Exploiting Vulnerabilities of Deep Neural Networks for Privacy Protection

Sánchez-Matilla, Ricardo; Li, Chau Yi; Shamsabadi, Ali Shahin; Mazzon, Riccardo; Cavallaro, Andrea

doi:10.1109/tmm.2020.2987694

Cited by 18 publications

(5 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are differences in these five parts of the current mainstream CNN models ( Khan et al, 2019 ). Since Resnet solves the problem of network degradation in DL, it becomes the backbone network for subsequent research ( Sanchez-Matilla et al, 2020 ; Veit and Belongie, 2020 ; Zhang et al, 2020b ). In this study, Resnet-18 was used as the backbone network to construct CNNs ( He et al, 2016 ).…”

Section: Methodsmentioning

confidence: 99%

Combining Multi-Dimensional Convolutional Neural Network (CNN) With Visualization Method for Detection of Aphis gossypii Glover Infection in Cotton Leaves Using Hyperspectral Imaging

Yan

Jiao

et al. 2021

Front. Plant Sci.

View full text Add to dashboard Cite

Cotton is a significant economic crop. It is vulnerable to aphids (Aphis gossypii Glovers) during the growth period. Rapid and early detection has become an important means to deal with aphids in cotton. In this study, the visible/near-infrared (Vis/NIR) hyperspectral imaging system (376–1044 nm) and machine learning methods were used to identify aphid infection in cotton leaves. Both tall and short cotton plants (Lumianyan 24) were inoculated with aphids, and the corresponding plants without aphids were used as control. The hyperspectral images (HSIs) were acquired five times at an interval of 5 days. The healthy and infected leaves were used to establish the datasets, with each leaf as a sample. The spectra and RGB images of each cotton leaf were extracted from the hyperspectral images for one-dimensional (1D) and two-dimensional (2D) analysis. The hyperspectral images of each leaf were used for three-dimensional (3D) analysis. Convolutional Neural Networks (CNNs) were used for identification and compared with conventional machine learning methods. For the extracted spectra, 1D CNN had a fine classification performance, and the classification accuracy could reach 98%. For RGB images, 2D CNN had a better classification performance. For HSIs, 3D CNN performed moderately and performed better than 2D CNN. On the whole, CNN performed relatively better than conventional machine learning methods. In the process of 1D, 2D, and 3D CNN visualization, the important wavelength ranges were analyzed in 1D and 3D CNN visualization, and the importance of wavelength ranges and spatial regions were analyzed in 2D and 3D CNN visualization. The overall results in this study illustrated the feasibility of using hyperspectral imaging combined with multi-dimensional CNN to detect aphid infection in cotton leaves, providing a new alternative for pest infection detection in plants.

show abstract

Section: Methodsmentioning

confidence: 99%

Combining Multi-Dimensional Convolutional Neural Network (CNN) With Visualization Method for Detection of Aphis gossypii Glover Infection in Cotton Leaves Using Hyperspectral Imaging

Yan

Jiao

et al. 2021

Front. Plant Sci.

View full text Add to dashboard Cite

show abstract

“…Given an image as input, the adversarial attack can be realized by adding imperceptible noises or applying natural transformations. On the one hand, several adversarial noise attack methods got promising attack results, such as gradient computation based fast gradient sign method (FGSM) [28], iterative-version FGSM [29], momentum iterative FGSM [30], different distance metrics based C&W method [31], attended regions and features based TAA method [32], randomization based [33], perceptually aware and stealthy adversarial denoise [34], and so on. On the other hand, some natural transformations that are imperceptible to humans can be applied for image attack.…”

Section: General Adversarial Attacksmentioning

confidence: 99%

Adversarial Relighting against Face Recognition

Gao¹,

Gao²,

Zhang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Deep face recognition (FR) has achieved significantly high accuracy on several challenging datasets and fosters successful real-world applications, even showing high robustness to the illumination variation that is usually regarded as a main threat to the FR system. However, in the real world, illumination variation caused by diverse lighting conditions cannot be fully covered by the limited face dataset. In this paper, we study the threat of lighting against FR from a new angle, i.e., adversarial attack, and identify a new task, i.e., adversarial relighting. Given a face image, adversarial relighting aims to produce a naturally relighted counterpart while fooling the state-of-the-art deep FR methods. To this end, we first propose the physical modelbased adversarial relighting attack (ARA) denoted as albedoquotient-based adversarial relighting attack (AQ-ARA). It generates natural adversarial light under the physical lighting model and guidance of FR systems and synthesizes adversarially relighted face images. Moreover, we propose the auto-predictive adversarial relighting attack (AP-ARA) by training an adversarial relighting network (ARNet) to automatically predict the adversarial light in a one-step manner according to different input faces, allowing efficiency-sensitive applications . More importantly, we propose to transfer the above digital attacks to physical ARA (Phy-ARA) through a precise relighting device, making the estimated adversarial lighting condition reproducible in the real world. We validate our methods on three state-of-the-art deep FR methods, i.e., FaceNet, ArcFace, and CosFace, on two public datasets. The extensive and insightful results demonstrate our work can generate realistic adversarial relighted face images fooling FR easily, revealing the threat of specific light directions and strengths.

show abstract

“…Recognizing scenes is challenging since it involves understanding the context of the characteristic concepts in different scene categories. We consider a specific task called Pixel Privacy [70], which was introduced by the MediaEval Multimedia Benchmark, and has been explored in the following work on adversarial images [32], [71], [72]. This task is focused on developing image modification techniques that can protect privacy-sensitive scene information of users against automatic inference of privacy-sensitive scene information.…”

Section: Scene Recognitionmentioning

confidence: 99%

Adversarial Robustness Against Image Color Transformation within Parametric Filter Space

Zhao¹,

Liu²,

Larson³

2020

Preprint

View full text Add to dashboard Cite

We propose Adversarial Color Enhancement (ACE), a novel approach to generating non-suspicious adversarial images by optimizing a color transformation within a parametric filter space. The filter we use approximates human-understandable color curve adjustment, constraining ACE with a single, continuous function. This property gives rise to a principled adversarial action space explicitly controlled by filter parameters. Existing color transformation attacks are not guided by a parametric space, and, consequently, additional pixel-related constraints such as regularization and sampling are necessary. These constraints make methodical analysis difficult. In this paper, we carry out a systematic robustness analysis of ACE from both the attack and defense perspectives by varying the bound of the color filter parameters. We investigate a general formulation of ACE and also a variant targeting particularly appealing color styles, as achieved with popular image filters. From the attack perspective, we provide extensive experiments on the vulnerability of image classifiers, but also explore the vulnerability of segmentation and aesthetic quality assessment algorithms, in both the white-box and black-box scenarios. From the defense perspective, more experiments provide insight into the stability of ACE against input transformation-based defenses and show the potential of adversarial training for improving model robustness against ACE.

show abstract

Exploiting Vulnerabilities of Deep Neural Networks for Privacy Protection

Cited by 18 publications

References 19 publications

Combining Multi-Dimensional Convolutional Neural Network (CNN) With Visualization Method for Detection of Aphis gossypii Glover Infection in Cotton Leaves Using Hyperspectral Imaging

Combining Multi-Dimensional Convolutional Neural Network (CNN) With Visualization Method for Detection of Aphis gossypii Glover Infection in Cotton Leaves Using Hyperspectral Imaging

Adversarial Relighting against Face Recognition

Adversarial Robustness Against Image Color Transformation within Parametric Filter Space

Contact Info

Product

Resources

About