Guangke Chen

Guangke Chen
ShanghaiTech University · Computer Science

Doctor of Engineering

About

14
Publications
809
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
172
Citations
Citations since 2017
14 Research Items
172 Citations
2017201820192020202120222023020406080
2017201820192020202120222023020406080
2017201820192020202120222023020406080
2017201820192020202120222023020406080
Learn about citations on ResearchGate
Introduction
Guangke Chen currently studys as Ph.D candidate at the Computer Science , ShanghaiTech University. Guangke does research in security and privacy issue of multi-media and machine learning.
Education
September 2019 - September 2021
ShanghaiTech University
ShanghaiTech University
Field of study
  • Computer Science
September 2015 - June 2019
South China University of Technology
South China University of Technology
Field of study
  • Information Engineering

Publications

Publications (14)
View
Fig. 2. An illustrating scenario of the ACAS Xu system
Fig. 6. Comparison of test and verify operations on abstract DNNs...
#Call per query to the verification engine
#Binary search step
CLEVEREST: Accelerating CEGAR-based Neural Network Verification via Adversarial Attacks
Chapter
Full-text available
  • Dec 2022
Deep neural networks (DNNs) have achieved remarkable performance in a myriad of complex tasks. However, lacking of robustness and black-box nature hinder their deployment in safety-critical systems. A large number of testing and formal verification techniques have been proposed recently, aiming to provide quality assurance for DNNs. Generally speak...
View
Precise Quantitative Analysis of Binarized Neural Networks: A BDD-based Approach
Article
  • Sep 2022
As a new programming paradigm, neural network based machine learning has expanded its application to many real-world problems. Due to the black-box nature of neural networks, verifying and explaining their behavior is becoming increasingly important, especially when they are deployed in safety-critical applications. Existing verification work mostl...
View
Fig. 1. Architecture of SRSs.
SR models
Due to the massive experiments, we only target the CSI task (i.e.,...
Results (Aa, SNR, PESQ) of transformations against adaptive attacks
The ranges and optimal values for parameters of transformations.
Towards Understanding and Mitigating Audio Adversarial Examples for Speaker Recognition
Preprint
Full-text available
  • Jun 2022
Speaker recognition systems (SRSs) have recently been shown to be vulnerable to adversarial attacks, raising significant security concerns. In this work, we systematically investigate transformation and adversarial training based defenses for securing SRSs. According to the characteristic of SRSs, we present 22 diverse transformations and thoroughl...
View
Fig. 4: The overview of our attack AS2T
Different goals an adversary intends to achieve
Details of the 14 SR models, where Arch and Trans represent...
Performance of the SR models on three tasks
+1 The attack success rate (%) of over-the-air AS2T. RN and RIR denote...
AS2T: Arbitrary Source-To-Target Adversarial Attack on Speaker Recognition Systems
Preprint
Full-text available
  • Jun 2022
Recent work has illuminated the vulnerability of speaker recognition systems (SRSs) against adversarial attacks, raising significant security concerns in deploying SRSs. However, they considered only a few settings (e.g., some combinations of source and target speakers), leaving many interesting and important settings in real-world attack scenarios...
View
AS2T: Arbitrary Source-To-Target Adversarial Attack on Speaker Recognition Systems
Article
  • Jan 2022
Recent work has illuminated the vulnerability of speaker recognition systems (SRSs) against adversarial attacks, raising significant security concerns in deploying SRSs. However, they considered only a few settings (e.g., some combinations of source and target speakers), leaving many interesting and important settings in real-world attack scenarios...
View
Fig. 1. Architecture of SRSs.
Transformations
SR models
Imperceptibility and strength of non-adaptive attacks
+2 The imperceptibility and loss of non-adapative attacks w.r.t. the...
Towards Understanding and Mitigating Audio Adversarial Examples for Speaker Recognition
Article
Full-text available
  • Jan 2022
