticity. Existing AI-generated video (AIGV) detection methods primarily focus on uni-modal or spatiotemporal artifacts, but they overlook the rich cues within the visual-textual cross-modal space, especially the temporal stability of semantic alignment. In this work, we identify a distinctive fingerprint in AIGVs, termed cross-modal temporal artifact (CMTA). Unlike real videos that exhibit natural temporal fluctuations in cross-modal alignment due to semantic variations, AIGVs display unnaturally stable semantic trajectories governed by given input prompts. To bridge this gap, we propose the CMTA framework, a cross-modal detection approach that captures these unique temporal artifacts through joint cross-modal embedding and multi-grained temporal modeling. Specifically, CMTA leverages BLIP to generate frame-level image captions and utilizes CLIP to extract corresponding visual-textual representations. A coarse-grained temporal modeling branch is then designed to characterize temporal fluctuations in cross-modal alignment with a GRU. In parallel, a fine-grained branch is constructed to capture intricate inter-frame variations from integrated visual-textual features with a Transformer encoder. Extensive experiments on 40 subsets across four large-scale datasets, including GenVideo, EvalCrafter, VideoPhy, and VidProM, validate that our approach sets a new state-of-the-art while exhibiting superior cross-generator generalization. Code and models of CMTA will be released at https://github.com/hwang-cs-ime/CMTA

0 citations0 reviewsNo code linkedOpen access
preprint2026arXiv

Jailbreak-AudioBench: In-Depth Evaluation and Analysis of Jailbreak Threats for Large Audio Language Models

Large Language Models (LLMs) demonstrate impressive zero-shot performance across a wide range of natural language processing tasks. Integrating various modality encoders further expands their capabilities, giving rise to Multimodal Large Language Models (MLLMs) that process not only text but also visual and auditory modality inputs. However, these advanced capabilities may also pose significant safety problems, as models can be exploited to generate harmful or inappropriate content through jailbreak attacks. While prior work has extensively explored how manipulating textual or visual modality inputs can circumvent safeguards in LLMs and MLLMs, the vulnerability of audio-specific jailbreak on Large Audio-Language Models (LALMs) remains largely underexplored. To address this gap, we introduce Jailbreak-AudioBench, which consists of the Toolbox, curated Dataset, and comprehensive Benchmark. The Toolbox supports not only text-to-audio conversion but also various editing techniques for injecting audio hidden semantics. The curated Dataset provides diverse explicit and implicit jailbreak audio examples in both original and edited forms. Utilizing this dataset, we evaluate multiple state-of-the-art LALMs and establish the most comprehensive Jailbreak benchmark to date for audio modality. Finally, Jailbreak-AudioBench establishes a foundation for advancing future research on LALMs safety alignment by enabling the in-depth exposure of more powerful jailbreak threats, such as query-based audio editing, and by facilitating the development of effective defense mechanisms.

0 citations0 reviewsNo code linkedOpen access
preprint2026arXiv

LLM-DMD: Large Language Model-based Power System Dynamic Model Discovery

Current model structural discovery methods for power system dynamics impose rigid priors on the basis functions and variable sets of dynamic models while often neglecting algebraic constraints, thereby limiting the formulation of high-fidelity models required for precise simulation and analysis. This letter presents a novel large language model (LLM)-based framework for dynamic model discovery (LLM-DMD) which integrates the reasoning and code synthesis capabilities of LLMs to discover dynamic equations and enforce algebraic constraints through two sequential loops: the differential-equation loop that identifies state dynamics and associated variables, and the algebraic-equation loop that formulates algebraic constraints on the identified algebraic variables. In each loop, executable skeletons of power system dynamic equations are generated by the LLM-based agent and evaluated via gradient-based optimizer. Candidate models are stored in an island-based archive to guide future iterations, and evaluation stagnation activates a variable extension mechanism that augments the model with missing algebraic or input variables, such as stator currents to refine the model. Validation on synchronous generator benchmarks of the IEEE 39-bus system demonstrates the superiority of LLM-DMD in complete dynamic model discovery.

