Effective Universal Unrestricted Adversarial Attacks Using a MOE Approach

Baia, Alina Elena; Bari, Gabriele Di; Poggioni, Valentina

doi:10.1007/978-3-030-72699-7_35

Cited by 7 publications

(7 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We propose a nested-evolutionary algorithm for generating universal unrestricted adversarial examples in a black-box scenario inspired by [13]. Given a sequence of image filters as input, the algorithm returns the best image-agnostic filter configuration which, applied to the images from the dataset, maximizes the classification error of the target model while the detection rate and the perturbation applied are minimized.…”

Section: Approach and Algorithmmentioning

confidence: 99%

Combining Attack Success Rate and DetectionRate for effective Universal Adversarial Attacks

Poggioni¹,

Baia²,

Milani³

2021

ESANN 2021 Proceedings

Self Cite

View full text Add to dashboard Cite

show abstract

Section: Approach and Algorithmmentioning

confidence: 99%

Combining Attack Success Rate and DetectionRate for effective Universal Adversarial Attacks

Poggioni¹,

Baia²,

Milani³

2021

ESANN 2021 Proceedings

Self Cite

View full text Add to dashboard Cite

show abstract

“…The diffusion and the wide use of deep learning methods for artificial intelligence systems, thus, pose significant security and privacy issues. From the security point of view, Adversarial Attacks (AA) showed that deep learning models can be easily fooled [ 13 , 14 , 15 , 16 , 17 , 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 ] while, from a privacy point of view, it has been shown that information can be easily extracted from dataset and learned model [ 26 , 27 , 28 ]. It has also been shown that attacking methods based on adversarial samples can be used for privacy-preserving purposes [ 29 , 30 , 31 , 32 , 33 ]: in this case, data are intentionally modified to avoid unauthorized information extraction by fooling the unauthorized software.…”

Section: Introductionmentioning

confidence: 99%

“…The fooling protecting filters are built by composing and parametrizing popular image-enhancing Instagram filters: they are the result of an optimization process implemented by a nested-evolutionary algorithm [ 13 , 14 , 33 ]. Applying these protecting filters to any image, we obtain a series of other images from which information extraction is more difficult.…”

Section: Introductionmentioning

confidence: 99%

“…The proposed algorithm combines the idea of a Multi-Objective Evolutionary (MOE) approach for adversarial attacks [ 13 ] with the per-instance approach presented in [ 33 ]. Compared to the MOE approach, we also introduce the use of a Full-Reference Image Quality Assessment (FR-IQA).…”

Section: Introductionmentioning

confidence: 99%

“…As proposed in [ 13 , 14 , 33 ], we have used popular Instagram image filters such as Clarendon, Juno, Reyes, Gingham, Lark, Hudson, Slumber, Stinson, Rise, and Perpetua . Each filter has distinct properties and aspects, such as different contrast, saturation, brightness, and shadow levels.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Lie to Me: Shield Your Emotions from Prying Software

Baia

Biondi

Franzoni

et al. 2022

Sensors

Self Cite

View full text Add to dashboard Cite

Deep learning approaches for facial Emotion Recognition (ER) obtain high accuracy on basic models, e.g., Ekman’s models, in the specific domain of facial emotional expressions. Thus, facial tracking of users’ emotions could be easily used against the right to privacy or for manipulative purposes. As recent studies have shown that deep learning models are susceptible to adversarial examples (images intentionally modified to fool a machine learning classifier) we propose to use them to preserve users’ privacy against ER. In this paper, we present a technique for generating Emotion Adversarial Attacks (EAAs). EAAs are performed applying well-known image filters inspired from Instagram, and a multi-objective evolutionary algorithm is used to determine the per-image best filters attacking combination. Experimental results on the well-known AffectNet dataset of facial expressions show that our approach successfully attacks emotion classifiers to protect user privacy. On the other hand, the quality of the images from the human perception point of view is maintained. Several experiments with different sequences of filters are run and show that the Attack Success Rate is very high, above 90% for every test.

show abstract