Search Results for author:
Found 68 papers, 21 papers with code
SoK: On the Offensive Potential of AI
Our society increasingly benefits from Artificial Intelligence (AI).
Robust image classification with multi-modal large language models
Deep Neural Networks are vulnerable to adversarial examples, i. e., carefully crafted input samples that can cause models to make incorrect predictions with high confidence.
On the Robustness of Adversarial Training Against Uncertainty Attacks
In learning problems, the noise inherent to the task at hand hinders the possibility to infer without a certain degree of uncertainty.
Adversarial Pruning: A Survey and Benchmark of Pruning Methods for Adversarial Robustness
Recent work has proposed neural network pruning techniques to reduce the size of a network while preserving robustness against adversarial examples, i. e., well-crafted inputs inducing a misclassification.
Sonic: Fast and Transferable Data Poisoning on Clustering Algorithms
Data poisoning attacks on clustering algorithms have received limited attention, with existing methods struggling to scale efficiently as dataset sizes and feature counts increase.
HO-FMN: Hyperparameter Optimization for Fast Minimum-Norm Attacks
Gradient-based attacks are a primary tool to evaluate robustness of machine-learning models.
Countermeasures Against Adversarial Examples in Radio Signal Classification
In this letter, we propose for the first time a countermeasure against adversarial examples in modulation classification.
A Hybrid Training-time and Run-time Defense Against Adversarial Attacks in Modulation Classification
Motivated by the superior performance of deep learning in many applications including computer vision and natural language processing, several recent studies have focused on applying deep neural network for devising future generations of wireless networks.
Over-parameterization and Adversarial Robustness in Neural Networks: An Overview and Empirical Analysis
Relevant literature has claimed contradictory remarks in support of and against the robustness of over-parameterized networks.
SLIFER: Investigating Performance and Robustness of Malware Detection Pipelines
As a result of decades of research, Windows malware detection is approached through a plethora of techniques.
A New Formulation for Zeroth-Order Optimization of Adversarial EXEmples in Malware Detection
Machine learning malware detectors are vulnerable to adversarial EXEmples, i. e. carefully-crafted Windows programs tailored to evade detection.
AttackBench: Evaluating Gradient-based Attacks for Adversarial Examples
While novel attacks are continuously proposed, each is shown to outperform its predecessors using different experimental setups, hyperparameter settings, and number of forward and backward calls to the target models.
Robust Synthetic Data-Driven Detection of Living-Off-the-Land Reverse Shells
Living-off-the-land (LOTL) techniques pose a significant challenge to security operations, exploiting legitimate tools to execute malicious commands that evade traditional detection methods.
Robustness-Congruent Adversarial Training for Secure Machine Learning Model Updates
In this work, we show that this problem also affects robustness to adversarial examples, thereby hindering the development of secure model update practices.
Serial fusion of multi-modal biometric systems
Serial, or sequential, fusion of multiple biometric matchers has been not thoroughly investigated so far.
3D Face Reconstruction: the Road to Forensics
Therefore, it provides an analysis of the achievements of 3D face reconstruction algorithms from surveillance videos and mugshot images and discusses the current obstacles that separate 3D face reconstruction from an active role in forensic applications.
Adversarial Attacks Against Uncertainty Quantification
Machine-learning models can be fooled by adversarial examples, i. e., carefully-crafted input perturbations that force models to output wrong predictions.
Nebula: Self-Attention for Dynamic Malware Analysis
Dynamic analysis enables detecting Windows malware by executing programs in a controlled environment and logging their actions.
Hardening RGB-D Object Recognition Systems against Adversarial Patch Attacks
We empirically show that this defense improves the performances of RGB-D systems against adversarial examples even when they are computed ad-hoc to circumvent this detection mechanism, and that is also more effective than adversarial training.
Minimizing Energy Consumption of Deep Learning Models by Energy-Aware Training
Deep learning models undergo a significant increase in the number of parameters they possess, leading to the execution of a larger number of operations during inference.
Dropout Injection at Test Time for Post Hoc Uncertainty Quantification in Neural Networks
Among Bayesian methods, Monte-Carlo dropout provides principled tools for evaluating the epistemic uncertainty of neural networks.
A Survey on Reinforcement Learning Security with Application to Autonomous Driving
Reinforcement learning allows machines to learn from their own experience.
Practical Attacks on Machine Learning: A Case Study on Adversarial Windows Malware
While machine learning is vulnerable to adversarial examples, it still lacks systematic procedures and tools for evaluating its security in different application contexts.