0 citations0 reviewsNo code linkedOpen access
preprint2026arXiv

OptArgus: A Multi-Agent System to Detect Hallucinations in LLM-based Optimization Modeling

Large language models (LLMs) are increasingly used to translate natural-language optimization problems into mathematical formulations and solver code, but matching the reference objective value is not a reliable test of correctness: an artifact may agree numerically while still changing the underlying optimization semantics. We formulate this issue as \emph{optimization-modeling hallucination detection}, namely structural consistency auditing over the problem description, symbolic model, and solver implementation. We develop, to our knowledge, the first fine-grained hallucination taxonomy specifically for optimization modeling, spanning objective, variable, constraint, and implementation failures. We use this taxonomy to design OptArgus, a multi-agent detector with conductor routing, specialist auditors, and evidence consolidation. To evaluate this setting, we introduce a three-part benchmark suite with $484$ clean artifacts, $1266$ controlled injected artifacts, and $6292$ natural LLM-generated artifacts. Against a matched single-agent baseline, OptArgus produces fewer false alarms on clean artifacts, more accurate top-ranked localization on controlled single-error cases, and stronger detection on natural model outputs. Together, these contributions turn optimization-modeling hallucination detection into a concrete empirical problem and suggest that modular, taxonomy-grounded auditing is a practical route to more reliable optimization modeling.

0 citations0 reviewsNo code linkedOpen access
preprint2026arXiv

PEMNet: Towards Autonomous and Enhanced Environment-Aware Mobile Networks

With 5G deployment and the evolution toward 6G, mobile networks must make decisions in highly dynamic environments under strict latency, energy, and spectrum constraints. Achieving this goal, however, depends on prior knowledge of spatial-temporal variations in wireless channels and traffic demands. This motivates a joint, site-specific representation of radio propagation and user demand that is queryable at low online overhead. In this work, we propose the perception embedding map (PEM), a localized framework that embeds fine-grained channel statistics together with grid-level spatial-temporal traffic patterns over a base station's coverage. PEM is built from standard-compliant measurements -- such as measurement report and scheduling/quality-of-service logs -- so it can be deployed and maintained at scale with low cost. Integrated into PEM, this joint knowledge supports enhanced environment-aware optimization across PHY, MAC, and network layers while substantially reducing training overhead and signaling. Compared with existing site-specific channel maps and digital-twin replicas, PEM distinctively emphasizes (i) joint channel-traffic embedding, which is essential for network optimization, and (ii) practical construction using standard measurements, enabling network autonomy while striking a favorable fidelity-cost balance.

0 citations0 reviewsNo code linkedOpen access
preprint2025arXiv

SyncGait: Robust Long-Distance Authentication for Drone Delivery via Implicit Gait Behaviors

In recent years, drone delivery, which utilizes unmanned aerial vehicles (UAVs) for package delivery and pickup, has gradually emerged as a crucial method in logistics. Since delivery drones are expensive and may carry valuable packages, they must maintain a safe distance from individuals until user-drone mutual authentication is confirmed. Despite numerous authentication schemes being developed, existing solutions are limited in authentication distance and lack resilience against sophisticated attacks. To this end, we introduce SyncGait, an implicit gait-based mutual authentication system for drone delivery. SyncGait leverages the user's unique arm swing as he walks toward the drone to achieve mutual authentication without requiring additional hardware or specific authentication actions. We conducted extensive experiments on 14 datasets collected from 31 subjects. The results demonstrate that SyncGait achieves an average accuracy of 99.84\% at a long distance ($>18m$) and exhibits strong resilience against various spoofing attacks, making it a robust, secure, and user-friendly solution in real-world scenarios.

