fabrizio falchi cnr it fabrizio falchi cnr it fabrizio
play

fabrizio.falchi@cnr.it fabrizio.falchi@cnr.it - PowerPoint PPT Presentation

Oct 15, 2023 •39 likes •779 views

A TTACKING D EEP N EURAL N ETWORKS WITH A DVERSARIAL I MAGES Fabrizio Falchi ISTI, CNR, Pisa, italy www.fabriziofalchi.it COST ACTION CA16101 - Dubrovnik, November 7th fabrizio.falchi@cnr.it fabrizio.falchi@cnr.it fabrizio.falchi@cnr.it W HAT

  1. A TTACKING D EEP N EURAL N ETWORKS WITH A DVERSARIAL I MAGES Fabrizio Falchi ISTI, CNR, Pisa, italy www.fabriziofalchi.it COST ACTION CA16101 - Dubrovnik, November 7th

  2. fabrizio.falchi@cnr.it

  3. fabrizio.falchi@cnr.it

  4. fabrizio.falchi@cnr.it

  5. W HAT ’ S THAT ? fabrizio.falchi@cnr.it

  6. W HAT ’ S THAT ? fabrizio.falchi@cnr.it

  7. W HAT ’ S THAT ? fabrizio.falchi@cnr.it

  8. W HAT ’ S THAT ? fabrizio.falchi@cnr.it

  9. A DVERSARIAL E XAMPLES fabrizio.falchi@cnr.it

  10. I LLUSIONS Edward H. Adelson fabrizio.falchi@cnr.it

  11. I LLUSIONS Edward H. Adelson fabrizio.falchi@cnr.it

  12. fabrizio.falchi@cnr.it

  13. DUBROVNIK fabrizio.falchi@cnr.it

  14. D UBROVNIK – D EEP D REAM fabrizio.falchi@cnr.it

  15. K NOW Y OUR E NEMY

  16. A DVERSARY Goal Knowledge Capability fabrizio.falchi@cnr.it

  17. A DVERSARY ’ S G OAL

  18. G ENUINE I MAGES … Mushrooms Pineapple Toucan … fabrizio.falchi@cnr.it

  19. 19 N ON -T ARGETED A TTACK Goal + NON-TARGETED = … Mushrooms <whatever> … fabrizio.falchi@cnr.it

  20. 20 T ARGETED A TTACK Goal + TARGETED = … Mushrooms Toucan … fabrizio.falchi@cnr.it

  21. Goal Knowledge Capability fabrizio.falchi@cnr.it

  22. Slide credit: Biggio fabrizio.falchi@cnr.it

  23. A TTACKING D EEP N EURAL N ETWORKS fabrizio.falchi@cnr.it

  24. B LACK B OX A DVERSARIAL E XAMPLE A TTACKS Practical Black-Box Attacks against Machine Learning Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, Ananthram Swami fabrizio.falchi@cnr.it

  25. A TTACKING F ACE R ECOGNITION S YSTEMS

  26. A DVERIAL F ACES Fast Geometrically-Perturbed Adversarial Faces Ali Dabouei, Sobhan Soleymani, Jeremy Dawson, Nasser M. Nasrabadi fabrizio.falchi@cnr.it

  27. A DVERSARIAL F ACES Fast Geometrically-Perturbed Adversarial Faces Ali Dabouei, Sobhan Soleymani, Jeremy Dawson, Nasser M. Nasrabadi fabrizio.falchi@cnr.it

  28. Fast Geometrically-Perturbed Adversarial Faces Ali Dabouei, Sobhan Soleymani, Jeremy Dawson, Nasser M. Nasrabadi fabrizio.falchi@cnr.it

  29. A DVERSARIAL F ACES Fast Geometrically-Perturbed Adversarial Faces Ali Dabouei, Sobhan Soleymani, Jeremy Dawson, Nasser M. Nasrabadi fabrizio.falchi@cnr.it

  30. Fast Geometrically-Perturbed Adversarial Faces Ali Dabouei, Sobhan Soleymani, Jeremy Dawson, Nasser M. Nasrabadi fabrizio.falchi@cnr.it

  31. Fast Geometrically-Perturbed Adversarial Faces Ali Dabouei, Sobhan Soleymani, Jeremy Dawson, Nasser M. Nasrabadi fabrizio.falchi@cnr.it

