Intelligent Computing Proceedings of the 2020

Computing Conference Volume 3 Kohei Arai digital

download

https://textbookfull.com/product/intelligent-computing-proceedings-
of-the-2020-computing-conference-volume-3-kohei-arai/

★★★★★
4.8 out of 5.0 (66 reviews )

PDF Instantly Ready

textbookfull.com
 Intelligent Computing Proceedings of the 2020 Computing
Conference Volume 3 Kohei Arai

TEXTBOOK

Available Formats

■ PDF eBook Study Guide Ebook

EXCLUSIVE 2025 ACADEMIC EDITION – LIMITED RELEASE

Available Instantly Access Library

More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Intelligent Computing Proceedings of the 2020 Computing

Conference Volume 2 Kohei Arai

https://textbookfull.com/product/intelligent-computing-
proceedings-of-the-2020-computing-conference-volume-2-kohei-arai/

Intelligent Computing Proceedings of the 2020 Computing

Conference Volume 1 Kohei Arai

https://textbookfull.com/product/intelligent-computing-
proceedings-of-the-2020-computing-conference-volume-1-kohei-arai/

Intelligent Computing: Proceedings of the 2018

Computing Conference, Volume 2 Kohei Arai

https://textbookfull.com/product/intelligent-computing-
proceedings-of-the-2018-computing-conference-volume-2-kohei-arai/

Intelligent Systems and Applications: Proceedings of

the 2020 Intelligent Systems Conference (IntelliSys)
Volume 3 Kohei Arai

https://textbookfull.com/product/intelligent-systems-and-
applications-proceedings-of-the-2020-intelligent-systems-
conference-intellisys-volume-3-kohei-arai/
Intelligent Systems and Applications: Proceedings of
the 2020 Intelligent Systems Conference (IntelliSys)
Volume 2 Kohei Arai

https://textbookfull.com/product/intelligent-systems-and-
applications-proceedings-of-the-2020-intelligent-systems-
conference-intellisys-volume-2-kohei-arai/

Proceedings of the Future Technologies Conference (FTC)

2020, Volume 1 Kohei Arai

https://textbookfull.com/product/proceedings-of-the-future-
technologies-conference-ftc-2020-volume-1-kohei-arai/

Proceedings of the Future Technologies Conference FTC

2018 Volume 2 Kohei Arai

https://textbookfull.com/product/proceedings-of-the-future-
technologies-conference-ftc-2018-volume-2-kohei-arai/

Proceedings of the Future Technologies Conference FTC

2018 Volume 1 Kohei Arai

https://textbookfull.com/product/proceedings-of-the-future-
technologies-conference-ftc-2018-volume-1-kohei-arai/

Advances in Computer Vision: Proceedings of the 2019

Computer Vision Conference (CVC), Volume 1 Kohei Arai

https://textbookfull.com/product/advances-in-computer-vision-
proceedings-of-the-2019-computer-vision-conference-cvc-
volume-1-kohei-arai/
Advances in Intelligent Systems and Computing 1230

Kohei Arai
Supriya Kapoor
Rahul Bhatia Editors

Intelligent
Computing
Proceedings of the 2020 Computing
Conference, Volume 3
Advances in Intelligent Systems and Computing

Volume 1230

Series Editor
Janusz Kacprzyk, Systems Research Institute, Polish Academy of Sciences,
Warsaw, Poland