0 citations0 reviewsNo code linkedOpen access
preprint2023arXiv

DREAM: Debugging and Repairing AutoML Pipelines

Deep Learning models have become an integrated component of modern software systems. In response to the challenge of model design, researchers proposed Automated Machine Learning (AutoML) systems, which automatically search for model architecture and hyperparameters for a given task. Like other software systems, existing AutoML systems suffer from bugs. We identify two common and severe bugs in AutoML, performance bug (i.e., searching for the desired model takes an unreasonably long time) and ineffective search bug (i.e., AutoML systems are not able to find an accurate enough model). After analyzing the workflow of AutoML, we observe that existing AutoML systems overlook potential opportunities in search space, search method, and search feedback, which results in performance and ineffective search bugs. Based on our analysis, we design and implement DREAM, an automatic debugging and repairing system for AutoML systems. It monitors the process of AutoML to collect detailed feedback and automatically repairs bugs by expanding search space and leveraging a feedback-driven search strategy. Our evaluation results show that DREAM can effectively and efficiently repair AutoML bugs.

0 citations0 reviewsNo code linkedOpen access
preprint2023arXiv

Energy-optimal Three-dimensional Path-following Control of Autonomous Underwater Vehicles under Ocean Currents

This paper presents a three-dimensional (3D) energy-optimal path-following control design for autonomous underwater vehicles subject to ocean currents. The proposed approach has a two-stage control architecture consisting of the setpoint computation and the setpoint tracking. In the first stage, the surge velocity, heave velocity, and pitch angle setpoints are optimized by minimizing the required vehicle propulsion energy under currents, and the line-of-sight (LOS) guidance law is used to generate the yaw angle setpoint that ensures path following. In the second stage, two model predictive controllers are designed to control the vehicle motion in the horizontal and vertical planes by tracking the optimal setpoints. The proposed controller is compared with a conventional LOS-based control that maintains zero heave velocity relative to the current (i.e., relative heave velocity) and derives pitch angle setpoint using LOS guidance to reach the desired depth. Through simulations, we show that the proposed approach can achieve more than 13% energy saving on a lawnmower-type and an inspection mission under different ocean current conditions. The simulation results demonstrate that allowing motions with non-zero relative heave velocity improves energy efficiency in 3D path-following applications.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

All-electrical switching of a topological non-collinear antiferromagnet at room temperature

Non-collinear antiferromagnetic Weyl semimetals, combining the advantages of a zero stray field and ultrafast spin dynamics as well as a large anomalous Hall effect and the chiral anomaly of Weyl fermions, have attracted extensive interests. However, the all-electrical control of such systems at room temperature, a crucial step toward practical applications, has not been reported. Here using a small writing current of around 5*10^{6} A/cm^{2}, we realize the all-electrical current-induced deterministic switching of the non-collinear antiferromagnet Mn3Sn with a strong readout signal at room temperature in the Si/SiO2/Mn3Sn/AlOx structure, without external magnetic field and injected spin current. Our simulations reveal that the switching is originated from the current-induced intrinsic non-collinear spin-orbit torques in Mn3Sn itself. Our findings pave the way for the development of topological antiferromagnetic spintronics.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Block-Level Interference Exploitation Precoding without Symbol-by-Symbol Optimization

Symbol-level precoding (SLP) based on the concept of constructive interference (CI) is shown to be superior to traditional block-level precoding (BLP), however at the cost of a symbol-by-symbol optimization during the precoding design. In this paper, we propose a CI-based block-level precoding (CI-BLP) scheme for the downlink transmission of a multi-user multiple-input single-output (MU-MISO) communication system, where we design a constant precoding matrix to a block of symbol slots to exploit CI for each symbol slot simultaneously. A single optimization problem is formulated to maximize the minimum CI effect over the entire block, thus reducing the computational cost of traditional SLP as the optimization problem only needs to be solved once per block. By leveraging the Karush-Kuhn-Tucker (KKT) conditions and the dual problem formulation, the original optimization problem is finally shown to be equivalent to a quadratic programming (QP) over a simplex. Numerical results validate our derivations and exhibit superior performance for the proposed CI-BLP scheme over traditional BLP and SLP methods, thanks to the relaxed block-level power constraint.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?