  32. A TTACKING IN R EAL W ORLD

  33. 33 A DVERSARIAL I MAGE Photo: labsix fabrizio.falchi@cnr.it

  34. 34 R OTATE A DVERSARIAL I MAGE Photo: labsix fabrizio.falchi@cnr.it

  35. fabrizio.falchi@cnr.it

  36. 36 fabrizio.falchi@cnr.it

  37. Robust Physical-World Attacks on Deep Learning Models Eykholt, Evtimov, Fernandes, Bo Li, Rahmati, Xiao, Prakash, Kohno, Song fabrizio.falchi@cnr.it

  38. fabrizio.falchi@cnr.it

  39. Adversarial Generative Nets: Neural Network Attacks on State-of-the-Art Face Recognition Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, Michael K. Reiter fabrizio.falchi@cnr.it

  40. A TTACKING DNN IN R EAL W ORLD Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, Michael K. Reiter fabrizio.falchi@cnr.it

  41. A TTACKING DNN IN R EAL W ORLD Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, Michael K. Reiter fabrizio.falchi@cnr.it

  42. A TTACKING DNN IN R EAL W ORLD Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, Michael K. Reiter fabrizio.falchi@cnr.it

  43. A TTACKING F ACE V ERIFICATION S YSTEMS

  44. F ACE R COGNITION ID1 ID2 ID3 ... ID10 ... IDn fabrizio.falchi@cnr.it

  45. F ACE V ERIFICATION fabrizio.falchi@cnr.it

  46. 46 F ACE V ERIFIATION Unravelling Robustness of Deep Learning based Face Recognition Against Adversarial Attacks Goswami, Ratha, Agarwal, Singh, Vatsa fabrizio.falchi@cnr.it

  47. 47 F ACE V ERIFIATION Unravelling Robustness of Deep Learning based Face Recognition Against Adversarial Attacks Goswami, Ratha, Agarwal, Singh, Vatsa fabrizio.falchi@cnr.it

  48. A DVERSARY -A WARE M ACHINE L EARNING

  49. 49 A DVERSARY -A WARE M ACHINE L EARNING Machine learning system should be aware of the arms race with the adversary Security evaluation of pattern classifiers under attack Biggio, Fumera, Roli fabrizio.falchi@cnr.it

  50. fabrizio.falchi@cnr.it

  51. A DVERSARIAL E XAMPLE D ETECTION

  52. 52 G ENIUNE I MAGES … Mushrooms Pineapple Toucan … fabrizio.falchi@cnr.it

  53. 53 N ON -T ARGETED A TTACK + = … Mushrooms <whatever> … fabrizio.falchi@cnr.it

  54. 54 D EFENSE + Increase robustness = … Mushrooms … fabrizio.falchi@cnr.it

  55. 55 D ETECTION + Attack detection = … Mushrooms … fabrizio.falchi@cnr.it

  56. A DVERSARIAL E XAMPLES D ETECTION Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, Michael K. Reiter fabrizio.falchi@cnr.it

  57. O UR A PPROACH

  58. D EEP LEARNING ( FROM N ATURE ) AI Machine Learning Repres. Learning Deep Learning fabrizio.falchi@cnr.it

  59. D EEP LEARNING ( FROM N ATURE ) Representation learning methods that allow a machine to be fed with raw data and to automatically discover the representations needed for detection or classification. Deep-learning are representation learning methods o with multiple levels of representation, obtained by o composing simple but non-linear modules that each o transform the representation at one level into a representation at a higher, slightly more abstract level. fabrizio.falchi@cnr.it

  60. M ULTIPLE L EVELS O F A BSTRACTION fabrizio.falchi@cnr.it

  61. M ULTIPLE L EVELS O F A BSTRACTION fabrizio.falchi@cnr.it

  62. O UR A PPROACH A detection scheme for adversarial images based on internal representation (aka deep features ) of the neural network classifier. • Main intuition : look at the evolution of features, i.e. the path formed by their positions in the feature spaces, during the forward pass of the network. • Claim : The trajectories traced by authentic inputs and adversarial examples differ and can be used to discern them. Adversarial examples detection in features distance spaces F. Carrara, R. Becarelli, R. Caldelli, F. Falchi, G. Amato ECCV WOCM Workshop 2018 fabrizio.falchi@cnr.it