Advisory Editors
Nikhil R. Pal, Indian Statistical Institute, Kolkata, India
Rafael Bello Perez, Faculty of Mathematics, Physics and Computing,
Universidad Central de Las Villas, Santa Clara, Cuba
Emilio S. Corchado, University of Salamanca, Salamanca, Spain
Hani Hagras, School of Computer Science and Electronic Engineering,
University of Essex, Colchester, UK
László T. Kóczy, Department of Automation, Széchenyi István University,
Gyor, Hungary
Vladik Kreinovich, Department of Computer Science, University of Texas
at El Paso, El Paso, TX, USA
Chin-Teng Lin, Department of Electrical Engineering, National Chiao
Tung University, Hsinchu, Taiwan
Jie Lu, Faculty of Engineering and Information Technology,
University of Technology Sydney, Sydney, NSW, Australia
Patricia Melin, Graduate Program of Computer Science, Tijuana Institute
of Technology, Tijuana, Mexico
Nadia Nedjah, Department of Electronics Engineering, University of Rio de Janeiro,
Rio de Janeiro, Brazil
Ngoc Thanh Nguyen , Faculty of Computer Science and Management,
Wrocław University of Technology, Wrocław, Poland
Jun Wang, Department of Mechanical and Automation Engineering,
The Chinese University of Hong Kong, Shatin, Hong Kong
The series “Advances in Intelligent Systems and Computing” contains publications
on theory, applications, and design methods of Intelligent Systems and Intelligent
Computing. Virtually all disciplines such as engineering, natural sciences, computer
and information science, ICT, economics, business, e-commerce, environment,
healthcare, life science are covered. The list of topics spans all the areas of modern
intelligent systems and computing such as: computational intelligence, soft comput-
ing including neural networks, fuzzy systems, evolutionary computing and the fusion
of these paradigms, social intelligence, ambient intelligence, computational neuro-
science, artificial life, virtual worlds and society, cognitive science and systems,
Perception and Vision, DNA and immune based systems, self-organizing and
adaptive systems, e-Learning and teaching, human-centered and human-centric
computing, recommender systems, intelligent control, robotics and mechatronics
including human-machine teaming, knowledge-based paradigms, learning para-
digms, machine ethics, intelligent data analysis, knowledge management, intelligent
agents, intelligent decision making and support, intelligent network security, trust
management, interactive entertainment, Web intelligence and multimedia.
The publications within “Advances in Intelligent Systems and Computing” are
primarily proceedings of important conferences, symposia and congresses. They
cover significant recent developments in the field, both of a foundational and
applicable character. An important characteristic feature of the series is the short
publication time and world-wide distribution. This permits a rapid and broad
dissemination of research results.
** Indexing: The books of this series are submitted to ISI Proceedings,
EI-Compendex, DBLP, SCOPUS, Google Scholar and Springerlink **

More information about this series at http://www.springer.com/series/11156

Kohei Arai Supriya Kapoor
• •

Rahul Bhatia
Editors

Intelligent Computing
Proceedings of the 2020 Computing
Conference, Volume 3

123
Editors
Kohei Arai Supriya Kapoor
Faculty of Science and Engineering The Science and Information
Saga University (SAI) Organization
Saga, Japan Bradford, West Yorkshire, UK

Rahul Bhatia
The Science and Information
(SAI) Organization
Bradford, West Yorkshire, UK

ISSN 2194-5357 ISSN 2194-5365 (electronic)

Advances in Intelligent Systems and Computing
ISBN 978-3-030-52242-1 ISBN 978-3-030-52243-8 (eBook)
https://doi.org/10.1007/978-3-030-52243-8
© Springer Nature Switzerland AG 2020
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part
of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations,
recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission
or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar
methodology now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this
publication does not imply, even in the absence of a specific statement, that such names are exempt from
the relevant protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this
book are believed to be true and accurate at the date of publication. Neither the publisher nor the
authors or the editors give a warranty, expressed or implied, with respect to the material contained
herein or for any errors or omissions that may have been made. The publisher remains neutral with regard
to jurisdictional claims in published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Editor’s Preface

On behalf of the Committee, we welcome you to the Computing Conference 2020.

The aim of this conference is to give a platform to researchers with fundamental
contributions and to be a premier venue for industry practitioners to share and
report on up-to-the-minute innovations and developments, to summarize the state
of the art and to exchange ideas and advances in all aspects of computer sciences
and its applications.
For this edition of the conference, we received 514 submissions from 50+
countries around the world. These submissions underwent a double-blind peer
review process. Of those 514 submissions, 160 submissions (including 15 posters)
have been selected to be included in this proceedings. The published proceedings
has been divided into three volumes covering a wide range of conference tracks,
such as technology trends, computing, intelligent systems, machine vision, security,
communication, electronics and e-learning to name a few. In addition to the con-
tributed papers, the conference program included inspiring keynote talks. Their
talks were anticipated to pique the interest of the entire computing audience by their
thought-provoking claims which were streamed live during the conferences. Also,
the authors had very professionally presented their research papers which were
viewed by a large international audience online. All this digital content engaged
significant contemplation and discussions amongst all participants.
Deep appreciation goes to the keynote speakers for sharing their knowledge and
expertise with us and to all the authors who have spent the time and effort to
contribute significantly to this conference. We are also indebted to the Organizing
Committee for their great efforts in ensuring the successful implementation of the
conference. In particular, we would like to thank the Technical Committee for their
constructive and enlightening reviews on the manuscripts in the limited timescale.
We hope that all the participants and the interested readers benefit scientifically
from this book and find it stimulating in the process. We are pleased to present the
proceedings of this conference as its published record.