Deep Neural Networks are well known to be vulnerable to adversarial attacks and backdoor attacks, where minor modifications on the input are able to mislead the models to give wrong results. Although defenses against adversarial attacks have been widely studied, investigation on mitigating backdoor attacks is still at an early stage. It is unknown whether there are any connections and common characteristics between the defenses against these two attacks. We conduct comprehensive studies on the connections between adversarial examples and backdoor examples of Deep Neural Networks to seek to answer the question: can we detect backdoor using adversarial detection methods. Our insights are based on the observation that both adversarial examples and backdoor examples have anomalies during the inference process, highly distinguishable from benign samples. As a result, we revise four existing adversarial defense methods for detecting backdoor examples. Extensive evaluations indicate that these approaches provide reliable protection against backdoor attacks, with a higher accuracy than detecting adversarial examples. These solutions also reveal the relations of adversarial examples, backdoor examples and normal samples in model sensitivity, activation space and feature space. This is able to enhance our understanding about the inherent features of these two attacks and the defense opportunities.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Covert Beamforming Design for Integrated Radar Sensing and Communication Systems

We propose covert beamforming design frameworks for integrated radar sensing and communication (IRSC) systems, where the radar can covertly communicate with legitimate users under the cover of the probing waveforms without being detected by the eavesdropper. Specifically, by jointly designing the target detection beamformer and communication beamformer, we aim to maximize the radar detection mutual information (MI) (or the communication rate) subject to the covert constraint, the communication rate constraint (or the radar detection MI constraint), and the total power constraint. For the perfect eavesdropper's channel state information (CSI) scenario, we transform the covert beamforming design problems into a series of convex subproblems, by exploiting semidefinite relaxation, which can be solved via the bisection search method. Considering the high complexity of iterative optimization, we further propose a single-iterative covert beamformer design scheme based on the zero-forcing criterion. For the imperfect eavesdropper's CSI scenario, we develop a relaxation and restriction method to tackle the robust covert beamforming design problems. Simulation results demonstrate the effectiveness of the proposed covert beamforming schemes for perfect and imperfect CSI scenarios.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

FairNeuron: Improving Deep Neural Network Fairness with Adversary Games on Selective Neurons

With Deep Neural Network (DNN) being integrated into a growing number of critical systems with far-reaching impacts on society, there are increasing concerns on their ethical performance, such as fairness. Unfortunately, model fairness and accuracy in many cases are contradictory goals to optimize. To solve this issue, there has been a number of work trying to improve model fairness by using an adversarial game in model level. This approach introduces an adversary that evaluates the fairness of a model besides its prediction accuracy on the main task, and performs joint-optimization to achieve a balanced result. In this paper, we noticed that when performing backward propagation based training, such contradictory phenomenon has shown on individual neuron level. Based on this observation, we propose FairNeuron, a DNN model automatic repairing tool, to mitigate fairness concerns and balance the accuracy-fairness trade-off without introducing another model. It works on detecting neurons with contradictory optimization directions from accuracy and fairness training goals, and achieving a trade-off by selective dropout. Comparing with state-of-the-art methods, our approach is lightweight, making it scalable and more efficient. Our evaluation on 3 datasets shows that FairNeuron can effectively improve all models' fairness while maintaining a stable utility.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Robust Beamforming Design for IRS-Aided URLLC in D2D Networks

Intelligent reflecting surface (IRS) and device-to-device (D2D) communication are two promising technologies for improving transmission reliability between transceivers in communication systems. In this paper, we consider the design of reliable communication between the access point (AP) and actuators for a downlink multiuser multiple-input single-output (MISO) system in the industrial IoT (IIoT) scenario. We propose a two-stage protocol combining IRS with D2D communication so that all actuators can successfully receive the message from AP within a given delay. The superiority of the protocol is that the communication reliability between AP and actuators is doubly augmented by the IRS-aided first-stage transmission and the second-stage D2D transmission. A joint optimization problem of active and passive beamforming is formulated, which aims to maximize the number of actuators with successful decoding. We study the joint beamforming problem for cases where the channel state information (CSI) is perfect and imperfect. For each case, we develop efficient algorithms that include convergence and complexity analysis. Simulation results demonstrate the necessity and role of IRS with a well-optimized reflection matrix, and the D2D network in promoting reliable communication. Moreover, the proposed protocol can enable reliable communication even in the presence of stringent latency requirements and CSI estimation errors.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Scalability and robustness of spectral embedding: landmark diffusion is all you need