  63. M ULTIPLE L EVELS O F A BSTRACTION fabrizio.falchi@cnr.it

  64. O UR A PPROACH : R ESULTS fabrizio.falchi@cnr.it

  65. 66 E ASY TO I DENTIFY A DVERSARIAL IMAGES fabrizio.falchi@cnr.it

  66. H ARD TO I DENTIFY A DVERSARIAL I MAGES fabrizio.falchi@cnr.it

  67. O THER D ETECTION A PPROACHES • Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods [2017] Nicholas Carlini, David Wagner • On Detecting Adversarial Perturbations [2017] Jan Hendrik Metzen, Tim Genewein, Volker Fischer, Bastian Bischoff • Trace and detect adversarial attacks on CNNs using feature response maps [2018] Mohammadreza, Friedhelm, Thilo • Adversarial examples detection in features distance spaces [2018] F. Carrara, R. Becarelli, R. Caldelli, F. Falchi, G. Amato fabrizio.falchi@cnr.it

  68. R ELATED T OPICS

  69. D ETECTING F ACE M ORPHING A TTACKS Detection of Face Morphing Attacks by Deep Learning C. Seibold, W. Samek, A. Hilsmann, P. Eisert fabrizio.falchi@cnr.it

  70. A DVERSARIAL E XAMPLES D ETECTION HiDDeN: Hiding Data With Deep Networks Jiren Zhu, Russell Kaplan, Justin Johnson, Li Fei-Fei fabrizio.falchi@cnr.it

  71. fabrizio.falchi@cnr.it

  72. fabrizio.falchi@cnr.it

  73. T HANKS ! Questions are welcomed Fabrizio Falchi fabrizio.falchi@cnr.it fabrizio.falchi@cnr.it

  74. C ONCLUSIONS • Machine Learning and Deep Learning in particular can be attacked o Slightly modifying images but also in real world o Even if our neural network is a black box for the enemy • Many approaches have been proposed to make DL more robust • Adversarial examples detection is its early stages • We need adversary-aware machine learning fabrizio.falchi@cnr.it

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TCAobjects Fabrizio Branca mail@fabrizio-branca.de Fabrizio Branca mail@fabrizio-branca.de

TCAobjects Fabrizio Branca mail@fabrizio-branca.de Fabrizio Branca mail@fabrizio-branca.de

TCAobjects Fabrizio Branca mail@fabrizio-branca.de Fabrizio Branca mail@fabrizio-branca.de I started implementing my tcaobjects extension and when almost finished I found this: [...] The general idea with our mapper (called tcaObj)

866 views • 37 slides
the agricultural domain Fabrizio Celli, Johannes Keizer, Maria Folch, Armando Stellato Fabrizio

the agricultural domain Fabrizio Celli, Johannes Keizer, Maria Folch, Armando Stellato Fabrizio

AGRIS: an RDF-aware system in the agricultural domain Fabrizio Celli, Johannes Keizer, Maria Folch, Armando Stellato Fabrizio Celli, Food and Agriculture Organization of the United Nations LOD 2014 Roma, 20 th / 21 st Feb 2014 Outline

728 views • 25 slides
Text Classification for Web Filtering Fabrizio Sebastiani Istituto di Scienza e Tecnologie

Text Classification for Web Filtering Fabrizio Sebastiani Istituto di Scienza e Tecnologie

c Fabrizio Sebastiani 1 Final POESIA Workshop Present and Future of Open-Source Content-Based Web filtering Pisa, IT 21-22 January, 2004 Text Classification for Web Filtering Fabrizio Sebastiani Istituto di Scienza e

196 views • 19 slides
Big Data and Sentiment Quantification: Analytical Tools and Outcomes Fabrizio Sebastiani

Big Data and Sentiment Quantification: Analytical Tools and Outcomes Fabrizio Sebastiani

Big Data and Sentiment Quantification: Analytical Tools and Outcomes Fabrizio Sebastiani Istituto di Scienza e Tecnologie dellInformazione Consiglio Nazionale delle Ricerche 56124 Pisa, IT E-mail: fabrizio.sebastiani@isti.cnr.it October

386 views • 24 slides
Metric Embedding into the Hamming Space with the n-Simplex Projection Lucia VADICAMO Vladimir

Metric Embedding into the Hamming Space with the n-Simplex Projection Lucia VADICAMO Vladimir

Metric Embedding into the Hamming Space with the n-Simplex Projection Lucia VADICAMO Vladimir MIC Fabrizio FALCHI Pavel ZEZULA Institute of Information Science Faculty of Informatics and Technologies, CNR, Masaryk University Pisa, Italy

256 views • 24 slides
La Tlmdecine pour lamlioration du Pronostic du Coronarien Fabrizio BEVERELLI,