Speaker recognition systems (SRSs) have recently been shown to be vulnerable to adversarial attacks, raising significant security concerns. In this work, we systematically investigate transformation and adversarial training based defenses for securing SRSs. According to the characteristic of SRSs, we present 22 diverse transformations and thoroughl...
View
Figure 2: A typical flow of feature processing.
Figure 3: Overview of our platform SEC4SR.
Effectiveness and stealthiness of untargeted attacks.
Effectiveness and stealthiness of targeted attacks.
SEC4SR: A Security Analysis Platform for Speaker Recognition
Preprint
Full-text available
  • Sep 2021
Adversarial attacks have been expanded to speaker recognition (SR). However, existing attacks are often assessed using different SR models, recognition tasks and datasets, and only few adversarial defenses borrowed from computer vision are considered. Yet,these defenses have not been thoroughly evaluated against adaptive attacks. Thus, there is sti...
View
View
Fig. 1. Architecture of a BNN with d + 1 blocks
Fig. 2. The reduced BDD for f (x 1 , y 1 , x 2 , y 2 ) = (x 1 ⇔ y 1 ) ∧...
Fig. 5. An illustrating example
BNN benchmarks
+1 BDD encoding under Hamming distance
BDD4BNN: A BDD-Based Quantitative Analysis Framework for Binarized Neural Networks
Chapter
Full-text available
  • Jul 2021
Verifying and explaining the behavior of neural networks is becoming increasingly important, especially when they are deployed in safety-critical applications. In this paper, we study verification and interpretability problems for Binarized Neural Networks (BNNs), the 1-bit quantization of general real-numbered neural networks. Our approach is to e...
View
Fig. 3: Overview of our attack: FAKEBOB
Fig. 4: Attack on OSI systems MP3 and AAC), our attack FAKEBOB first...
Fig. 6: Distribution of transferability attacks
Fig. 9: Attack cost of median filter and audio squzzeing
Fig. 10: ROC curves of Temporal Dependence Detection Fig. 10 shows the...
Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems
Conference Paper
Full-text available
  • May 2021
Speaker recognition (SR) is widely used in our daily life as a biometric authentication or identification mechanism. The popularity of SR brings in serious security concerns, as demonstrated by recent adversarial attacks. However, the impacts of such threats in the practical black-box setting are still open, since current attacks consider the white...
View
Figure 8: Adversarial examples for different í µí¼
CLEVER scores with confidence interval of 90% significance level
AUROC comparison of our approach over baselines
Robustness vs. confidence of adversarial examples
Comparison for the impact of classifier parameters
Attack as Defense: Characterizing Adversarial Examples using Robustness
Preprint
Full-text available
  • Mar 2021
As a new programming paradigm, deep learning has expanded its application to many real-world problems. At the same time, deep learning based software are found to be vulnerable to adversarial attacks. Though various defense mechanisms have been proposed to improve robustness of deep learning software, many of them are ineffective against adaptive a...
View
BDD4BNN: A BDD-based Quantitative Analysis Framework for Binarized Neural Networks
Preprint
  • Mar 2021
Verifying and explaining the behavior of neural networks is becoming increasingly important, especially when they are deployed in safety-critical applications. In this paper, we study verification problems for Binarized Neural Networks (BNNs), the 1-bit quantization of general real-numbered neural networks. Our approach is to encode BNNs into Binar...
View
Fig. 3: Overview of our attack: FAKEBOB
Fig. 4: Attack on OSI systems
Fig. 6: Distribution of transferability attacks
Fig. 9: Attack cost of median filter and audio squzzeing
Fig. 10: ROC curves of Temporal Dependence Detection Fig. 10 shows the...
Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems
Preprint
Full-text available
  • Nov 2019
Speaker recognition (SR) is widely used in our daily life as a biometric authentication mechanism. The popularity of SR brings in serious security concerns, as demonstrated by recent adversarial attacks. However, the impacts of such threats in the practical black-box setting are still open, since current attacks consider the white-box setting only....
View

Network

Cited
View All
Cited By
View All