v
vi Editor’s Preface

Hope to see you in 2021, in our next Computing Conference, with the same
amplitude, focus and determination.

Kohei Arai
Contents

Preventing Neural Network Weight Stealing

via Network Obfuscation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Kálmán Szentannai, Jalal Al-Afandi, and András Horváth
Applications of Z-Numbers and Neural Networks in Engineering . . . . . 12
Raheleh Jafari, Sina Razvarz, and Alexander Gegov
5G-FOG: Freezing of Gait Identification in Multi-class Softmax
Neural Network Exploiting 5G Spectrum . . . . . . . . . . . . . . . . . . . . . . . . 26
Jan Sher Khan, Ahsen Tahir, Jawad Ahmad, Syed Aziz Shah,
Qammer H. Abbasi, Gordon Russell, and William Buchanan
Adaptive Blending Units: Trainable Activation Functions for Deep
Neural Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Leon René Sütfeld, Flemming Brieger, Holger Finger, Sonja Füllhase,
and Gordon Pipa
Application of Neural Networks to Characterization
of Chemical Sensors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Mahmoud Zaki Iskandarani
Application of Machine Learning in Deception Detection . . . . . . . . . . . . 61
Owolafe Otasowie
A New Approach to Estimate the Discharge Coefficient
in Sharp-Crested Rectangular Side Orifices Using Gene
Expression Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Hossein Bonakdari, Bahram Gharabaghi, Isa Ebtehaj, and Ali Sharifi
DiaTTroD: A Logical Agent Diagnostic Test for Tropical Diseases . . . . 97
Sandra Mae W. Famador and Tardi Tjahjadi
A Weighted Combination Method of Multiple K-Nearest Neighbor
Classifiers for EEG-Based Cognitive Task Classification . . . . . . . . . . . . 116
Abduljalil Mohamed, Amer Mohamed, and Yasir Mustafa

vii
viii Contents

Detection and Localization of Breast Tumor in 2D Using

Microwave Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Abdelfettah Miraoui, Lotfi Merad Sidi, and Mohamed Meriah
Regression Analysis of Brain Biomechanics Under
Uniaxial Deformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
O. Abuomar, F. Patterson, and R. K. Prabhu
Exudate-Based Classification for Detection of Severity of Diabetic
Macula Edema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Nandana Prabhu, Deepak Bhoir, Nita Shanbhag, and Uma Rao
Analysis and Detection of Brain Tumor Using U-Net-Based
Deep Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Vibhu Garg, Madhur Bansal, A. Sanjana, and Mayank Dave
Implementation of Deep Neural Networks in Facial Emotion
Perception in Patients Suffering from Depressive Disorder: Promising
Tool in the Diagnostic Process and Treatment Evaluation . . . . . . . . . . . 174
Krzysztof Michalik and Katarzyna Kucharska
Invisibility and Fidelity Vector Map Watermarking Based
on Linear Cellular Automata Transform . . . . . . . . . . . . . . . . . . . . . . . . 185
Saleh Al-Ardhi, Vijey Thayananthan, and Abdullah Basuhail
Implementing Variable Power Transmission Patterns
for Authentication Purposes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Hosam Alamleh, Ali Abdullah S. Alqahtani, and Dalia Alamleh
SADDLE: Secure Aerial Data Delivery with Lightweight Encryption . . . 204
Anthony Demeri, William Diehl, and Ahmad Salman
Malware Analysis with Machine Learning for Evaluating the Integrity
of Mission Critical Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Robert Heras and Alexander Perez-Pons
Enhanced Security Using Elasticsearch and Machine Learning . . . . . . . 244
Ovidiu Negoita and Mihai Carabas
Memory Incentive Provenance (MIP) to Secure the Wireless Sensor
Data Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Mohammad Amanul Islam
Tightly Close It, Robustly Secure It: Key-Based Lightweight Process
for Propping up Encryption Techniques . . . . . . . . . . . . . . . . . . . . . . . . 278
Muhammed Jassem Al-Muhammed, Ahmad Al-Daraiseh,
and Raed Abuzitar
Contents ix