Support Vector Machines under Adversarial Label Contamination
Machine learning algorithms are increasingly being applied in security-related tasks such as spam and malware detection, although their security properties against deliberate attacks have not yet been widely understood.
Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning
In this survey, we provide a comprehensive systematization of poisoning attacks and defenses in machine learning, reviewing more than 100 papers published in the field in the last 15 years.
Machine Learning Security against Data Poisoning: Are We There Yet?
The recent success of machine learning (ML) has been fueled by the increasing availability of computing power and large amounts of data in many different applications.
Energy-Latency Attacks via Sponge Poisoning
Sponge examples are test-time inputs carefully optimized to increase energy consumption and latency of neural networks when deployed on hardware accelerators.
ImageNet-Patch: A Dataset for Benchmarking Machine Learning Robustness against Adversarial Patches
We showcase the usefulness of this dataset by testing the effectiveness of the computed patches against 127 models.
Fingerprint recognition with embedded presentation attacks detection: are we ready?
Accordingly, this paper explores the fusion of PAD into verification systems by proposing a novel investigation instrument: a performance simulator based on the probabilistic modeling of the relationships among the Receiver Operating Characteristics (ROC) of the two individual systems when PAD and verification stages are implemented sequentially.
Can machines learn to see without visual databases?
This paper sustains the position that the time has come for thinking of learning machines that conquer visual skills in a truly human-like context, where a few human-like object supervisions are given by vocal interactions and pointing aids only.
Why Adversarial Reprogramming Works, When It Fails, and How to Tell the Difference
Adversarial reprogramming allows repurposing a machine-learning model to perform a different task.
Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples
Evaluating robustness of machine-learning models to adversarial examples is a challenging problem.
Adversarial EXEmples: Functionality-preserving Optimization of Adversarial Windows Malware
Windows malware classifiers that rely on static analysis have been proven vulnerable to adversarial EXEmples, i. e., malware samples carefully manipulated to evade detection.
Backdoor Learning Curves: Explaining Backdoor Poisoning Beyond Influence Functions
Backdoor attacks inject poisoning samples during training, with the goal of forcing a machine learning model to output an attacker-chosen class when presented a specific trigger at test time.
BAARD: Blocking Adversarial Examples by Testing for Applicability, Reliability and Decidability
Applicability Domain defines a domain based on the known compounds and rejects any unknown compound that falls outside the domain.
The Hammer and the Nut: Is Bilevel Optimization Really Needed to Poison Linear Classifiers?
One of the most concerning threats for modern AI systems is data poisoning, where the attacker injects maliciously crafted training data to corrupt the system's behavior at test time.
Fast Minimum-norm Adversarial Attacks through Adaptive Norm Constraints
Evaluating adversarial robustness amounts to finding the minimum perturbation needed to have an input sample misclassified.
Detecting Anomalies from Video-Sequences: a Novel Descriptor
We present a novel descriptor for crowd behavior analysis and anomaly detection.
Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection
Recent work has shown that adversarial Windows malware samples - referred to as adversarial EXEmples in this paper - can bypass machine learning-based detection relying on static code analysis by perturbing relatively few input bytes.
Are spoofs from latent fingerprints a real threat for the best state-of-art liveness detectors?
We investigated the threat level of realistic attacks using latent fingerprints against sensors equipped with state-of-art liveness detectors and fingerprint verification systems which integrate such liveness algorithms.
Domain Knowledge Alleviates Adversarial Attacks in Multi-Label Classifiers
Adversarial attacks on machine learning-based classifiers, along with defense mechanisms, have been widely studied in the context of single-label classification problems.
Adversarial Feature Selection against Evasion Attacks
Pattern recognition and machine learning techniques have been increasingly adopted in adversarial settings such as spam, intrusion and malware detection, although their security against well-crafted attacks that aim to evade detection by manipulating data at test time has not yet been thoroughly assessed.
Do Gradient-based Explanations Tell Anything About Adversarial Robustness to Android Malware?
While machine-learning algorithms have demonstrated a strong ability in detecting Android malware, they can be evaded by sparse evasion attacks crafted by injecting a small set of fake components, e. g., permissions and system calls, without compromising intrusive functionality.
Functionality-preserving Black-box Optimization of Adversarial Windows Malware
Windows malware detectors based on machine learning are vulnerable to adversarial examples, even if the attacker is only given black-box query access to the model.
Cryptography and Security
A novel classification-selection approach for the self updating of template-based face recognition systems
Consequently, computational complexity and storage space tend to be among the critical requirements of these algorithms.
