BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Yun Shen

Yun Shen contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Securityphysics.opticsMachine LearningArtificial Intelligencecs.CYeess.SPmath.PRNetworking and Internet Architecturephysics.plasm-ph

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
12works
0followers
9topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

12 published item(s)

preprint2023arXiv

Backdoor Attacks Against Dataset Distillation

Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.

0 citations0 reviewsNo code linkedOpen access
preprint2023arXiv

One Size Does not Fit All: Quantifying the Risk of Malicious App Encounters for Different Android User Profiles

Previous work has investigated the particularities of security practices within specific user communities defined based on country of origin, age, prior tech abuse, and economic status. Their results highlight that current security solutions that adopt a one-size-fits-all-users approach ignore the differences and needs of particular user communities. However, those works focus on a single community or cluster users into hard-to-interpret sub-populations. In this work, we perform a large-scale quantitative analysis of the risk of encountering malware and other potentially unwanted applications (PUA) across user communities. At the core of our study is a dataset of app installation logs collected from 12M Android mobile devices. Leveraging user-installed apps, we define intuitive profiles based on users' interests (e.g., gamers and investors), and fit a subset of 5.4M devices to those profiles. Our analysis is structured in three parts. First, we perform risk analysis on the whole population to measure how the risk of malicious app encounters is affected by different factors. Next, we create different profiles to investigate whether risk differences across users may be due to their interests. Finally, we compare a per-profile approach for classifying clean and infected devices with the classical approach that considers the whole population. We observe that features such as the diversity of the app signers and the use of alternative markets highly correlate with the risk of malicious app encounters. We also discover that some profiles such as gamers and social-media users are exposed to more than twice the risks experienced by the average users. We also show that the classification outcome has a marked accuracy improvement when using a per-profile approach to train the prediction models. Overall, our results confirm the inadequacy of one-size-fits-all protection solutions.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Cerberus: Exploring Federated Prediction of Security Events

Modern defenses against cyberattacks increasingly rely on proactive approaches, e.g., to predict the adversary's next actions based on past events. Building accurate prediction models requires knowledge from many organizations; alas, this entails disclosing sensitive information, such as network structures, security postures, and policies, which might often be undesirable or outright impossible. In this paper, we explore the feasibility of using Federated Learning (FL) to predict future security events. To this end, we introduce Cerberus, a system enabling collaborative training of Recurrent Neural Network (RNN) models for participating organizations. The intuition is that FL could potentially offer a middle-ground between the non-private approach where the training data is pooled at a central server and the low-utility alternative of only training local models. We instantiate Cerberus on a dataset obtained from a major security company's intrusion prevention product and evaluate it vis-a-vis utility, robustness, and privacy, as well as how participants contribute to and benefit from the system. Overall, our work sheds light on both the positive aspects and the challenges of using FL for this task and paves the way for deploying federated approaches to predictive security.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Finding MNEMON: Reviving Memories of Node Embeddings

Previous security research efforts orbiting around graphs have been exclusively focusing on either (de-)anonymizing the graphs or understanding the security and privacy issues of graph neural networks. Little attention has been paid to understand the privacy risks of integrating the output from graph embedding models (e.g., node embeddings) with complex downstream machine learning pipelines. In this paper, we fill this gap and propose a novel model-agnostic graph recovery attack that exploits the implicit graph structural information preserved in the embeddings of graph nodes. We show that an adversary can recover edges with decent accuracy by only gaining access to the node embedding matrix of the original graph without interactions with the node embedding models. We demonstrate the effectiveness and applicability of our graph recovery attack through extensive experiments.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Realization of a photonic topological insulator in Kagome crystals at terahertz wavelengths