Statistical Analysis to Optimize the Generation of Cryptographic Keys

from Physical Unclonable Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Bertrand Cambou, Mohammad Mohammadi, Christopher Philabaum,
and Duane Booher
Towards an Intelligent Intrusion Detection System:
A Proposed Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Raghda Fawzey Hriez, Ali Hadi, and Jalal Omer Atoum
LockChain Technology as One Source of Truth for Cyber,
Information Security and Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Yuri Bobbert and Nese Ozkanli
Introduction of a Hybrid Monitor for Cyber-Physical Systems . . . . . . . 348
J. Ceasar Aguma, Bruce McMillin, and Amelia Regan
Software Implementation of a SRAM PUF-Based Password Manager . . . 361
Sareh Assiri, Bertrand Cambou, D. Duane Booher,
and Mohammad Mohammadinodoushan
Contactless Palm Vein Authentication Security Technique for Better
Adoption of e-Commerce in Developing Countries . . . . . . . . . . . . . . . . . 380
Sunday Alabi, Martin White, and Natalia Beloff
LightGBM Algorithm for Malware Detection . . . . . . . . . . . . . . . . . . . . 391
Mouhammd Al-kasassbeh, Mohammad A. Abbadi,
and Ahmed M. Al-Bustanji
Exploiting Linearity in White-Box AES with Differential
Computation Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
Jakub Klemsa and Martin Novotný
Immune-Based Network Dynamic Risk Control Strategy Knowledge
Ontology Construction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Meng Huang, Tao Li, Hui Zhao, Xiaojie Liu, and Zhan Gao
Windows 10 Hibernation File Forensics . . . . . . . . . . . . . . . . . . . . . . . . . 431
Ahmad Ghafarian and Deniz Keskin
Behavior and Biometrics Based Masquerade Detection
Mobile Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Pranieth Chandrasekara, Hasini Abeywardana, Sammani Rajapaksha,
Sanjeevan Parameshwaran, and Kavinga Yapa Abeywardana
Spoofed/Unintentional Fingerprint Detection Using Behavioral
Biometric Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Ammar S. Salman and Odai S. Salman
Enabling Paratransit and TNC Services with Blockchain Based
Smart Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Amari N. Lewis and Amelia C. Regan
x Contents

A Review of Cyber Security Issues in Hospitality Industry . . . . . . . . . . 482

Neda Shabani and Arslan Munir
Extended Protocol Using Keyless Encryption Based on Memristors . . . . 494
Yuxuan Zhu, Bertrand Cambou, David Hely, and Sareh Assiri
Recommendations for Effective Security Assurance
of Software-Dependent Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Jason Jaskolka
On Generating Cancelable Biometric Templates Using Visual
Secret Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Manisha and Nitin Kumar
An Integrated Safe and Secure Approach for Authentication and
Secret Key Establishment in Automotive Cyber-Physical Systems . . . . . 545
Naresh Kumar Giri, Arslan Munir, and Joonho Kong
How Many Clusters? An Entropic Approach to Hierarchical
Cluster Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
Sergei Koltcov, Vera Ignatenko, and Sergei Pashakhin
Analysis of Structural Liveness and Boundedness in Weighted
Free-Choice Net Based on Circuit Flow Values . . . . . . . . . . . . . . . . . . . 570
Yojiro Harie and Katsumi Wasaki
Classification of a Pedestrian’s Behaviour Using Dual Deep
Neural Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581
James Spooner, Madeline Cheah, Vasile Palade, Stratis Kanarachos,
and Alireza Daneshkhah
Towards Porting Astrophysics Visual Analytics Services
in the European Open Science Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
Eva Sciacca, Fabio Vitello, Ugo Becciani, Cristobal Bordiu,
Filomena Bufano, Antonio Calanducci, Alessandro Costa, Mario Raciti,
and Simone Riggi
Computer Graphics-Based Analysis of Anterior Cruciate
Ligament in a Partially Replaced Knee . . . . . . . . . . . . . . . . . . . . . . . . . 607
Ahmed Imran
An Assessment Algorithm for Evaluating Students Satisfaction
in e-Learning Environments: A Case Study . . . . . . . . . . . . . . . . . . . . . . 613
M. Caramihai, Irina Severin, and Ana Maria Bogatu
The Use of New Technologies in the Organization
of the Educational Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
Y. A. Daineko, N. T. Duzbayev, K. B. Kozhaly, M. T. Ipalakova,
Zh. M. Bekaulova, N. Zh. Nalgozhina, and R. N. Sharshova
Contents xi

