Privacy Solutions for Attacks against Deep Neural Networks (2021-present): Deep neural netwworks have been shown to be susceptible to query-based attacks such as membership inference attacks (MIAs). MIAs aim to determine whether a sample belongs to the dataset used to train a classifier (members) or not (nonmembers). To address this problem we proposed an add-on defense for pre-trained models which mitigates the success rate of MIAs (Under Review). We also proposed a differential private approach to keep decision making hidden from external parties in a reinforcement learning (RL) problem (CDC2022).

Privacy Solutions for Threats Posed by Deep Neural Networks (Image Privacy) (2019-2021): Image hosting platforms are a popular way to store and share images with family members and friends. However, such platforms typically have full access to images raising privacy concerns. These concerns are further exacerbated with the advent of Convolutional Neural Networks (CNNs) that can be trained on available images to automatically detect and recognize faces with high accuracy. In this project, we proposed two practical adversarial perturbation approaches for image privacy. Our paper for image privacy got accepted in the Privacy Enhancing Technology Symposium (PETs2021). We also demonstrated that adversarial perturbation survive through Super-Resolution Deep Neural Networks (PETs2022).

Robust Convolutional Neural Networks (CNNs) (2017-2020)Detection and rejection of adversarial examples in security-sensitive and safety-critical systems using deep CNNs are essential. In this project, we aimed to detect and reject or classify adversarial examples correctly. To this end, we proposed three methods: (i) Ensemble of diverse specialized CNNs along with a simple voting mechanism (CanadianAI2020), (ii) Augmented CNNs with out-distribution learning (DSML2018), and (iii) Learning adversarial profiles for each class using only one adversarial attack generation technique(DSML2019). We also proposed metrics for ranking out-distribution for Leaning Robust CNNs(ECAI2020).

Power Systems Cybersecurity (2016-2021): Proposed two false Data Tolerance Mechanisms for Distributed Mode Estimation: Standard Alternating Direction of Multipliers Method (S-ADMM) and Distributed Alternating Direction of Multipliers Method (D-ADMM) have been proposed to detect oscillations in distributed power systems. Unfortunately, these two methods are vulnerable to false data injection attacks. In this project, we proposed two resiliency mechanisms for S-ADMM and D-ADMM published in IEEE SmartGridComm and ICSS, IEEE Transaction on Smart Grid. This project was funded by the Cyber Resilient Energy Delivery Consortium (CREDC) and the National Science Foundation (NSF).

Complex Networks Analysis (2010-2013): (i) Sampling form Complex Networks using a novel link-tracing sampling algorithm, based on the concepts from PageRank vectors, to sample from networks with high community structures (Chaos Paper), (ii) Local Community Detection in Complex Networks using a novel local community detection algorithm based on the random walk probability distribution (Report), and (iii) Social networks topology inference using diffusion information (Manuscript).

Data Anonymization and Synthesis (problem submitted by Desjardins in TMIPSW- 2020): Issues surrounding the protection of personal data are garnering more and more attention in society. Machine learning requires big data as well as granular data: thus it involves challenges, especially the protection of personal data and the transformation of data so that they cannot be traced to individuals. In this project, we investigated practices for anonymizing or synthesizing data that allows retain as many “original data” features as possible which is required to develop good predictive models.

Knowledge Discovery in Relational Databases(CS540): The main objective of this project was to learn new concept from structured dataset such as relational database. We studied the behavior of three relational machine learning algorithm including First Order Inductive Logic (FOIL) , Top-Down Inductive Decision Tree (TILDE) and Mixture Model Membership. The results showed that the TILDE algorithm performs better than FOIL algorithm (Report).

Frequency Estimation in Single-Frequency Complex Tone Problem from Limited Number of Noisy Observations(ECE565): In this project, we investigated frequency estimation in single-frequency complex tone problem from limited number of noisy observations. We estimated the frequency with two different estimators (Maximum Likelihood and Method of Moments Estimators) and derived the Carmer-Rao lower bounds for all parameters of multiple-frequency complex tone problem (Report, Slides).

Dental Growth Rates Approximation(ST559): In this project, we timplemented two different models (Linear model and Hierarchical linear model) to describe the dental growth rate. At the end, I used these models to predict jaw’s size for random selected samples(Report).