While spectral embedding is a widely applied dimension reduction technique in various fields, so far it is still challenging to make it scalable to handle ``big data''. On the other hand, the robustness property is less explored and there exists only limited theoretical results. Motivated by the need of handling such data, recently we proposed a novel spectral embedding algorithm, which we coined Robust and Scalable Embedding via Landmark Diffusion (ROSELAND). In short, we measure the affinity between two points via a set of landmarks, which is composed of a small number of points, and ``diffuse'' on the dataset via the landmark set to achieve a spectral embedding. Roseland can be viewed as a generalization of the commonly applied spectral embedding algorithm, the diffusion map (DM), in the sense that it shares various properties of DM. In this paper, we show that Roseland is not only numerically scalable, but also preserves the geometric properties via its diffusion nature under the manifold setup; that is, we theoretically explore the asymptotic behavior of Roseland under the manifold setup, including handling the U-statistics-like quantities, and provide a $L^\infty$ spectral convergence with a rate. Moreover, we offer a high dimensional noise analysis and show that Roseland is robust to noise. We also compare Roseland with other existing algorithms with numerical simulations.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Teacher Model Fingerprinting Attacks Against Transfer Learning

Transfer learning has become a common solution to address training data scarcity in practice. It trains a specified student model by reusing or fine-tuning early layers of a well-trained teacher model that is usually publicly available. However, besides utility improvement, the transferred public knowledge also brings potential threats to model confidentiality, and even further raises other security and privacy issues. In this paper, we present the first comprehensive investigation of the teacher model exposure threat in the transfer learning context, aiming to gain a deeper insight into the tension between public knowledge and model confidentiality. To this end, we propose a teacher model fingerprinting attack to infer the origin of a student model, i.e., the teacher model it transfers from. Specifically, we propose a novel optimization-based method to carefully generate queries to probe the student model to realize our attack. Unlike existing model reverse engineering approaches, our proposed fingerprinting method neither relies on fine-grained model outputs, e.g., posteriors, nor auxiliary information of the model architecture or training dataset. We systematically evaluate the effectiveness of our proposed attack. The empirical results demonstrate that our attack can accurately identify the model origin with few probing queries. Moreover, we show that the proposed attack can serve as a stepping stone to facilitating other attacks against machine learning models, such as model stealing.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Unify Local and Global Information for Top-$N$ Recommendation

Knowledge graph (KG), integrating complex information and containing rich semantics, is widely considered as side information to enhance the recommendation systems. However, most of the existing KG-based methods concentrate on encoding the structural information in the graph, without utilizing the collaborative signals in user-item interaction data, which are important for understanding user preferences. Therefore, the representations learned by these models are insufficient for representing semantic information of users and items in the recommendation environment. The combination of both kinds of data provides a good chance to solve this problem. To tackle this research gap, we propose a novel duet representation learning framework named \sysname to fuse local information (user-item interaction data) and global information (external knowledge graph) for the top-$N$ recommendation, which is composed of two separate sub-models. One learns the local representations by discovering the inner correlations in local information with a knowledge-aware co-attention mechanism, and another learns the global representations by encoding the knowledge associations in global information with a relation-aware attention network. The two sub-models are jointly trained as part of the semantic fusion network to compute the user preferences, which discriminates the contribution of the two sub-models under the special context. We conduct experiments on two real-world datasets, and the evaluations show that KADM significantly outperforms state-of-art methods. Further ablation studies confirm that the duet architecture performs significantly better than either sub-model on the recommendation tasks.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