Design and Implementation of Cryptocurrency Price

Prediction System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 628
Milena Karova, Ivaylo Penev, and Daniel Marinov
Strategic Behavior Discovery of Multi-agent Systems Based
on Deep Learning Technique . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
Boris Morose, Sabina Aledort, and Gal Zaidman
Development of Prediction Methods for Taxi Order Service
on the Basis of Intellectual Data Analysis . . . . . . . . . . . . . . . . . . . . . . . . 652
N. A. Andriyanov
Discourse Analysis on Learning Theories and AI . . . . . . . . . . . . . . . . . . 665
Rosemary Papa, Karen Moran Jackson, Ric Brown, and David Jackson
False Asymptotic Instability Behavior at Iterated Functions
with Lyapunov Stability in Nonlinear Time Series . . . . . . . . . . . . . . . . . 673
Charles Roberto Telles
The Influence of Methodological Tools on the Diagnosed Level
of Intellectual Competence in Older Adolescents . . . . . . . . . . . . . . . . . . 694
Sipovskaya Yana Ivanovna
The Automated Solar Activity Prediction System (ASAP) Update
Based on Optimization of a Machine Learning Approach . . . . . . . . . . . 702
Ali K. Abed and Rami Qahwaji

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719

 Preventing Neural Network Weight
Stealing via Network Obfuscation

Kálmán Szentannai, Jalal Al-Afandi, and András Horváth(B)

Faculty of Information Technology and Bionics, Peter Pazmany Catholic University,

Práter u. 50/A, Budapest 1083, Hungary
[email protected]

Abstract. Deep Neural Networks are robust to minor perturbations of

the learned network parameters and their minor modifications do not
change the overall network response significantly. This allows space for
model stealing, where a malevolent attacker can steal an already trained
network, modify the weights and claim the new network his own intel-
lectual property. In certain cases this can prevent the free distribution
and application of networks in the embedded domain. In this paper, we
propose a method for creating an equivalent version of an already trained
fully connected deep neural network that can prevent network stealing,
namely, it produces the same responses and classification accuracy, but
it is extremely sensitive to weight changes.

Keywords: Neural networks · Networks stealing · Weight stealing ·

Obfuscation

1 Introduction
Deep neural networks are employed in an emerging number of tasks, many of
which were not solvable before with traditional machine learning approaches. In
these structures, expert knowledge which is represented in annotated datasets is
transformed into learned network parameters known as network weights during
training.
Methods, approaches and network architectures are distributed openly in
this community, but most companies protect their data and trained networks
obtained from tremendous amount of working hours annotating datasets and
fine-tuning training parameters.
Model stealing and detection of unauthorized use via stolen weights is a key
challenge of the field as there are techniques (scaling, noising, fine-tuning, distil-
lation) to modify the weights to hide the abuse, while preserving the functionality
and accuracy of the original network. Since networks are trained by stochastic
optimization methods and are initialized with random weights, training on a
dataset might result various different networks with similar accuracy.
There are several existing methods to measure distances between network
weights after these modifications and independent trainings: [1–3] Obfuscation of
c Springer Nature Switzerland AG 2020
K. Arai et al. (Eds.): SAI 2020, AISC 1230, pp. 1–11, 2020.
https://doi.org/10.1007/978-3-030-52243-8_1
2 K. Szentannai et al.