La Tlmdecine pour lamlioration du Pronostic du Coronarien Fabrizio BEVERELLI,

La Tlmdecine pour lamlioration du Pronostic du Coronarien Fabrizio BEVERELLI, Clinique A. Par, Neuilly-sur-Seine DCLARATION DE LIENS D'INTRT AVEC LA PRSENTATION Intervenant : Fabrizio BEVERELLI, Neuilly-sur-Seine

448 views • 25 slides
A Medical Device Domain Analysis Model based on HL7 RIM Daniela Luzi*, Fabrizio Pecoraro*,

A Medical Device Domain Analysis Model based on HL7 RIM Daniela Luzi*, Fabrizio Pecoraro*,

A Medical Device Domain Analysis Model based on HL7 RIM Daniela Luzi*, Fabrizio Pecoraro*, Gregorio Mercurio , Fabrizio L. Ricci *National Research Council - Institute of Research on Population and Social Studies (IRPPS), Rome, Italy

580 views • 32 slides
N UKTI : English-Inuktitut Word Alignment System Description Philippe Langlais, Fabrizio Gotti

N UKTI : English-Inuktitut Word Alignment System Description Philippe Langlais, Fabrizio Gotti

N UKTI : English-Inuktitut Word Alignment System Description Philippe Langlais, Fabrizio Gotti and Guihong Cao RALI Dpartement dinformatique et de recherche oprationnelle Universit de Montral WPT June 2005 Felipe &amp; Fabrizio

486 views • 21 slides
MCINTYRE: A Monte Carlo Algorithm for Probabilistic Logic Programming Fabrizio Riguzzi ENDIF

MCINTYRE: A Monte Carlo Algorithm for Probabilistic Logic Programming Fabrizio Riguzzi ENDIF

MCINTYRE: A Monte Carlo Algorithm for Probabilistic Logic Programming Fabrizio Riguzzi ENDIF University of Ferrara, Italy fabrizio.riguzzi@unife.it Fabrizio Riguzzi (University of Ferrara) MCINTYRE 1 / 32 Probabilistic Logic Languages

612 views • 32 slides
Performance assessment of optimal allocation for large portfolios Luigi Grossi and Fabrizio

Performance assessment of optimal allocation for large portfolios Luigi Grossi and Fabrizio

Performance assessment of optimal allocation for large portfolios Luigi Grossi and Fabrizio Laurini luigi.grossi@univr.it fabrizio.laurini@unipr.it Dipartimento di Economie, Societ e Istituzioni, Universit di Verona Dipartimento di

539 views • 24 slides
Probabilistic Inductive Logic Programming Fabrizio Riguzzi Department of Mathematics and Computer

Probabilistic Inductive Logic Programming Fabrizio Riguzzi Department of Mathematics and Computer

Probabilistic Inductive Logic Programming Fabrizio Riguzzi Department of Mathematics and Computer Science University of Ferrara, Italy fabrizio.riguzzi@unife.it F. Riguzzi (UNIFE) PILP-ECAI20 1 / 129 Outline 1 Probabilistic Logic

1.75k views • 129 slides
Improving the Management of the Softw are Acquisition Process: a Methodological Approach in

Improving the Management of the Softw are Acquisition Process: a Methodological Approach in

Improving the Management of the Softw are Acquisition Process: a Methodological Approach in Automotive Fabrizio Fabbrini Fabrizio Fabbrini Fabrizio Fabbrini Fabrizio Fabbrini, Mario , Mario , Mario Fusani , Mario Fusani, Fusani Fusani

753 views • 28 slides
X-ray (and multiwavelength) X-ray (and multiwavelength) surveys surveys Fabrizio Fiore

X-ray (and multiwavelength) X-ray (and multiwavelength) surveys surveys Fabrizio Fiore

X-ray (and multiwavelength) X-ray (and multiwavelength) surveys surveys Fabrizio Fiore Fabrizio Fiore Table of content Table of content A historical perspective A historical perspective Tools for the interpretation of survey data

449 views • 28 slides
On the Edge-Length Ratio of Planar Graphs Manuel Borrazzo and Fabrizio Frati Roma Tre University

On the Edge-Length Ratio of Planar Graphs Manuel Borrazzo and Fabrizio Frati Roma Tre University

On the Edge-Length Ratio of Planar Graphs Manuel Borrazzo and Fabrizio Frati Roma Tre University The 27 th International Symposium on Graph Drawing and Network Visualization 18 th September 2019 18 th September 2019 Manuel Borrazzo and Fabrizio

816 views • 26 slides
Fabrizio Larcher BEC Center Trento &amp; JQC Durham-Newcastle I-K. Liu, P . Comaron, S.

