Are You Tampering with My Data?

Alberti, Michele; Pondenkandath, Vinaychandran; Würsch, Marcel; Bouillon, Manuel; Seuret, Mathias; Ingold, Rolf; Liwicki, Marcus

doi:10.1007/978-3-030-11012-3_25

Cited by 15 publications

(12 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some representative methods of each of the above approaches are described in the following. 1) Design of strong, ad-hoc, triggering patterns: The first clean-label backdoor attack was proposed by Alberti et al [69] in 2018. The attacker implements a one-pixel modification to all the images of the target class t in the training dataset D tr .…”

Section: B Clean-label Attacksmentioning

confidence: 99%

An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

Guo¹,

Tondi²,

Barni³

2021

Preprint

View full text Add to dashboard Cite

Together with impressive advances touching every aspect of our society, AI technology based on Deep Neural Networks (DNN) is bringing increasing security concerns. While attacks operating at test time have monopolised the initial attention of researchers, backdoor attacks, exploiting the possibility of corrupting DNN models by interfering with the training process, represents a further serious threat undermining the dependability of AI techniques. In a backdoor attack, the attacker corrupts the training data so to induce an erroneous behaviour at test time. Test time errors, however, are activated only in the presence of a triggering event corresponding to a properly crafted input sample. In this way, the corrupted network continues to work as expected for regular inputs, and the malicious behaviour occurs only when the attacker decides to activate the backdoor hidden within the network. In the last few years, backdoor attacks have been the subject of an intense research activity focusing on both the development of new classes of attacks, and the proposal of possible countermeasures. The goal of this overview paper is to review the works published until now, classifying the different types of attacks and defences proposed so far. The classification guiding the analysis is based on the amount of control that the attacker has on the training process, and the capability of the defender to verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time. As such, the proposed analysis is particularly suited to highlight the strengths and weaknesses of both attacks and defences with reference to the application scenarios they are operating in.

show abstract

Section: B Clean-label Attacksmentioning

confidence: 99%

An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

Guo¹,

Tondi²,

Barni³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…For example, one can look at the diversity in the inherent nature of adversarial examples for humans and computers. While humans can be fooled by simple optical illusions [ 39 ], they would never be fooled by synthetic adversarial images, which are extremely effective at deceiving neural networks [ 13 , 40 ]. Another way to analyse the difference is to look into what types of error humans and networks are more susceptible to when performing object recognition.…”

Section: Related Workmentioning

confidence: 99%

Cross-Depicted Historical Motif Categorization and Retrieval with Deep Learning

et al. 2020

Self Cite

View full text Add to dashboard Cite

In this paper, we tackle the problem of categorizing and identifying cross-depicted historical motifs using recent deep learning techniques, with aim of developing a content-based image retrieval system. As cross-depiction, we understand the problem that the same object can be represented (depicted) in various ways. The objects of interest in this research are watermarks, which are crucial for dating manuscripts. For watermarks, cross-depiction arises due to two reasons: (i) there are many similar representations of the same motif, and (ii) there are several ways of capturing the watermarks, i.e., as the watermarks are not visible on a scan or photograph, the watermarks are typically retrieved via hand tracing, rubbing, or special photographic techniques. This leads to different representations of the same (or similar) objects, making it hard for pattern recognition methods to recognize the watermarks. While this is a simple problem for human experts, computer vision techniques have problems generalizing from the various depiction possibilities. In this paper, we present a study where we use deep neural networks for categorization of watermarks with varying levels of detail. The macro-averaged F1-score on an imbalanced 12 category classification task is 88.3 %, the multi-labelling performance (Jaccard Index) on a 622 label task is 79.5 %. To analyze the usefulness of an image-based system for assisting humanities scholars in cataloguing manuscripts, we also measure the performance of similarity matching on expert-crafted test sets of varying sizes (50 and 1000 watermark samples). A significant outcome is that all relevant results belonging to the same super-class are found by our system (Mean Average Precision of 100%), despite the cross-depicted nature of the motifs. This result has not been achieved in the literature so far.

show abstract

“…This check as one can imagine is very quick and hence does not affect the regular flow or run-time of an experiment. However, this type of verification, albeit quick, is not secure against a malicious manipulation of the data, since a skilled attacker might modify it in subtle ways [9] and tamper the time stamp on the file system too. To combat this -very remotethreat, there is the possibility to activate a deep inspection of the dataset integrity using the stored SHA-1 hashes.…”

Section: ) Data Integrity Managementmentioning

confidence: 99%

Improving Reproducible Deep Learning Workflows with DeepDIVA

Alberti

Pondenkandath

Vögtlin

et al. 2019

2019 6th Swiss Conference on Data Science (SDS)

Self Cite

View full text Add to dashboard Cite

The field of deep learning is experiencing a trend towards producing reproducible research. Nevertheless, it is still often a frustrating experience to reproduce scientific results. This is especially true in the machine learning community, where it is considered acceptable to have black boxes in your experiments. We present DeepDIVA, a framework designed to facilitate easy experimentation and their reproduction. This framework allows researchers to share their experiments with others, while providing functionality that allows for easy experimentation, such as: boilerplate code, experiment management, hyper-parameter optimization, verification of data integrity and visualization of data and results. Additionally, the code of DeepDIVA is welldocumented and supported by several tutorials that allow a new user to quickly familiarize themselves with the framework.

show abstract

Are You Tampering with My Data?

Cited by 15 publications

References 54 publications

An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

Cross-Depicted Historical Motif Categorization and Retrieval with Deep Learning

Improving Reproducible Deep Learning Workflows with DeepDIVA

Contact Info

Product

Resources

About