WaveFuzz: A Clean-Label Poisoning Attack to Protect Your Voice

People are not always receptive to their voice data being collected and misused. Training the audio intelligence systems needs these data to build useful features, but the cost for getting permissions or purchasing data is very high, which inevitably encourages hackers to collect these voice data without people's awareness. To discourage the hackers from proactively collecting people's voice data, we are the first to propose a clean-label poisoning attack, called WaveFuzz, which can prevent intelligence audio models from building useful features from protected (poisoned) voice data but still preserve the semantic information to the humans. Specifically, WaveFuzz perturbs the voice data to cause Mel Frequency Cepstral Coefficients (MFCC) (typical representations of audio signals) to generate the poisoned frequency features. These poisoned features are then fed to audio prediction models, which degrades the performance of audio intelligence systems. Empirically, we show the efficacy of WaveFuzz by attacking two representative types of intelligent audio systems, i.e., speaker recognition system (SR) and speech command recognition system (SCR). For example, the accuracies of models are declined by $19.78\%$ when only $10\%$ of the poisoned voice data is to fine-tune models, and the accuracies of models declined by $6.07\%$ when only $10\%$ of the training voice data is poisoned. Consequently, WaveFuzz is an effective technique that enables people to fight back to protect their own voice data, which sheds new light on ameliorating privacy issues.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Multi-Agent Deep Reinforcement Learning for HVAC Control in Commercial Buildings

In commercial buildings, about 40%-50% of the total electricity consumption is attributed to Heating, Ventilation, and Air Conditioning (HVAC) systems, which places an economic burden on building operators. In this paper, we intend to minimize the energy cost of an HVAC system in a multi-zone commercial building under dynamic pricing with the consideration of random zone occupancy, thermal comfort, and indoor air quality comfort. Due to the existence of unknown thermal dynamics models, parameter uncertainties (e.g., outdoor temperature, electricity price, and number of occupants), spatially and temporally coupled constraints associated with indoor temperature and CO2 concentration, a large discrete solution space, and a non-convex and non-separable objective function, it is very challenging to achieve the above aim. To this end, the above energy cost minimization problem is reformulated as a Markov game. Then, an HVAC control algorithm is proposed to solve the Markov game based on multi-agent deep reinforcement learning with attention mechanism. The proposed algorithm does not require any prior knowledge of uncertain parameters and can operate without knowing building thermal dynamics models. Simulation results based on real-world traces show the effectiveness, robustness and scalability of the proposed algorithm.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Optimal Resource Allocation for Delay Minimization in NOMA-MEC Networks

Multi-access edge computing (MEC) can enhance the computing capability of mobile devices, while non-orthogonal multiple access (NOMA) can provide high data rates. Combining these two strategies can effectively benefit the network with spectrum and energy efficiency. In this paper, we investigate the task delay minimization in multi-user NOMA-MEC networks, where multiple users can offload their tasks simultaneously through the same frequency band. We adopt the partial offloading policy, in which each user can partition its computation task into offloading and locally computing parts. We aim to minimize the task delay among users by optimizing their tasks partition ratios and offloading transmit power. The delay minimization problem is first formulated, and it is shown that it is a nonconvex one. By carefully investigating its structure, we transform the original problem into an equivalent quasi-convex. In this way, a bisection search iterative algorithm is proposed in order to achieve the minimum task delay. To reduce the complexity of the proposed algorithm and evaluate its optimality, we further derive closed-form expressions for the optimal task partition ratio and offloading power for the case of two-user NOMA-MEC networks. Simulations demonstrate the convergence and optimality of the proposed algorithm and the effectiveness of the closed-form analysis.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Optimizing Privacy-Preserving Outsourced Convolutional Neural Network Predictions