Fabrizio Larcher BEC Center Trento &amp; JQC Durham-Newcastle I-K. Liu, P . Comaron, S.

Generation &amp; dynamics of solitonic defects: Kibble-Zurek in reduced dimensionality Fabrizio Larcher BEC Center Trento &amp; JQC Durham-Newcastle I-K. Liu, P . Comaron, S. Serafini, M. Barbiero, M. Debortoli, S. Donadello, G. Lamporesi, G.

687 views • 39 slides
SQL INJECTION by Fabrizio dAmore faculty of Ingegneria dellInformazione Universit di

SQL INJECTION by Fabrizio dAmore faculty of Ingegneria dellInformazione Universit di

SQL INJECTION by Fabrizio dAmore faculty of Ingegneria dellInformazione Universit di Roma La Sapienza WHAT IT IS , WHAT IT IS NOT December 2009 capability of giving SQL commands to a database engine exploiting a pre-existing

499 views • 20 slides
First-Order Logic &amp; Inference AI Class 19 (Ch. 8.18.3, 9 ) Material from Dr. Marie

First-Order Logic &amp; Inference AI Class 19 (Ch. 8.18.3, 9 ) Material from Dr. Marie

11/8/16 First-Order Logic &amp; Inference AI Class 19 (Ch. 8.18.3, 9 ) Material from Dr. Marie desJardin, Some material adopted from notes by Andreas Geyer-Schulz and Chuck Dyer Bookkeeping Midterms returned today HW4 due 11/7 @

288 views • 13 slides
Foundations to Get You Started Beth Tucker Long Who am I? Elizabeth Tucker Long (aka Beth)

Foundations to Get You Started Beth Tucker Long Who am I? Elizabeth Tucker Long (aka Beth)

Foundations to Get You Started Beth Tucker Long Who am I? Elizabeth Tucker Long (aka Beth) Editor-in-Chief of php|architect magazine Want to write? See me after. PHP Essentials Instructor Freelance consultant How this talk will

566 views • 19 slides
Exercise 1 Make 2 examples of learning tasks not

Exercise 1 Make 2 examples of learning tasks not

Exercise 1 Make 2 examples of learning tasks not mentioned in the first lecture of the course. For each task: Informally describe

201 views • 3 slides
A few experiences on the use of trust for social control Laurent Vercouter

A few experiences on the use of trust for social control Laurent Vercouter

A few experiences on the use of trust for social control Laurent Vercouter Laurent.vercouter@insa-rouen.fr W h a t i s t h e u t i l i t y o f a s o c i a l c o n c e p t f o r s e l f - organizing systems ? What is required for its

686 views • 9 slides
Extending SRGS to Support More Powerful and Expressive Grammars Paolo Baggia, Loquendo Deborah

Extending SRGS to Support More Powerful and Expressive Grammars Paolo Baggia, Loquendo Deborah

Extending SRGS to Support More Powerful and Expressive Grammars Paolo Baggia, Loquendo Deborah Dahl, Conversational Technologies Jerry Carter, The Minerva Project W3C Conversational Applications Workshop Somerset June 18-19, 2010

413 views • 5 slides
For Loops or count controlled repetition CORE-UA 109.01, Joanna Klukowska adapted from slides

For Loops or count controlled repetition CORE-UA 109.01, Joanna Klukowska adapted from slides

For Loops or count controlled repetition CORE-UA 109.01, Joanna Klukowska adapted from slides for CSCI-UA.002 by D. Engle, C. Kapp and J. Versoza 1/34 let's start with an example Write a program that prints numbers from 0 to 9, each on a new

572 views • 34 slides
Week 10 - Friday What did we talk about last time? Time More on linked lists A good

Week 10 - Friday What did we talk about last time? Time More on linked lists A good

Week 10 - Friday What did we talk about last time? Time More on linked lists A good programmer is someone who looks both ways before crossing a one-way street. Doug Linder Systems Administrator There are situations where you'd

513 views • 25 slides
Clustering Genetic Algorithm Petra Kudov Department of Theoretical Computer Science Institute

Clustering Genetic Algorithm Petra Kudov Department of Theoretical Computer Science Institute

Introduction Clustering Genetic Algorithm Experimental results Conclusion Clustering Genetic Algorithm Petra Kudov Department of Theoretical Computer Science Institute of Computer Science Academy of Sciences of the Czech Republic ETID

400 views • 18 slides

More recommend