Now showing 1 - 8 of 8
PublicationVerifying the Safety of Autonomous Systems with Neural Network Controllers(2020-12-01) Ivanov, Radoslav; Carpenter, Taylor J.; Weimer, James; Alur, Rajeev; Pappas, George; Lee, Insup; Ivanov, Radoslav; Carpenter, Taylor J.; Weimer, James; Alur, Rajeev; Pappas, George; Lee, InsupThis paper addresses the problem of verifying the safety of autonomous systems with neural network (NN) controllers. We focus on NNs with sigmoid/tanh activations and use the fact that the sigmoid/tanh is the solution to a quadratic differential equation. This allows us to convert the NN into an equivalent hybrid system and cast the problem as a hybrid system verification problem, which can be solved by existing tools. Furthermore, we improve the scalability of the proposed method by approximating the sigmoid with a Taylor series with worst-case error bounds. Finally, we provide an evaluation over four benchmarks, including comparisons with alternative approaches based on mixed integer linear programming as well as on star sets. PublicationParameter-Invariant Monitor Design for Cyber Physical Systems(2018-01-01) Weimer, James; Ivanov, Radoslav; Chen, Sanjian; Roederer, Alexander; Sokolsky, Oleg; Lee, Insup; Weimer, James; Ivanov, Radoslav; Chen, Sanjian; Roederer, Alexander; Sokolsky, Oleg; Lee, InsupThe tight interaction between information technology and the physical world inherent in Cyber-Physical Systems (CPS) can challenge traditional approaches for monitoring safety and security. Data collected for robust CPS monitoring is often sparse and may lack rich training data describing critical events/attacks. Moreover, CPS often operate in diverse environments that can have significant inter/intra-system variability. Furthermore, CPS monitors that are not robust to data sparsity and inter/intra-system variability may result in inconsistent performance and may not be trusted for monitoring safety and security. Towards overcoming these challenges, this paper presents recent work on the design of parameter-invariant (PAIN) monitors for CPS. PAIN monitors are designed such that unknown events and system variability minimally affect the monitor performance. This work describes how PAIN designs can achieve a constant false alarm rate (CFAR) in the presence of data sparsity and intra/inter system variance in real-world CPS. To demonstrate the design of PAIN monitors for safety monitoring in CPS with different types of dynamics, we consider systems with networked dynamics, linear-time invariant dynamics, and hybrid dynamics that are discussed through case studies for building actuator fault detection, meal detection in type I diabetes, and detecting hypoxia caused by pulmonary shunts in infants. In all applications, the PAIN monitor is shown to have (significantly) less variance in monitoring performance and (often) outperforms other competing approaches in the literature. Finally, an initial application of PAIN monitoring for CPS security is presented along with challenges and research directions for future security monitoring deployments. PublicationRePulmo: A Remote Pulmonary Monitoring System(2018-04-01) Nguyen, Hung; Ivanov, Radoslav; DeMauro, Sara B.; Weimer, James; Nguyen, Hung; Ivanov, Radoslav; DeMauro, Sara B.; Weimer, JamesRemote physiological monitoring is increasing in popularity with the evolution of technologies in the healthcare industry. However, the current solutions for remote monitoring of blood-oxygen saturation, one of the most common continuously monitored vital signs, either have inconsistent accuracy or are not secure for transmitting over the network. In this paper, we propose RePulmo, an open-source platform for secure and accurate remote pulmonary data monitoring. RePulmo satisfies both robustness and security requirements by utilizing hospital-grade pulse oximeter devices with multiple layers of security enforcement. We describe two applications of RePulmo, namely (1) a remote pulmonary monitoring system for infants to support the Children’s Hospital of Philadelphia (CHOP) clinical trial; (2) a proof-of-concept of a low SpO2 smart alarm system. PublicationOpenICE-lite: Towards a Connectivity Platform for the Internet of Medical Things(2018-05-01) Ivanov, Radoslav; Nguyen, Hung; Weimer, James; Sokolsky, Oleg; Lee, Insup; Ivanov, Radoslav; Nguyen, Hung; Weimer, James; Sokolsky, Oleg; Lee, InsupThe Internet of Medical Things (IoMT) is poised to revolutionize medicine. However, medical device communication, coordination, and interoperability present challenges for IoMT applications due to safety, security, and privacy concerns. These challenges can be addressed by developing an open platform for IoMT that can provide guarantees on safety, security and privacy. As a first step, we introduce OpenICE-lite, a middleware for medical device interoperability that also provides security guarantees and allows other IoMT applications to view/analyze the data in real time. We describe two applications that currently utilize OpenICE-lite, namely (i) a critical pulmonary shunt predictor for infants during surgery; (ii) a remote pulmonary monitoring systems (RePulmo). Implementations of both systems are utilized by the Children’s Hospital of Philadelphia (CHOP) as quality improvements to patient care. PublicationCase Study: Verifying the