Topological systems are inherently robust to disorder and continuous perturbations, resulting in dissipation-free edge transport of electrons in quantum solids, or reflectionless guiding of photons and phonons in classical wave systems characterized by topological invariants. Despite considerable efforts, direct experimental demonstration of theoretically predicted robust, lossless energy transport in topological insulators operating at terahertz frequencies is needed further investigations to shed affirmative light on the unique properties enabled by topological protection. Here, we introduce Kagome lattice that exhibits a new class of symmetry-protected topological phases with very low Berry curvature but nontrivial bulk polarization, and fabricate an optical topological insulator that provide the valley hall effect. Theoretical analysis show that four type edge states can be obtained. Measurements of THz-TDs with high time-resolution demonstrate that terahertz wave propagating along the straight topological edge and Z-shape edge with sharp turns have almost same high transmission in 0.440 THz to 0.457 THz domain range. Those results quantitatively illustrate the suppression of backscattering due to the non-trivial topology of the structure. The THz-TDs measurement yields amplitude and phase information, showing significant advantage compared to general broadband infrared, single wavelength continuous-wave THz measurements and visible spectroscopy. It allows further exploration of the effective refractive index, group velocity and dispersion relations of edge states. Our work offers possibilities for advanced control of the propagation and manipulation of THz waves, and facilitates the applications including sixth-generation (6G) wireless communication, terahertz integrated circuits, and interconnects for intrachip and interchip communication.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Realization of broadband index-near-zero modes in nonreciprocal magneto-optical heterostructures

Epsilon-near-zero (ENZ) metamaterial with the relative permittivity approaching zero has been a hot research subject in the past decades. The wave in the ENZ region has infinite phase velocity ($v=1/\sqrt{\varepsilonμ}$), whereas it cannot efficiently travel into the other devices or air due to the impedance mismatch or near-zero group velocity. In this paper, we demonstrate that the tunable index-near-zero (INZ) modes with vanishing wavenumbers ($k=0$) and nonzero group velocities ($v_\mathrm{g} \neq 0$) can be achieved in nonreciprocal magneto-optical systems. This kind of INZ modes has been experimentally demonstrated in the photonic crystals at Dirac point frequencies and that impedance-matching effect has been observed as well. Our theoretical analysis reveals that the INZ modes exhibit tunability when changing the parameter of the one-way (nonreciprocal) waveguides. Moreover, owing to the zero-phase-shift characteristic and decreasing $v_\mathrm{g}$ of the INZ modes, several perfect optical buffers (POBs) are proposed in the microwave and terahertz regimes. The theoretical results are further verified by the numerical simulations performed by the finite element method. Our findings may open the new avenues for research in the areas of ultra -strong or -fast nonlinearity, perfect cloaking, high-resolution holographic imaging and wireless communications.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Machine-learning-enabled vectorial opto-magnetization orientation

Manipulation of light-induced magnetization has become a fundamentally hot topic with a potentially high impact for atom trapping, confocal and magnetic resonance microscopy, and data storage. The control of the magnetization orientation mainly relies on the direct methods composed of amplitude, phase and polarization modulations of the incident light under the tight focusing condition, leaving the achievement of arbitrary desirable three-dimensional (3D) magnetization orientation complicated, inflexible and inefficient. Here, we propose a facile approach called machine learning inverse design to achieve expected vectorial opto-magnetization orientation. This pathway is time-efficient and accurate to produce the demanded incident beam for arbitrary prescribed 3D magnetization orientation. It is highlighted that the machine learning method is not only applied for magnetization orientations, but also widely used in the control of magnetization structures.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Node-Level Membership Inference Attacks Against Graph Neural Networks

Many real-world data comes in the form of graphs, such as social networks and protein structure. To fully utilize the information contained in graph data, a new family of machine learning (ML) models, namely graph neural networks (GNNs), has been introduced. Previous studies have shown that machine learning models are vulnerable to privacy attacks. However, most of the current efforts concentrate on ML models trained on data from the Euclidean space, like images and texts. On the other hand, privacy risks stemming from GNNs remain largely unstudied. In this paper, we fill the gap by performing the first comprehensive analysis of node-level membership inference attacks against GNNs. We systematically define the threat models and propose three node-level membership inference attacks based on an adversary's background knowledge. Our evaluation on three GNN structures and four benchmark datasets shows that GNNs are vulnerable to node-level membership inference even when the adversary has minimal background knowledge. Besides, we show that graph density and feature similarity have a major impact on the attack's success. We further investigate two defense mechanisms and the empirical results indicate that these defenses can reduce the attack performance but with moderate utility loss.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Realization of broadband truly rainbow trapping in gradient-index heterostructures

