ONGOING PROJECTS

Projects: Ongoing Previous
Computer Vision
Adversarial Attacks on Navigation Systems

Visual navigation systems have become essential in nowadays autonomous systems, with deep learning algorithms being the state-of-the-art.
In this project, we will work towards developing adversarial attacks on such algorithms. We aim for generating passive example attacks that, when injected to the scene being observed by the visual sensor, will cause the navigation algorithm to diverge from its trajectory.

We will start from attacking a white-box algorithm and examine several aspects, including: The attack whereabouts in the scene (for a given attack), how to blend a passive attack patch in the scene (for a given attack location).
Both aspects aim to maximize the destination divergence with a constrained patch injection and will be led by a different team.

Another research direction is to attack a system which also includes a GPS as well as the visual sensor.

Supervisor(s): Chaim Baskin, Yaniv Nemcovsky, Matan Jacoby
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
Object detection for vision-aided UAVs

Modern UAVs rely extensively on visual sensing. In fact, one of the basic capabilities allowing the drone to navigate in and interact with unknown environments is simultaneous localization and mapping (SLAM),  a process of constructing or updating a map of the environment while simultaneously keeping track of the aircraft location within. Today’s most effective SLAM algorithms are vision-based (vSLAM). One of the key steps in building such UAVs is object/obstacle detection.

In this project, we will first design an object detection framework for data that has been already acquired from drones. We will then analyze its vulnerabilities towards adversarial attacks
and thereafter design algorithms that are robust to such attacks.

Supervisor(s): Chaim Baskin, Matan Jacoby
Requirements: Strong programming skills, basic familiarity with deep learning frameworks
Deep Learning Algorithms and Hardware
Machine Learning for Hardware Reverse Engineering

Hardware reverse engineering (HRE) refers to understanding the operation/internal structure of a circuit from external measurements.
Machine learning (ML) is very powerful for performing identification/localization/segmentation, but is usually applied to more structured data (e.g., images). Recently, ML techniques have been applied for HRE, e.g. in [1].

In this project, we aim to build an infrastructure for comparing different ML approaches to HRE. We will start from reproducing the results of [1], and explore off-the-shelf modern ML techniques for HRE.

[1] Graph Similarity and its Applications to Hardware Security, Fyrbiak et al. 2020

Supervisor(s): Amit Boyarski
Requirements: Some knowledge of hardware, signal and graph processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch. The project ideally fits future/ongoing graduate students.
Adversarial attacks on Graph Neural Networks

Graph Neural Networks have rapidly grown popularity in recent years due to their ability to learn non-pixel data representations. However, their robustness to noisy data or other kinds of perturbations is still not adequately explored.
In this project, we will investigate various adversarial attacks and hopefully proposed methods to increase network robustness for their elimination.

Related work:
https://arxiv.org/pdf/1805.07984.pdf
https://arxiv.org/abs/1809.01093
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7974879

The project is research oriented and ideally fit future/ongoing graduate students.

Application: email chaimbaskin@cs.technion.ac.il and mention your background.

Supervisor(s): Chaim Baskin
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
MLE quantization for efficient DNN compression

This work aims to develop novel post-training/quantization aware scheme based on maximum likelihood estimation (MLE).
The idea is to reduce the quantization error for low bit scenario allowing compressing DNNs without/minimum accuracy degradation.

More information:

https://www.dropbox.com/s/2hzrhgm49xyxr5m/MLE_Quantization.pdf?dl=0

The project is research oriented and ideally fit future/ongoing graduate students.

Application: email chaimbaskin@cs.technion.ac.il and mention your background.

Supervisor(s): Chaim Baskin
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
Noise propagation for improved robustness

In this project, we aim to devise a new scheme of adveserial learning which pertrube the input to hidden layers, and not solely the input layer. We will consider either training the network with attacks starting with pertrubing the upper layers where it may be easier for the network to generalize and continuing to lower layers. Another approach will add pertubation in each layer (e.g. by making use of the forward-backward scheme multiple times) in order to mimic the effect of a stronger attack, as previous works show that making use of strong attacks during the adverserial training results in more roubust networks.
Such approachs were suggested before but in a somewhat simplified manner.

