Showing 1–7 of 7 results for author: Ronen, E

The Ultimate Combo: Boosting Adversarial Example Transferability by Composing Data Augmentations

Authors: Zebin Yun, Achi-Or Weingarten, Eyal Ronen, Mahmood Sharif

Abstract: Transferring adversarial examples (AEs) from surrogate machine-learning (ML) models to target models is commonly used in black-box adversarial robustness evaluation. Attacks leveraging certain data augmentation, such as random resizing, have been found to help AEs generalize from surrogates to targets. Yet, prior work has explored limited augmentations and their composition. To fill the gap, we sy… ▽ More Transferring adversarial examples (AEs) from surrogate machine-learning (ML) models to target models is commonly used in black-box adversarial robustness evaluation. Attacks leveraging certain data augmentation, such as random resizing, have been found to help AEs generalize from surrogates to targets. Yet, prior work has explored limited augmentations and their composition. To fill the gap, we systematically studied how data augmentation affects transferability. Particularly, we explored 46 augmentation techniques of seven categories originally proposed to help ML models generalize to unseen benign samples, and assessed how they impact transferability, when applied individually or composed. Performing exhaustive search on a small subset of augmentation techniques and genetic search on all techniques, we identified augmentation combinations that can help promote transferability. Extensive experiments with the ImageNet and CIFAR-10 datasets and 18 models showed that simple color-space augmentations (e.g., color to greyscale) outperform the state of the art when combined with standard augmentations, such as translation and scaling. Additionally, we discovered that composing augmentations impacts transferability mostly monotonically (i.e., more methods composed $\rightarrow$ $\ge$ transferability). We also found that the best composition significantly outperformed the state of the art (e.g., 93.7% vs. $\le$ 82.7% average transferability on ImageNet from normally trained surrogates to adversarially trained targets). Lastly, our theoretical analysis, backed up by empirical evidence, intuitively explain why certain augmentations help improve transferability. △ Less

Submitted 18 December, 2023; originally announced December 2023.

Comments: 18 pages

Consistent High Dimensional Rounding with Side Information

Authors: Orr Dunkelman, Zeev Geyzel, Chaya Keller, Nathan Keller, Eyal Ronen, Adi Shamir, Ran J. Tessler

Abstract: In standard rounding, we want to map each value $X$ in a large continuous space (e.g., $R$) to a nearby point $P$ from a discrete subset (e.g., $Z$). This process seems to be inherently discontinuous in the sense that two consecutive noisy measurements $X_1$ and $X_2$ of the same value may be extremely close to each other and yet they can be rounded to different points $P_1\ne P_2$, which is undes… ▽ More In standard rounding, we want to map each value $X$ in a large continuous space (e.g., $R$) to a nearby point $P$ from a discrete subset (e.g., $Z$). This process seems to be inherently discontinuous in the sense that two consecutive noisy measurements $X_1$ and $X_2$ of the same value may be extremely close to each other and yet they can be rounded to different points $P_1\ne P_2$, which is undesirable in many applications. In this paper we show how to make the rounding process perfectly continuous in the sense that it maps any pair of sufficiently close measurements to the same point. We call such a process consistent rounding, and make it possible by allowing a small amount of information about the first measurement $X_1$ to be unidirectionally communicated to and used by the rounding process of $X_2$. The fault tolerance of a consistent rounding scheme is defined by the maximum distance between pairs of measurements which guarantees that they are always rounded to the same point, and our goal is to study the possible tradeoffs between the amount of information provided and the achievable fault tolerance for various types of spaces. When the measurements $X_i$ are arbitrary vectors in $R^d$, we show that communicating $\log_2(d+1)$ bits of information is both sufficient and necessary (in the worst case) in order to achieve consistent rounding for some positive fault tolerance, and when d=3 we obtain a tight upper and lower asymptotic bound of $(0.561+o(1))k^{1/3}$ on the achievable fault tolerance when we reveal $\log_2(k)$ bits of information about how $X_1$ was rounded. We analyze the problem by considering the possible colored tilings of the space with $k$ available colors, and obtain our upper and lower bounds with a variety of mathematical techniques including isoperimetric inequalities, the Brunn-Minkowski theorem, sphere packing bounds, and Čech cohomology. △ Less

Submitted 9 August, 2020; originally announced August 2020.

A Simple Explanation for the Existence of Adversarial Examples with Small Hamming Distance

Authors: Adi Shamir, Itay Safran, Eyal Ronen, Orr Dunkelman

Abstract: The existence of adversarial examples in which an imperceptible change in the input can fool well trained neural networks was experimentally discovered by Szegedy et al in 2013, who called them "Intriguing properties of neural networks". Since then, this topic had become one of the hottest research areas within machine learning, but the ease with which we can switch between any two decisions in ta… ▽ More The existence of adversarial examples in which an imperceptible change in the input can fool well trained neural networks was experimentally discovered by Szegedy et al in 2013, who called them "Intriguing properties of neural networks". Since then, this topic had become one of the hottest research areas within machine learning, but the ease with which we can switch between any two decisions in targeted attacks is still far from being understood, and in particular it is not clear which parameters determine the number of input coordinates we have to change in order to mislead the network. In this paper we develop a simple mathematical framework which enables us to think about this baffling phenomenon from a fresh perspective, turning it into a natural consequence of the geometry of $\mathbb{R}^n$ with the $L_0$ (Hamming) metric, which can be quantitatively analyzed. In particular, we explain why we should expect to find targeted adversarial examples with Hamming distance of roughly $m$ in arbitrarily deep neural networks which are designed to distinguish between $m$ input classes. △ Less

Submitted 30 January, 2019; originally announced January 2019.