Deep Neural Rejection against Adversarial Examples
Despite the impressive performances reported by deep neural networks in different application domains, they remain largely vulnerable to adversarial examples, i. e., input samples that are carefully perturbed to cause misclassification at test time.
Towards Quality Assurance of Software Product Lines with Adversarial Configurations
Software product line (SPL) engineers put a lot of effort to ensure that, through the setting of a large number of possible configuration options, products are acceptable and well-tailored to customers' needs.
3D Face Mask Presentation Attack Detection Based on Intrinsic Image Analysis
So, we propose a novel detection method for 3D face mask presentation attack by modeling reflectance differences based on intrinsic image analysis.
Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries
Based on this finding, we propose a novel attack algorithm that generates adversarial malware binaries by only changing few tens of bytes in the file header.
Cryptography and Security
Poisoning Behavioral Malware Clustering
Clustering algorithms have become a popular tool in computer security to analyze the behavior of malware variants, identify novel malware families, and generate signatures for antivirus systems.
Is Data Clustering in Adversarial Settings Secure?
In this work we propose a general framework that allows one to identify potential attacks against clustering algorithms, and to evaluate their impact, by making specific assumptions on the adversary's goal, knowledge of the attacked system, and capabilities of manipulating the input data.
Face Presentation Attack Detection in Learned Color-liked Space
Face presentation attack detection (PAD) has become a thorny problem for biometric systems and numerous countermeasures have been proposed to address it.
Face Presentation Attack Detection
Generative Adversarial Network
+1
Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks
Transferability captures the ability of an attack against a machine-learning model to be effective against a different, potentially unknown, model.
Towards Adversarial Configurations for Software Product Lines
Ensuring that all supposedly valid configurations of a software product line (SPL) lead to well-formed and acceptable products is challenging since it is most of the time impractical to enumerate and test all individual products of an SPL.
Is feature selection secure against training data poisoning?
Learning in adversarial settings is becoming an important task for application domains where attackers may inject malicious data into the training set to subvert normal operation of data-driven technologies.
Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables
Machine-learning methods have already been exploited as useful tools for detecting malicious executable files.
Cryptography and Security
Explaining Black-box Android Malware Detection
In this work, we generalize this approach to any black-box machine- learning model, by leveraging a gradient-based approach to identify the most influential local features.
Super-sparse Learning in Similarity Spaces
In several applications, input samples are more naturally represented in terms of similarities between each other, rather than in terms of feature vectors.
Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
In this work, we provide a thorough overview of the evolution of this research area over the last ten years and beyond, starting from pioneering, earlier work on the security of non-deep learning algorithms up to more recent work aimed to understand the security properties of deep learning algorithms, in the context of computer vision and cybersecurity tasks.
Security Evaluation of Pattern Classifiers under Attack
We propose a framework for empirical evaluation of classifier security that formalizes and generalizes the main ideas proposed in the literature, and give examples of its use in three real applications.
On Security and Sparsity of Linear Classifiers for Adversarial Settings
However, in such settings, they have been shown to be vulnerable to adversarial attacks, including the deliberate manipulation of data at test time to evade detection.
Towards Poisoning of Deep Learning Algorithms with Back-gradient Optimization
This exposes learning algorithms to the threat of data poisoning, i. e., a coordinate attack in which a fraction of the training data is controlled by the attacker and manipulated to subvert the learning process.
Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid
Deep neural networks have been widely adopted in recent years, exhibiting impressive performances in several application domains.
Evasion Attacks against Machine Learning at Test Time
In security-sensitive applications, the success of machine learning depends on a thorough vetting of their resistance to adversarial data.
Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection
To cope with the increasing variability and sophistication of modern attacks, machine learning has been widely adopted as a statistically-sound tool for malware detection.
Cryptography and Security
Statistical Meta-Analysis of Presentation Attacks for Secure Multibiometric Systems
Prior work has shown that multibiometric systems are vulnerable to presentation attacks, assuming that their matching score distribution is identical to that of genuine users, without fabricating any fake trait.
Review of the Fingerprint Liveness Detection (LivDet) competition series: 2009 to 2015
The goals for the Liveness Detection (LivDet) competitions are to compare software-based fingerprint liveness detection and artifact detection algorithms (Part 1), as well as fingerprint systems which incorporate liveness detection or artifact detection capabilities (Part 2), using a standardized testing protocol and large quantities of spoof and live tests.
Randomized Prediction Games for Adversarial Machine Learning
In spam and malware detection, attackers exploit randomization to obfuscate malicious data and increase their chances of evading detection at test time; e. g., malware code is typically obfuscated using random strings or byte sequences to hide known exploits.