The project is research oriented and ideally fit future/ongoing graduate students.

Application: email chaimbaskin@cs.technion.ac.il and mention your background.

Supervisor(s): Chaim Baskin
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
Momentum based EPGD

We have seen that Expectation Projected Gradient Descent (EPGD), which averages over multiple samples for each PGD step, can produce a successful adversarial attack with less steps than PGD. However, when considering the complexity of sampling and averaging over multiple samples, EPGD is comparable yet not better than PGD. Therefore, we wish to make use of the previous steps of PGD as approximation of the average to devise a successful attack with less steps.

The project is research oriented and ideally fit future/ongoing graduate students.

Application: email to chaimbaskin@cs.technion.ac.il and mention your background.

Supervisor(s): Chaim Baskin
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
Perceptually aligned gradients

Perceptually aligned gradients is a known phenomenon where strong adversarial attacks (epsilon=1) produce samples which greatly resemble samples from different classes. In this project, we wish to explore several questions, such as: When does this phenomenon reproduce? and why? Does it depend on different attacks and norm limitations?
We wish to study the above questions, especially interesting are EPGD attacks as described in the second link.

https://arxiv.org/pdf/1910.08640.pdf

https://arxiv.org/pdf/1911.07198.pdf

The project is research oriented and ideally fit future/ongoing graduate students.

Application: email chaimbaskin@cs.technion.ac.il and mention your background.

Supervisor(s): Chaim Baskin
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
Approximating minimal epsilon for successful Adversarial attack

CW/DDN are adversarial attack methods that aim to compute the minimal epsilon for which an adversarial attack exist. However, their computational time is quite high. Both methods work by local search of the minimal epsilon.
In this project we therefore wish to examine an approximate of the minimal epsilon in order to reduce the computational complexity. We can estimate the epsilon according to the model accuracy on randomly corrupted data.

The project is research oriented and ideally fit future/ongoing graduate students.

Application: email chaimbaskin@cs.technion.ac.il and mention your background.

Supervisor(s): Chaim Baskin
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
Improving machine generalization by human inspiration

Both human and machines generalize, but they generalize very differently. In this project we wish to investigate how human generalization can help to improve machine generalization.

Related work: https://arxiv.org/pdf/2004.07780.pdf

The project is research oriented and ideally fit future/ongoing graduate students.

Application: email chaimbaskin@cs.technion.ac.il and mention your background.

Supervisor(s): Chaim Baskin
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
Pruning methods for Binarized neural networks

High precision integer NN can be rewritten as a binary NN with grouped convolution followed by a simple 1×1 convolution. Applying structured pruning to such a model might allow us to achieve high precision binary networks.

Related papers:
https://arxiv.org/abs/1510.00149

https://papers.nips.cc/paper/6573-binarized-neural-networks

The project is research oriented and ideally fit future/ongoing graduate students.

Application: email chaimbaskin@cs.technion.ac.il and mention your background.

Supervisor(s): Chaim Baskin
Requirements: Good knowledge of signal processing and deep learning techniques. Elementary course in Deep Learning (e.g. 236781) and hands-on experience with PyTorch.
Deep learning for smart home automation

Home automation technologies are becoming ubiquitous with the advent of affordable low-power sensors and actuators. In a typical smart home system, traditional devices like light switches and water taps are replaced by connected and electronically controlled actuators, and many other home appliances can report their status (e.g., energy consumption) and be remotely controlled. Combined with such an infrastructure, AI techniques promise to bring to a new level the efficiency and convenience of contemporary dwellings. In this project, we will develop a deep learning-based controller for an actual smart home system.

This project is reserved for dedicated excellent students with exceptional hands-on programming and system engineering skills and can be used as a segue to graduate research.

Supervisor(s): Prof. Alex Bronstein, Matan Yaakoby
Requirements: Exceptional programming skills. Good knowledge of deep learning techniques