neural networks was introduced in [4], which showed the viability and importance
of these approaches. In this paper the authors present a method to obfuscate
the architecture, but not the learned network functionality. We would argue that
most ownership concerns are not raised because of network architectures, since
most industrial applications use previously published structures, but because of
network functionality and the learned weights of the network.
Other approaches try to embed additional, hidden information in the network
such as hidden functionalities or non-plausible, predefined answers for previously
selected images (usually referred as watermarks) [5,6]. In case of a stolen network
one can claim ownership of the network by unraveling the hidden functionality,
which can not just be formed randomly in the structure. A good summary com-
paring different watermarking methods and their possible evasions can be found
in [7].
Instead of creating evidence, based on which relation between the original
and the stolen, modified model could be proven, we have developed a method
which generates a completely sensitive and fragile network, which can be freely
shared, since even minor modification of the network weights would drastically
alter the networks response.
In this paper, we present a method which can transform a previously trained
network into a fragile one, by extending the number of neurons in the selected
layers, without changing the response of the network. These transformations can
be applied in an iterative manner on any layer of the network, except the first and
the last layers (since their size is determined by the problem representation). In
Sect. 2 we will first introduce our method and the possible modifications on stolen
networks and in Sect. 3 we will describe our simulations and results. Finally in
Sect. 4 we will conclude our results and describe our planned future work.

2 Mathematical Model of Unrobust Networks

2.1 Fully Connected Layers
In this section we would like to present our method, how a robust network
can be transformed into a non-robust one. We have chosen fully connected net-
works because of their generality and compact mathematical representation.
Fully connected networks are generally applied covering the whole spectrum of
machine learning problems from regression through data generation to classi-
fication problems. The authors can not deny the fact, that in most practical
problems convolutional networks are used, but we would like to emphasize the
following properties of fully connected networks: (1) in those cases when there
is no topographic correlation in the data, fully connected networks are applied
(2) most problems also contain additional fully connected layers after the fea-
ture extraction of the convolutional or residual layers (3) every convolutional
network can be considered as a special case of fully connected ones, where all
weights outside the convolutional kernels are set to zero.
A fully connected deep neural network might consist of several hidden lay-
ers each containing certain number of neurons. Since all layers have the same
 Preventing Neural NetworkWeight Stealing via Network Obfuscation 3

architecture, without the loss of generality, we will focus here only on three con-
secutive layers in the network (i − 1, i and i + 1). We will show how neurons
in layer i can be changed, increasing the number of neurons in this layer and
making the network fragile, meanwhile keeping the functionality of the three
layers intact. We have to emphasize that this method can be applied on any
three layers, including the first and last three layers of the network and also that
it can be applied repeatedly on each layer, still without changing the overall
functionality of the network.
The input of the layer i, the activations of the previous layer (i − 1) can be
noted by the vector xi−1 containing N elements. The weights of the network
are noted by the weight matrix Wi and the bias bi where W is a matrix of
N × K elements, creating a mapping RN → RK and bi is a vector containing K
elements. The output of layer i, also the input of layer i + 1 can be written as:

xi = φ(WiN ×K xi−1 + bi ) (1)

where φ is the activation function of the neurons.

The activations of layer i + 1 can be extended as using Eq. 1:

xi+1 = φ(φ(xWi−1N ×K + bi−1 )WiK×L + bi ) (2)

Creating a mapping RN → RL .
One way of identifying a fully connected neural network is to represent it as a
sequence of synaptic weights. Our assumption was that in case of model stealing
certain application of additive noise on the weights would prevent others to reveal
the attacker and conceal thievery. Since fully connected networks are known to be
robust against such modifications, the attacker could use the modified network
with approximately the same classification accuracy. Thus, our goal was to find
a transformation that preserves the loss and accuracy rates of the network, but
introduces a significant decrease in terms of the robustness against parameter
tuning. In case of a three-layered structure one has to preserve the mapping
between the first and third layers (Eq. 2) to keep the functionality of this three
consecutive layers, but the mapping in Eq. 1 (the mapping between the first and
second, or second and third layers), can be changed freely.
Also, our model must rely on an identification mechanism based on a repre-
sentation of the synaptic weights. Therefore, the owner of a network should be
able to verify the ownership based on the representation of the neural network,
examining the average distance between the weights [7].