Tight Bounds on Online Checkpointing Algorithms

Authors: Achiya Bar-On, Itai Dinur, Orr Dunkelman, Rani Hod, Nathan Keller, Eyal Ronen, Adi Shamir

Abstract: The problem of online checkpointing is a classical problem with numerous applications which had been studied in various forms for almost 50 years. In the simplest version of this problem, a user has to maintain $k$ memorized checkpoints during a long computation, where the only allowed operation is to move one of the checkpoints from its old time to the current time, and his goal is to keep the ch… ▽ More The problem of online checkpointing is a classical problem with numerous applications which had been studied in various forms for almost 50 years. In the simplest version of this problem, a user has to maintain $k$ memorized checkpoints during a long computation, where the only allowed operation is to move one of the checkpoints from its old time to the current time, and his goal is to keep the checkpoints as evenly spread out as possible at all times. Bringmann et al. studied this problem as a special case of an online/offline optimization problem in which the deviation from uniformity is measured by the natural discrepancy metric of the worst case ratio between real and ideal segment lengths. They showed this discrepancy is smaller than $1.59-o(1)$ for all $k$, and smaller than $\ln4-o(1)\approx1.39$ for the sparse subset of $k$'s which are powers of 2. In addition, they obtained upper bounds on the achievable discrepancy for some small values of $k$. In this paper we solve the main problems left open in the above-mentioned paper by proving that $\ln4$ is a tight upper and lower bound on the asymptotic discrepancy for all large $k$, and by providing tight upper and lower bounds (in the form of provably optimal checkpointing algorithms, some of which are in fact better than those of Bringmann et al.) for all the small values of $k \leq 10$. In the last part of the paper we describe some new applications of this online checkpointing problem. △ Less

Submitted 19 June, 2019; v1 submitted 9 April, 2017; originally announced April 2017.

Comments: Appeared at ICALP 2018

Conversion of out-of-phase to in-phase order in coupled laser arrays with second harmonics

Authors: Chene Tradonsky, Micha Nixon, Eitan Ronen, Vishwa Pal, Ronen Chriki, Asher A. Friesem, Nir Davidson

Abstract: A novel method for converting an array of out-of-phase lasers into one of in-phase lasers that can be tightly focused is presented. The method exploits second harmonic generation and can be adapted for different laser arrays geometries. Experimental and calculated results, presented for negatively coupled lasers formed in a square, honeycomb, and triangular geometries are in good agreement. A novel method for converting an array of out-of-phase lasers into one of in-phase lasers that can be tightly focused is presented. The method exploits second harmonic generation and can be adapted for different laser arrays geometries. Experimental and calculated results, presented for negatively coupled lasers formed in a square, honeycomb, and triangular geometries are in good agreement. △ Less

Submitted 22 February, 2015; originally announced February 2015.

Controlling synchronization in large laser networks using number theory

Authors: Micha Nixon, Moti Fridman, Eitan Ronen, Asher A. Friesem, Nir Davidson, Ido Kanter

Abstract: Synchronization in networks with delayed coupling are ubiquitous in nature and play a key role in almost all fields of science including physics, biology, ecology, climatology and sociology. In general, the published works on network synchronization are based on data analysis and simulations, with little experimental verification. Here we develop and experimentally demonstrate various multi-cluste… ▽ More Synchronization in networks with delayed coupling are ubiquitous in nature and play a key role in almost all fields of science including physics, biology, ecology, climatology and sociology. In general, the published works on network synchronization are based on data analysis and simulations, with little experimental verification. Here we develop and experimentally demonstrate various multi-cluster phase synchronization scenarios within coupled laser networks. Synchronization is controlled by the network connectivity in accordance to number theory, whereby the number of synchronized clusters equals the greatest common divisor of network loops. This dependence enables remote switching mechanisms to control the optical phase coherence among distant lasers by local network connectivity adjustments. Our results serve as a benchmark for a broad range of coupled oscillators in science and technology, and offer feasible routes to achieve multi-user secure protocols in communication networks and parallel distribution of versatile complex combinatorial tasks in optical computers. △ Less

Submitted 18 December, 2011; originally announced December 2011.

Comments: 13 pages, 4 figure and supplementary information

Phase locking of coupled lasers with many longitudinal modes

Authors: Moti Fridman, Micha Nixon, Eitan Ronen, Asher A. Friesem, Nir Davidson

Abstract: Detailed experimental and theoretical investigations on two coupled fiber lasers, each with many longitudinal modes, reveal that the behavior of the longitudinal modes depends on both the coupling strength as well as the detuning between them. For low to moderate coupling strength only longitudinal modes which are common for both lasers phase-lock while those that are not common gradually disapp… ▽ More Detailed experimental and theoretical investigations on two coupled fiber lasers, each with many longitudinal modes, reveal that the behavior of the longitudinal modes depends on both the coupling strength as well as the detuning between them. For low to moderate coupling strength only longitudinal modes which are common for both lasers phase-lock while those that are not common gradually disappear. For larger coupling strengths, the longitudinal modes that are not common reappear and phase-lock. When the coupling strength approaches unity the coupled lasers behave as a single long cavity with correspondingly denser longitudinal modes. Finally, we show that the gradual increase in phase-locking as a function of the coupling strength results from competition between phase-locked and non phase-locked longitudinal modes. △ Less

Submitted 16 December, 2009; originally announced December 2009.

Comments: 3 pages, 4 figures, submitted to opt. lett