Benedetta Tondi scite author profile

Backdoor attacks against CNNs represent a new threat against deep learning systems, due to the possibility of corrupting the training set so to induce an incorrect behaviour at test time. To avoid that the trainer recognises the presence of the corrupted samples, the corruption of the training set must be as stealthy as possible. Previous works have focused on the stealthiness of the perturbation injected into the training samples, however they all assume that the labels of the corrupted samples are also poisoned. This greatly reduces the stealthiness of the attack, since samples whose content does not agree with the label can be identified by visual inspection of the training set or by running a pre-classification step. In this paper we present a new backdoor attack without label poisoning Since the attack works by corrupting only samples of the target class, it has the additional advantage that it does not need to identify beforehand the class of the samples to be attacked at test time. Results obtained on the MNIST digits recognition task and the traffic signs classification task show that backdoor attacks without label poisoning are indeed possible, thus raising a new alarm regarding the use of deep learning in security-critical applications.Index Terms-Adversarial learning, security of deep learning, backdoor poisoning attacks, training with poisoned data.

show abstract

The Source Identification Game: An Information-Theoretic Perspective

Barni

Tondi

2013

IEEE Trans.Inform.Forensic Secur.

134

View full text Add to dashboard Cite

We introduce a theoretical framework in which to cast the source identification problem. Thanks to the adoption of a game-theoretic approach, the proposed framework permits us to derive the ultimate achievable performance of the forensic analysis in the presence of an adversary aiming at deceiving it. The asymptotic Nash equilibrium of the source identification game is derived under an assumption on the resources on which the forensic analyst may rely. The payoff at the equilibrium is an- alyzed, deriving the conditions under which a successful forensic analysis is possible and the error exponent of the false-negative error probability in such a case. The difficulty of deriving a closed-form solution for general instances of the game is alleviated by the introduction of an efficient numerical procedure for the derivation of the optimum attacking strategy. The numerical analysis is applied to a case study to show the kind of information it can provide

show abstract

Aligned and non-aligned double JPEG detection using convolutional neural networks

Barni

Bondi

Bonettini

et al. 2017

Journal of Visual Communication and Image Representation

189

129

View full text Add to dashboard Cite

Due to the wide diffusion of JPEG coding standard, the image forensic community has devoted significant attention to the development of double JPEG (DJPEG) compression detectors through the years. The ability of detecting whether an image has been compressed twice provides paramount information toward image authenticity assessment. Given the trend recently gained by convolutional neural networks (CNN) in many computer vision tasks, in this paper we propose to use CNNs for aligned and non-aligned double JPEG compression detection. In particular, we explore the capability of CNNs to capture DJPEG artifacts directly from images. Results show that the proposed CNN-based detectors achieve good performance even with small size images (i.e., 64 Ã\u97 64), outperforming state-of-the-art solutions, especially in the non-aligned case. Besides, good results are also achieved in the commonly-recognized challenging case in which the first quality factor is larger than the second one

show abstract

Primary Quantization Matrix Estimation of Double Compressed JPEG Images via CNN

Niu

Tondi

Zhao

et al. 2020

IEEE Signal Process. Lett.

View full text Add to dashboard Cite

Available model-based techniques for the estimation of the primary quantization matrix in double-compressed JPEG images work only under specific conditions regarding the relationship between the first and second compression quality factors, and the alignment of the first and second JPEG compression grids. In this paper, we propose a single CNN-based estimation technique that can work under a very general range of settings. We do so, by adapting a dense CNN network to the problem at hand. Particular attention is paid to the choice of the loss function. Experimental results highlight several advantages of the new method, including: i) capability of working under very general conditions, ii) improved performance in terms of MSE and accuracy especially in the non-aligned case, iii) better spatial resolution due to the ability of providing good results also on small image patches.

show abstract

A universal technique to hide traces of histogram-based image manipulations

Barni

Fontani

Tondi

2012

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Benedetta Tondi

A New Backdoor Attack in CNNS by Training Set Corruption Without Label Poisoning

The Source Identification Game: An Information-Theoretic Perspective

Aligned and non-aligned double JPEG detection using convolutional neural networks

Primary Quantization Matrix Estimation of Double Compressed JPEG Images via CNN

A universal technique to hide traces of histogram-based image manipulations

Contact Info

Product

Resources

About