Unidirectionally propagating waves (UPW) such as topologically protected edge modes and surface magnetoplasmons (SMPs) has been a research hotspot in the last decades. In the study of UPW, metals are usually treated as perfect electric conductors (PECs) which, in general, are the boundary conditions. However, it was reported that the transverse resonance condition induced by the PEC wall(s) may significantly narrow up the complete one-way propagation (COWP) band. In this paper, we propose two ways to achieve ultra-broadband one-way waveguide in terahertz regime. The first way is utilizing the epsilon negative (ENG) metamaterial (MM) and the other one is replacing the PEC boundary with perfect magnetic conductor (PMC) boundary. In both conditions, the total bandwidth of the COWP bands can be efficiently broadened by more than three times. Moreover, based on the ultra-broadband one-way configurations, gradient-index metamaterial-based one-way waveguides are proposed to achieve broadband truly rainbow trapping (TRT). By utilizing the finite element method, the realization of the broadband TRT without backward reflection is verified in gradient-index structures. Besides, giant electric field enhancement is observed in a PMC-based one-way structure with an ultra-subwavelength ($\approx 10^{-4} λ_0$, $λ_0$ is the wavelength in vaccum) terminal, and the amplitude of the electric field is enormously enhanced by five orders of magnitude. Our findings are beneficial for researches on broadband terahertz communication, energy harvesting and strong-field devices.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Understanding Worldwide Private Information Collection on Android

Mobile phones enable the collection of a wealth of private information, from unique identifiers (e.g., email addresses), to a user's location, to their text messages. This information can be harvested by apps and sent to third parties, which can use it for a variety of purposes. In this paper we perform the largest study of private information collection (PIC) on Android to date. Leveraging an anonymized dataset collected from the customers of a popular mobile security product, we analyze the flows of sensitive information generated by 2.1M unique apps installed by 17.3M users over a period of 21 months between 2018 and 2019. We find that 87.2% of all devices send private information to at least five different domains, and that actors active in different regions (e.g., Asia compared to Europe) are interested in collecting different types of information. The United States (62% of the total) and China (7% of total flows) are the countries that collect most private information. Our findings raise issues regarding data regulation, and would encourage policymakers to further regulate how private information is used by and shared among the companies and how accountability can be truly guaranteed.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

UAVs as a Service: Boosting Edge Intelligence for Air-Ground Integrated Networks

The air-ground integrated network is a key component of future sixth generation (6G) networks to support seamless and near-instant super-connectivity. There is a pressing need to intelligently provision various services in 6G networks, which however is challenging. To meet this need, in this article, we propose a novel architecture called UaaS (UAVs as a Service) for the air-ground integrated network, featuring UAV as a key enabler to boost edge intelligence with the help of machine learning (ML) techniques. We envision that the proposed UaaS architecture could intelligently provision wireless communication service, edge computing service, and edge caching service by a network of UAVs, making full use of UAVs' flexible deployment and diverse ML techniques. We also conduct a case study where UAVs participate in the model training of distributed ML among multiple terrestrial users, whose result shows that the model training is efficient with a negligible energy consumption of UAVs, compared to the flight energy consumption. Finally, we discuss the challenges and open research issues in the UaaS.

0 citations0 reviewsNo code linkedOpen access
preprint2019arXiv

A Fenchel-Moreau-Rockafellar type theorem on the Kantorovich-Wasserstein space with Applications in Partially Observable Markov Decision Processes

By using the fact that the space of all probability measures with finite support can be somehow completed in two different fashions, one generating the Arens-Eells space and another generating the Kantorovich-Wasserstein (Wasserstein-1) space, and by exploiting the duality relationship between the Arens-Eells space with the space of Lipschitz functions, we provide a dual representation of Fenchel-Moreau-Rockafellar type for proper convex functionals on Wasserstein-1. We retrieve dual transportation inequalities as a Corollary and we provide examples where the theorem can be used to easily prove dual expressions like the celebrated Donsker-Varadhan variational formula. Finally our result allows to write convex functions as the supremum over all linear functions that are generated by roots of its conjugate dual, something that we apply to the field of Partially observable Markov decision processes (POMDPs) to approximate the value function of a given POMDP by iterating level sets. This extends the method used in Smallwood 1973 for finite state spaces to the case were the state space is a Polish metric space.

0 citations0 reviewsNo code linkedOpen access