Publications

Verzi, Stephen J.; Johnson, Nicholas J.; Khanna, Kanad K.; Zhou, Xin Z.; Quynn, Sophie Q.; Krishnakumar, Raga K.; Smith, Michael R.

Abstract not provided.

Johnson, Nicholas T.; Domschot, Eva D.; Khanna, Kanad K.; Kegelmeyer, William P.; Lamb, Christopher L.; Ramyaa, Ramyaa R.; Smith, Michael R.; Verzi, Stephen J.; Zhou, Xin Z.; Carbajal, Armida J.; Haus, Bridget H.; Ingram, Joey

Abstract not provided.

Rintoul, Mark D.; Wisniewski, Kyra L.; Ward, Katrina J.; Khanna, Kanad K.

This report focuses on the two primary goals set forth in Sandia’s TAFI effort, referred to here under the name Kebab. The first goal is to overlay a trajectory onto a large database of historical trajectories, all with very different sampling rates than the original track. We demonstrate a fast method to accomplish this, even for databases that hold over a million tracks. The second goal is to then demonstrate that these matched historical trajectories can be used to make predictions about unknown qualities associated with the original trajectory. As part of this work, we also examine the problem of defining the qualities of a trajectory in a reproducible way.

Eydenberg, Michael S.; Khanna, Kanad K.; Custer, Ryan C.

The well-known vulnerability of Deep Neural Networks to adversarial samples has led to a rapid cycle of increasingly sophisticated attack algorithms and proposed defenses. While most contemporary defenses have been shown to be vulnerable to carefully configured attacks, methods based on gradient regularization and out-of-distribution detection have attracted much interest recently by demonstrating higher resilience to a broad range of attack algorithms. However, no study has yet investigated the effect of combining these techniques. In this paper, we consider the effect of Jacobian matrix regularization on the detectability of adversarial samples on the CIFAR-10 image benchmark dataset. We find that regularization has a significant effect on detectability, and in some cases can make an undetectable attack on a baseline model detectable. In addition, we give evidence that regularization may mitigate the known weaknesses of detectors to high-confidence adversarial samples. The defenses we consider here are highly generalizable, and we believe they will be useful for further investigations to transfer machine learning robustness to other data domains.