Safety of an Autonomous Racing Car with a Neural Network Controller(2020-04-01) Ivanov, Radoslav; Carpenter, Taylor J.; Weimer, James; Alur, Rajeev; Pappas, George; Lee, Insup; Ivanov, Radoslav; Carpenter, Taylor J.; Weimer, James; Alur, Rajeev; Pappas, George; Lee, InsupThis paper describes a verification case study on an autonomous racing car with a neural network (NN) controller. Although several verification approaches have been recently proposed, they have only been evaluated on low-dimensional systems or systems with constrained environments. To explore the limits of existing approaches, we present a challenging benchmark in which the NN takes raw LiDAR measurements as input and outputs steering for the car. We train a dozen NNs using reinforcement learning (RL) and show that the state of the art in verification can handle systems with around 40 LiDAR rays. Furthermore, we perform real experiments to investigate the benefits and limitations of verification with respect to the sim2real gap, i.e., the difference between a system’s modeled and real performance. We identify cases, similar to the modeled environment, in which verification is strongly correlated with safe behavior. Finally, we illustrate LiDAR fault patterns that can be used to develop robust and safe RL algorithms. PublicationReducing Pulse Oximetry False Alarms Without Missing Life-Threatening Events(2018-09-01) Nguyen, Hung; Jang, Sooyong; Ivanov, Radoslav; Bonafide, Christopher P.; Weimer, James; Lee, Insup; Nguyen, Hung; Jang, Sooyong; Ivanov, Radoslav; Bonafide, Christopher P.; Weimer, James; Lee, InsupAlarm fatigue has been increasingly recognized as one of the most significant problems in the hospital environment. One of the major causes is the excessive number of false physiologic monitor alarms. An underlying problem is the inefficient traditional threshold alarm system for physiologic parameters such as low blood oxygen saturation (SpO2). In this paper, we propose a robust classification procedure based on the AdaBoost algorithm with reject option that can identify and silence false SpO2 alarms, while ensuring zero misclassified clinically significant alarms. Alarms and vital signs related to SpO2 such as heart rate and pulse rate, within monitoring interval are extracted into different numerical features for the classifier. We propose a variant of AdaBoost with reject option by allowing a third decision (i.e., reject) expressing doubt. Weighted outputs of each weak classifier are input to a softmax function optimizing to satisfy a desired false negative rate upper bound while minimizing false positive rate and indecision rate. We evaluate the proposed classifier using a dataset collected from 100 hospitalized children at Children's Hospital of Philadelphia and show that the classifier can silence 23.12% of false SpO2 alarms without missing any clinically significant alarms. PublicationLogSafe: Secure and Scalable Data Logger for IoT Devices(2018-04-01) Nguyen, Hung; Ivanov, Radoslav; Phan, Linh T.X.; Sokolsky, Oleg; Weimer, James; Lee, Insup; Nguyen, Hung; Ivanov, Radoslav; Phan, Linh T.X.; Sokolsky, Oleg; Weimer, James; Lee, InsupAs devices in the Internet of Things (IoT) increase in number and integrate with everyday lives, large amounts of personal information will be generated. With multiple discovered vulnerabilities in current IoT networks, a malicious attacker might be able to get access to and misuse this personal data. Thus, a logger that stores this information securely would make it possible to perform forensic analysis in case of such attacks that target valuable data. In this paper, we propose LogSafe, a scalable, fault-tolerant logger that leverages the use of Intel Software Guard Extensions (SGX) to store logs from IoT devices efficiently and securely. Using the security guarantees of SGX, LogSafe is designed to run on an untrusted cloud infrastructure and satisfies Confidentiality, Integrity, and Availability (CIA) security properties. Finally, we provide an exhaustive evaluation of LogSafe in order to demonstrate that it is capable of handling logs from a large number of IoT devices and at a very high data transmission rate. PublicationVerisig: verifying safety properties of hybrid systems with neural network controllers(2019-04-01) Ivanov, Radoslav; Weimer, James; Alur, Rajeev; Pappas, George J.; Lee, Insup; Ivanov, Radoslav; Weimer, James; Alur, Rajeev; Pappas, George J.; Lee, InsupThis paper presents Verisig, a hybrid system approach to verifying safety properties of closed-loop systems using neural networks as controllers. We focus on sigmoid-based networks and exploit the fact that the sigmoid is the solution to a quadratic differential equation, which allows us to transform the neural network into an equivalent hybrid system. By composing the network’s hybrid system with the plant’s, we transform the problem into a hybrid system verification problem which can be solved using state-of-theart reachability tools. We show that reachability is decidable for networks with one hidden layer and decidable for general networks if Schanuel’s conjecture is true. We evaluate the applicability and scalability of Verisig in two case studies, one from reinforcement learning and one in which the neural network is used to approximate a model predictive controller.