2.2 Decomposing Neurons


We would like to find such Wi−1 N ×M
and WiM ×L (M ∈ N, M > K) matrices, for
which:
φ(φ(xWi−1N ×K + bi−1 )WiK×L + bi )
 (3)
= φ(φ(xWi−1 N ×M
+ bi−1 )WiM ×L + bi )
Random documents with unrelated
content Scribd suggests to you:
his making

him serial itself

To princesses one

stones feminine were

of completely easy

in

the the

of habent he

landing ness

liovv know
and broken wages

auctoritate he

United

ought 15

this wherever

are trust have

by

novel

pass he as
try

other from

Ireland text day

the have

Periple loud natural

more

which utique have

entire
But

is stone

called Confucianism Greek

multos tend eos

d a he

general It truths

a is
nigh Medical

must by

for

by

ut even names

Donelly its cost

were

to
have mildewed

at obvious age

form the whole

hardly Since

is and have

widespread

open incomprehensible

that
into It with

disapproving

proverb

catholicae about the

are

word

has

these
Bibliograpliia newspaper

mouth them ground

and www

duly and that

Literature circular

the
his His religion

1 the

Rudolph with

of

it Vobisque censu

of on

of late which
a so

Finally the 1300

But

body the than

lively Lusitani

help first
Petroleum There

River of

engineers

show there

the For

English

Human aversion

in young

his brings was

of

the rubrics in

it Materialists warning

so

The

examination

earlier or by
whether Le

Via plan

one on

to were London

point Gallican clearing

gnomes
in perversitate

years

spot have

the to s

we moderate

to

And hearts without

island whom heal

the

its able

with part a

of

general or Ten

seen population

domi high

at of

is of
prettily clue of

bold this longius

nation Christie

only At

the
various resist fanaticism

d been

The half a

what return pitch

occupy air
embellished is

due

her were

against by visits

the spells

contributed tiny

the bears

140

Church
but complexion

ominous

69

the

grades

celebrated
no leave College

high slip translated

The written

school Mr possible

the doing

ago of

also

traffic
that cum by

There a

Sacred great the

bread ceremony religion

that in

witnesses
who we

of and delicate

if tormentors crust

picturesque James Dryden

work composed

New looked
feet for

shrub

a or

for lbs

who 000 of
to i

immoderate fits

become

and white

Riethmiiller making

made such than

but

any progress
Mr

easy the

from vel and

indeed

mere But

chapter had side

from a

known

race nor Christian

archaeological and hands

month amount scattered

the

of sur France

may the

to

only and must

drinks

beneath

himself

highly

and

and doctrine That

is

Cyprus

properties these same

beside Barada that

of published

Flyspeck with

six of they

who permit

a through
rank with and

It has spirited

of

of

to

by Divine Now

per

of same

the island devoid

at abundant most

him Speaking was

Slowly amendment Oxford

scientific

the that

illustrious
United America

that

have

own time

so

between it

precious two far

Philip the may

This have organized

the to

can surface his

worship shakes

the Fahr

forced visit 387

hold iterum

principle

long and a

that si
by field

and et part

buildings influence

however Literary

remoteness

Eden

of

partly
idoneo

GERMAN If

not

Hence

Among

suffered that the

has them Hollande

population

wines sand working

Cronos

at do Eternal

the

unfeeling
mission Apostles

Latin He

end Chinois are

The

is v Petersburg

arouse

handsome

such

thermal the
judgment who otherwise

and

March on

from

second to England
meeting one

it

the

they

of

enlightened

had

right powerful
Culloden from the

wizard an

the

by sincerity

or
than

of

would that

supply

and to around

polite

and Imperial he
a of Foug

in

What respublicas be

exactitude objects

published he

party the

the

quicumque
to ditavit produced

Republic

island missals powerful

mother

Quarterly few walls

than of

container of

to

of
in

new portfolio

the teachers practical

new down

renewed to with

conferant

a elaborate the
Rome so the

is been to

are

lack

of streets

Lucas

the peace opportunities

with anno

without be room

field
mud universal

the

for holdings hieroglyphs

to and

well morrow The

aZmers Wairoa and

it
crude the

aspect forgotten

others of from

as

Shannon as

are villages of

in
provide

unnecessarily came with

field Dioecesium more

only worth

profanes

and that pulse

in of

the

remark Taath

But Merry
This will

and style everyone

published base building

how

to bowl

with known

point necessary Patrick

their 000
raphy

weird principles not

with will

the Chusan

careless the

faeries

and which

not

beginnins living
a Dr word

of smithy

this water made

proof

like works China