Convolutional neural network is a machine-learning model widely applied in various prediction tasks, such as computer vision and medical image analysis. Their great predictive power requires extensive computation, which encourages model owners to host the prediction service in a cloud platform. Recent researches focus on the privacy of the query and results, but they do not provide model privacy against the model-hosting server and may leak partial information about the results. Some of them further require frequent interactions with the querier or heavy computation overheads, which discourages querier from using the prediction service. This paper proposes a new scheme for privacy-preserving neural network prediction in the outsourced setting, i.e., the server cannot learn the query, (intermediate) results, and the model. Similar to SecureML (S&P'17), a representative work that provides model privacy, we leverage two non-colluding servers with secret sharing and triplet generation to minimize the usage of heavyweight cryptography. Further, we adopt asynchronous computation to improve the throughput, and design garbled circuits for the non-polynomial activation function to keep the same accuracy as the underlying network (instead of approximating it). Our experiments on MNIST dataset show that our scheme achieves an average of 122x, 14.63x, and 36.69x reduction in latency compared to SecureML, MiniONN (CCS'17), and EzPC (EuroS&P'19), respectively. For the communication costs, our scheme outperforms SecureML by 1.09x, MiniONN by 36.69x, and EzPC by 31.32x on average. On the CIFAR dataset, our scheme achieves a lower latency by a factor of 7.14x and 3.48x compared to MiniONN and EzPC, respectively. Our scheme also provides 13.88x and 77.46x lower communication costs than MiniONN and EzPC on the CIFAR dataset.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Robust URLLC Packet Scheduling of OFDM Systems

In this paper, we consider the power minimization problem of joint physical resource block (PRB) assignment and transmit power allocation under specified delay and reliability requirements for ultra-reliable and low-latency communication (URLLC) in downlink cellular orthogonal frequency-division multiple-access (OFDMA) system. To be more practical, only the imperfect channel state information (CSI) is assumed to be available at the base station (BS). The formulated problem is a combinatorial and mixed-integer nonconvex problem and is difficult to tackle. Through techniques of slack variables introduction, the first-order Taylor approximation and reweighted $\ell_1$-norm, we approximate it by a convex problem and the successive convex approximation (SCA) based iterative algorithm is proposed to yield sub-optimal solutions. Numerical results provide some insights into the impact of channel estimation error, user number, the allowable maximum delay and packet error probability on the required system sum power.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Shielding Collaborative Learning: Mitigating Poisoning Attacks through Client-Side Detection

Collaborative learning allows multiple clients to train a joint model without sharing their data with each other. Each client performs training locally and then submits the model updates to a central server for aggregation. Since the server has no visibility into the process of generating the updates, collaborative learning is vulnerable to poisoning attacks where a malicious client can generate a poisoned update to introduce backdoor functionality to the joint model. The existing solutions for detecting poisoned updates, however, fail to defend against the recently proposed attacks, especially in the non-IID setting. In this paper, we present a novel defense scheme to detect anomalous updates in both IID and non-IID settings. Our key idea is to realize client-side cross-validation, where each update is evaluated over other clients' local data. The server will adjust the weights of the updates based on the evaluation results when performing aggregation. To adapt to the unbalanced distribution of data in the non-IID setting, a dynamic client allocation mechanism is designed to assign detection tasks to the most suitable clients. During the detection process, we also protect the client-level privacy to prevent malicious clients from stealing the training data of other clients, by integrating differential privacy with our design without degrading the detection performance. Our experimental evaluations on two real-world datasets show that our scheme is significantly robust to two representative poisoning attacks.

0 citations0 reviewsNo code linkedOpen access
preprint2019arXiv

Can a composite heart rate variability biomarker shed new insights about autism spectrum disorder in school-aged children?

High-frequency heart rate variability (HRV) has identified parasympathetic nervous system alterations in autism spectrum disorder (ASD). In a cohort of school-aged children with and without ASD, we test a set of alternative linear and nonlinear HRV measures, including phase rectified signal averaging, applied to a segment of resting ECG, for associations with ASD vs. other psychiatric conditions. Using machine learning, we identify HRV measures derived from time, frequency, and geometric signal-analytical domains that (1) identify children with ASD relative to peers with receiver operating curve area of .89, and (2) differentiate such children from those with conduct problems or depression. Despite the small cohort and lack of prospective external validation, these preliminary results warrant larger prospective validation studies.

0 citations0 reviewsNo code linkedOpen access