With the popularity of deep learning (DL), artificial intelligence (AI) has been applied in many areas of human life. Artificial neural network or neural network (NN), the main technique behind DL, has been extensively studied to facilitate computer vision and natural language processing. However, malicious NNs could bring huge threats in the so-called coming AI era. In this paper, for the first time in the literature, we propose a novel approach to design and insert powerful neuron-level trojans or PoTrojan in pre-trained NN models. Most of the time, PoTrojans remain inactive, not affecting the normal functions of their host NN models. PoTrojans could only be triggered in very rare conditions. Once triggered, however, the PoTrojans could cause the host NN models to malfunction, either falsely predicting or falsely classifying, which is a significant threat to human society of the AI era. We would explain the principles of PoTrojans and the easiness of designing and inserting them in pre-trained deep learning models. PoTrojans doesn't modify the existing architecture or parameters of the pre-trained models, without re-training. Hence, the proposed method is very efficient. We verify the tacitness and harmfulness of the PoTrojans on two real-life deep learning models: AlexNet and VGG16.
Neural network (NN) algorithms have become the dominant tool in visual object recognition, natural language processing, and robotics. To enhance the computational efficiency of these algorithms, in comparison to the traditional von Neuman computing architectures, researchers have been focusing on memristor computing systems. A major drawback when using memristor computing systems today is that, in the artificial intelligence (AI) era, well-trained NN models are intellectual property and, when loaded in the memristor computing systems, face theft threats, especially when running in edge devices. An adversary may steal the well-trained NN models through advanced attacks such as learning attacks and side-channel analysis. In this paper, we review different security techniques for protecting memristor computing systems. Two threat models are described based on their assumptions regarding the adversary’s capabilities: a black-box (BB) model and a white-box (WB) model. We categorize the existing security techniques into five classes in the context of these threat models: thwarting learning attacks (BB), thwarting side-channel attacks (BB), NN model encryption (WB), NN weight transformation (WB), and fingerprint embedding (WB). We also present a cross-comparison of the limitations of the security techniques. This paper could serve as an aid when designing secure memristor computing systems.
Background
Primary hyperoxaluria (PH) is a rare inborn disorder of the metabolism of glyoxylate, which causes the hallmark production oxalate and forms insoluble calcium oxalate crystals that accumulate in the kidney and other organs. Since the manifestation of PH varies from recurrent nephrolithiasis, nephrocalcinosis, and end-stage renal disease with age at onset of symptoms ranging from infancy to the sixth decade, the disease remains undiagnosed until after kidney transplantation in some cases.
Case presentation
Herein, we report 3 cases of PH diagnosed after kidney transplantation failure, providing the comprehensive clinical course, the ultrasonic image of renal graft and pathologic image of the biopsy, highlighting the relevance of biopsy findings and the results of molecular genetic testing. We also focus on the treatment and the unfavorable outcome of the patients. Meanwhile, we review the literature and show the additional 10 reported cases of PH diagnosed after kidney transplantation. Additionally, we discuss the progressive molecular understanding of the mechanisms involved in PH and molecular therapy.
Conclusions
Overall, the necessity of preoperative screening of PH in all patients even with a minor history of nephrolithiasis and the importance of proper treatment are the lessons we learn from the 3 cases, which prompt us to avoid tragedies.
Electronic supplementary material
The online version of this article (10.1186/s12882-019-1402-2) contains supplementary material, which is available to authorized users.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.