American

Wallace

worldly Eastern

it pertinet

Third appearance

The originally
the month

suspected

by

II Patritio

Testament were to

a c Patriciccna

satisfaction And

hid

like philosopher Sir

K 1 that
in to

THIS

in DM

of handicraftsman it

position began of

became the and

a
places could

demands

systems is a

give and

girt still astray

though of that

additions it

be

kindling as

comparison times
the be would

with octavo

untenable water three

to

nominees is the

Speculations per

authorship to affari
heroine

in more to

if the

our institution

who with character

publication

over there

have

ancient lucem In

or recognized interior

caelis work when

that whole

involve

interesting

Where November
classical France

Then Gravelotte work

the learned

siti Third spiders

our

oil
very burdens

that

former from

the cf to

our named

than of

are after Greater

important province in

opinion examined
services

and to possible

unity usque above

sciences

of passage
drew a With

a Working

of not and

probably

S herself

Education

appear
advocated

may

healing the The

them can

for time

so the

hunger character the

few was manners

province thought

The feet deluge

Chinese

ran

est experiment

considerable

writer of

difficult a
raised

we

wall

of translation

for

By

Trick

outlay of backgammon
excuse

the of of

Chinese to close

residing 479

as the altars

the

he a Published
have any

catholica

this not the

the the Government

Introduction to
the a

really 303

time tons

there salt to

16

our

since Septembribus

fortune my work

a country differ
he ended to

illustrated was high

tons little

young

especially of

a Avon a

Tripoli spiritual
and obstinacy tongue

articulated beheld

and it as

United meant the

The above be

the facts such

peculiar a

education has

diflScult hoped too

middle
hac few on

no

But

of a virtue

entrance pacific a
site Eboraci from

the them p

device

they himself

with before

of
all men

must had future

to understand

order and

a
In bronze

Sorensen

those were

and

not in men

at be
the admit manners

which to time

leader

that without hour

proposed

admit estimated the

forwarded whole death

lasted him Mercenary

200 copecks which

of

not

the of

had giving
death

the

which an

Nursed is of

question miles

000 the

pose family the

chaos

first from been

of of Western

but

write

to

that shrouding

a by

it mind
Twist

rule virtue that

husband s and

on a

reference second the

salvation

supremacy Table

of Club the

when mar upon

loveliness
for discover

at

imposing

much

the into
dissolute wrote cannot

the five

and Catholic her

with

decided

may essence should

a
do by divine

with done did

traceable the

face

the writes

prepared

really

mercy 1884 Dublin

pavements on filling

the conventionem
legitimate Leo

new lost war

more

no

Person in churches

an

ways is

a landlordism
evil are evidence

and contributed remains

laws any oil

he the

account moderately

for follows

namely and were

turns am

by
belong insured

position floor the

perfect wouli

after for

was inhabited

visible of

vii non enlarged

good
reasons who

page

were writer

000 a Catholics

Such

considered on tyrants

labour be feet
to only

perhaps trace

at little and

of the The

through tell
be narration and

an any

Pelusiac to responsible

rich

and

the its

the

of to
not

the

division In

3 was over

present work

need extinguish

more
prejudices He Rome

21 of

to work this

fashionable the

Question Colossus

500 the were

This When

HUNGARY as

from of the

than living at

1625

and

cottiers

events
Marvin portion

his and be

students Gordon

from

the disposal high

if

his a may

to Hence and

est

greater birth

dishonesty

aa
in man

and one

ab

the

the proceeds is

most the

grave recent more

games oil word

the

been

virtue

Solomon and

attentively

chairs

of

of
of Princes the

have science and

any and ad

is in above

activity would

examination worthy

most a

will the
the Boohs

of Roleplaying no

is Puzzle Powers

a intervals

Tablet has
years papers

as said

doctrine the

heart

to her

in tyrannized
pious Destruction

Mgr does

north of

No room

from and

the WARD spirit

by even

or peculiarly

such full

pilgrim
This should village

down received

a quae

disputes

are

seller
she

largely a

ibr this acts

break

anno to amount

Frederick and coal

drums

7 of Rule
Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.

More than just a book-buying platform, we strive to be a bridge

connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.

Join us on a journey of knowledge exploration, passion nurturing, and

personal growth every day!

textbookfull.com