ShuffleDetect: Detecting Adversarial Images against Convolutional Neural Networks

in Applied Sciences (2023), 13(6), 4068

Recently, convolutional neural networks (CNNs) have become the main drivers in many image recognition applications. However, they are vulnerable to adversarial attacks, which can lead to disastrous ... [more ▼]

Recently, convolutional neural networks (CNNs) have become the main drivers in many image recognition applications. However, they are vulnerable to adversarial attacks, which can lead to disastrous consequences. This paper introduces ShuffleDetect as a new and efficient unsupervised method for the detection of adversarial images against trained convolutional neural networks. Its main feature is to split an input image into non-overlapping patches, then swap the patches according to permutations, and count the number of permutations for which the CNN classifies the unshuffled input image and the shuffled image into different categories. The image is declared adversarial if and only if the proportion of such permutations exceeds a certain threshold value. A series of 8 targeted or untargeted attacks was applied on 10 diverse and state-of-the-art ImageNet-trained CNNs, leading to 9500 relevant clean and adversarial images. We assessed the performance of ShuffleDetect intrinsically and compared it with another detector. Experiments show that ShuffleDetect is an easy-to-implement, very fast, and near memory-free detector that achieves high detection rates and low false positive rates. [less ▲]

A strategy creating high-resolution adversarial images against convolutional neural networks and a feasibility study on 10 CNNs

in Journal of Information and Telecommunication (2022), 7(1), 89-119

To perform image recognition, Convolutional Neural Networks (CNNs) assess any image by first resizing it to its input size. In particular, high-resolution images are scaled down, say to 224×244 for CNNs ... [more ▼]

To perform image recognition, Convolutional Neural Networks (CNNs) assess any image by first resizing it to its input size. In particular, high-resolution images are scaled down, say to 224×244 for CNNs trained on ImageNet. So far, existing attacks, aiming at creating an adversarial image that a CNN would misclassify while a human would not notice any difference between the modified and unmodified images, proceed by creating adversarial noise in the 224×244 resized domain and not in the high-resolution domain. The complexity of directly attacking high-resolution images leads to challenges in terms of speed, adversity and visual quality, making these attacks infeasible in practice. We design an indirect attack strategy that lifts to the high-resolution domain any existing attack that works efficiently in the CNN's input size domain. Adversarial noise created via this method is of the same size as the original image. We apply this approach to 10 state-of-the-art CNNs trained on ImageNet, with an evolutionary algorithm-based attack. Our method succeeded in 900 out of 1000 trials to create such adversarial images, that CNNs classify with probability ≥0.55 in the adversarial category. Our indirect attack is the first effective method at creating adversarial images in the high-resolution domain. [less ▲]

Evolutionary Algorithm-based images, humanly indistinguishable and adversarial against Convolutional Neural Networks: efficiency and filter robustness

in IEEE Access (2021)

Le rôle civilisationnel des universités

Article for general public (2021)

Privacy-Preserving Logistic Regression as a Cloud Service Based on Residue Number System

in Voevodin, Vladimir; Sobolev, Sergey (Eds.) 6th Russian Supercomputing Days, Moscow 21-22 September 2020 (2020, December)

How big is big? How fast is fast? A Hands-On Tutorial on Mathematics of Computation

Book published by Amazon (2020)

Reducing overfitting and improving generalization in training convolutional neural network under limited sample sizes in image recognition

in 5th International Conference on Information Technology, Bangsaen 21-22 October 2020 (2020)

The University of Luxembourg: A National Excellence Initiative

in Altbach, Phil; Reisberg, Liz; Salmi, Jamil (Eds.) et al Accelerated Universities: A ideas and Money Combine to Build Academic Excellence (2018)

Evolutionary Algorithms for Convolutional Neural Network Visualisation

in Meneses, Esteban; Castro, Harold; Barrios Hernández, Carlos Jaime (Eds.) et al High Performance Computing -- 5th Latin American Conference, CARLA 2018, Piedecuesta, Colombia (2018)

Deep Learning is based on deep neural networks trained over huge sets of examples. It enabled computers to compete with ---~or even outperform~--- humans at many tasks, from playing Go to driving ... [more ▼]

Deep Learning is based on deep neural networks trained over huge sets of examples. It enabled computers to compete with ---~or even outperform~--- humans at many tasks, from playing Go to driving vehicules. Still, it remains hard to understand how these networks actually operate. While an observer sees any individual local behaviour, he gets little insight about their global decision-making process. However, there is a class of neural networks widely used for image processing, convolutional networks, where each layer contains features working in parallel. By their structure, these features keep some spatial information across a network's layers. Visualisation of this spatial information at different locations in a network, notably on input data that maximise the activation of a given feature, can give insights on the way the model works. This paper investigates the use of Evolutionary Algorithms to evolve such input images that maximise feature activation. Compared with some pre-existing approaches, ours seems currently computationally heavier but with a wider applicability. [less ▲]

Hardened Bloom Filters, with an Application to Unobservability

in Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica (2013), 12(4), 11-22

Classical Bloom filters may be used to elegantly check if an element e belongs to a set S, and, if not, to add e to S. They do not store any data and only provide boolean answers regarding the membership ... [more ▼]

Classical Bloom filters may be used to elegantly check if an element e belongs to a set S, and, if not, to add e to S. They do not store any data and only provide boolean answers regarding the membership of a given element in the set, with some probability of false positive answers. Bloom filters are often used in caching system to check that some requested data actually exist before doing a costly lookup to retrieve them. However, security issues may arise for some other applications where an active attacker is able to inject data crafted to degrade the filters’ algorithmic properties, resulting for instance in a Denial of Service (DoS) situation. This leads us to the concept of hardened Bloom filters, combining classical Bloom filters with cryptographic hash functions and secret nonces. We show how this approach is successfully used in the TrueNyms unobservability system and protects it against replay attacks. [less ▲]