Search Results for author:
Found 29 papers, 11 papers with code
JMA: a General Algorithm to Craft Nearly Optimal Targeted Adversarial Example
Most of the approaches proposed so far to craft targeted adversarial examples against Deep Learning classifiers are highly suboptimal and typically rely on increasing the likelihood of the target class, thus implicitly focusing on one-hot encoding settings.
Robust Retraining-free GAN Fingerprinting via Personalized Normalization
In recent years, there has been significant growth in the commercial applications of generative models, licensed and distributed by model developers to users, who in turn use them to offer services.
Wide Flat Minimum Watermarking for Robust Ownership Verification of GANs
We present the results of extensive experiments showing that the presence of the watermark has a negligible impact on the quality of the generated images, and proving the superior robustness of the watermark against model modification and surrogate model attacks.
A Siamese-based Verification System for Open-set Architecture Attribution of Synthetic Images
In the second setting, the system verifies a claim about the architecture used to generate a synthetic image, utilizing one or multiple reference images generated by the claimed architecture.
Open Set Classification of GAN-based Image Manipulations via a ViT-based Hybrid Architecture
Classification of AI-manipulated content is receiving great attention, for distinguishing different types of manipulations.
Universal Detection of Backdoor Attacks via Density-based Clustering and Centroids Analysis
Experiments carried out on several classification tasks and network architectures, considering different types of backdoor attacks (with either clean or corrupted labels), and triggering signals, including both global and local triggering signals, as well as sample-specific and source-specific triggers, reveal that the proposed method is very effective to defend against backdoor attacks in all the cases, always outperforming the state of the art techniques.
An Overview on the Generation and Detection of Synthetic and Manipulated Satellite Images
While we focus mostly on forensic techniques explicitly tailored to the detection of AI-generated synthetic contents, we also review some methods designed for general splicing detection, which can in principle also be used to spot AI manipulate images
Supervised GAN Watermarking for Intellectual Property Protection
The aim is to watermark the GAN model so that any image generated by the GAN contains an invisible watermark (signature), whose presence inside the image can be checked at a later stage for ownership verification.
Which country is this picture from? New data and methods for DNN-based country recognition
Notably, we found that asking the network to identify the country provides better results than estimating the geo-coordinates and then tracing them back to the country where the picture was taken.
Robust and Large-Payload DNN Watermarking via Fixed, Distribution-Optimized, Weights
The design of an effective multi-bit watermarking algorithm hinges upon finding a good trade-off between the three fundamental requirements forming the watermarking trade-off triangle, namely, robustness against network modifications, payload, and unobtrusiveness, ensuring minimal impact on the performance of the watermarked network.
A temporal chrominance trigger for clean-label backdoor attack against anti-spoof rebroadcast detection
We propose a stealthy clean-label video backdoor attack against Deep Learning (DL)-based models aiming at detecting a particular class of spoofing attacks, namely video rebroadcast attacks.
An Architecture for the detection of GAN-generated Flood Images with Localization Capabilities
In this paper, we address a new image forensics task, namely the detection of fake flood images generated by ClimateGAN architecture.
An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences
The classification guiding the analysis is based on the amount of control that the attacker has on the training process, and the capability of the defender to verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time.
A Master Key Backdoor for Universal Impersonation Attack against DNN-based Face Verification
We introduce a new attack against face verification systems based on Deep Neural Networks (DNN).
Image Splicing Detection, Localization and Attribution via JPEG Primary Quantization Matrix Estimation and Clustering
We assume that both the spliced regions and the background image have undergone a double JPEG compression, and use a local estimate of the primary quantization matrix to distinguish between spliced regions taken from different sources.
Spread-Transform Dither Modulation Watermarking of Deep Neural Network
DNN watermarking is receiving an increasing attention as a suitable mean to protect the Intellectual Property Rights associated to DNN models.
Boosting CNN-based primary quantization matrix estimation of double JPEG images via a classification-like architecture
The method is based on a Convolutional Neural Network (CNN) that is trained to solve the estimation as a standard regression problem.
CNN Detection of GAN-Generated Face Images based on Cross-Band Co-occurrences Analysis
Last-generation GAN models allow to generate synthetic images which are visually indistinguishable from natural ones, raising the need to develop tools to distinguish fake and natural images thus contributing to preserve the trustworthiness of digital images.
Increased-confidence adversarial examples for deep learning counter-forensics
Transferability of adversarial examples is a key issue to apply this kind of attacks against multimedia forensics (MMF) techniques based on Deep Learning (DL) in a real-life setting.
Challenging the adversarial robustness of DNNs based on error-correcting output codes
The existence of adversarial examples and the easiness with which they can be generated raise several security concerns with regard to deep learning systems, pushing researchers to develop suitable defense mechanisms.
Copy Move Source-Target Disambiguation through Multi-Branch CNNs
We propose a method to identify the source and target regions of a copy-move forgery so allow a correct localisation of the tampered area.
Effectiveness of random deep feature selection for securing image manipulation detectors against adversarial examples
We investigate if the random feature selection approach proposed in [1] to improve the robustness of forensic detectors to targeted attacks, can be extended to detectors based on deep learning features.
Attacking CNN-based anti-spoofing face authentication in the physical domain
In this paper, we study the vulnerability of anti-spoofing methods based on deep learning against adversarial perturbations.
Cryptography and Security
Primary quantization matrix estimation of double compressed JPEG images via CNN
Available model-based techniques for the estimation of the primary quantization matrix in double-compressed JPEG images work only under specific conditions regarding the relationship between the first and second compression quality factors, and the alignment of the first and second JPEG compression grids.
A new Backdoor Attack in CNNs by training set corruption without label poisoning
In this paper we present a new backdoor attack without label poisoning Since the attack works by corrupting only samples of the target class, it has the additional advantage that it does not need to identify beforehand the class of the samples to be attacked at test time.
On the Transferability of Adversarial Examples Against CNN-Based Image Forensics
In this paper, we investigate if attack transferability also holds in image forensics applications.
Cryptography and Security
CNN-Based Detection of Generic Constrast Adjustment with JPEG Post-processing
Detection of contrast adjustments in the presence of JPEG postprocessing is known to be a challenging task.
Secure Detection of Image Manipulation by means of Random Feature Selection
We address the problem of data-driven image manipulation detection in the presence of an attacker with limited knowledge about the detector.
Cryptography and Security
Adversarial Source Identification Game with Corrupted Training
We study a variant of the source identification game with training data in which part of the training data is corrupted by an attacker.
