Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

Akhtar, Naveed; Mian, Ajmal

doi:10.1109/access.2018.2807385

Cited by 1,719 publications

(1,038 citation statements)

References 424 publications

Supporting

Mentioning

962

Contrasting

Unclassified

Order By: Relevance

“…In safety critical applications like automatic drug injection in humans, guidance and navigation of autonomous vehicles or oil well drilling a black-box approach will be unacceptable. In fact the vulnerability of DNN have been been exposed beyond doubt in several recent works [137], [138], [139]. These models can also be extremely biased depending upon the data they were trained on.…”

Section: B Data-driven Modelingmentioning

confidence: 99%

Digital Twin: Values, Challenges and Enablers From a Modeling Perspective

2020

View full text Add to dashboard Cite

A digital twin can be defined as an adaptive model of a complex physical system. Recent advances in computational pipelines, multiphysics solvers, artificial intelligence, big data cybernetics, data processing and management tools bring the promise of digital twins and their impact on society closer to reality. Digital twinning is now an important and emerging trend in many applications. Also referred to as a computational megamodel, device shadow, mirrored system, avatar or a synchronized virtual prototype, there can be no doubt that a digital twin plays a transformative role not only in how we design and operate cyber-physical intelligent systems, but also in how we advance the modularity of multi-disciplinary systems to tackle fundamental barriers not addressed by the current, evolutionary modeling practices. In this work, we review the recent status of methodologies and techniques related to the construction of digital twins. Our aim is to provide a detailed coverage of the current challenges and enabling technologies along with recommendations and reflections for various stakeholders.

show abstract

Section: B Data-driven Modelingmentioning

confidence: 99%

Digital Twin: Values, Challenges and Enablers From a Modeling Perspective

2020

View full text Add to dashboard Cite

show abstract

“…Critically, many high‐performing algorithms (eg, deep neural networks, proprietary models) are “black boxes,” since it is currently not understood how these models combine features to output the severity of a disorder. This creates a lack of trust since they have been shown to be fooled by adversarial attacks (ie, perceptually small manipulations in the inputs that create incorrect outputs) . This is why a recent European Union regulation requires a right to obtain an explanation of life‐affecting decisions from automated algorithms such as clinical assessments, and DARPA has released an Explainable Artificial Intelligence program to tackle these challenges (“Explain and interpret models to reduce bias and improve scientific understanding” guideline in the Section 4).…”

Section: Introductionmentioning

confidence: 99%

Automated assessment of psychiatric disorders using speech: A systematic review

Low

Bentley

Ghosh

2020

Laryngoscope Investig Oto

290

268

View full text Add to dashboard Cite

Objective There are many barriers to accessing mental health assessments including cost and stigma. Even when individuals receive professional care, assessments are intermittent and may be limited partly due to the episodic nature of psychiatric symptoms. Therefore, machine‐learning technology using speech samples obtained in the clinic or remotely could one day be a biomarker to improve diagnosis and treatment. To date, reviews have only focused on using acoustic features from speech to detect depression and schizophrenia. Here, we present the first systematic review of studies using speech for automated assessments across a broader range of psychiatric disorders. Methods We followed the Preferred Reporting Items for Systematic Reviews and Meta‐Analysis (PRISMA) guidelines. We included studies from the last 10 years using speech to identify the presence or severity of disorders within the Diagnostic and Statistical Manual of Mental Disorders (DSM‐5). For each study, we describe sample size, clinical evaluation method, speech‐eliciting tasks, machine learning methodology, performance, and other relevant findings. Results 1395 studies were screened of which 127 studies met the inclusion criteria. The majority of studies were on depression, schizophrenia, and bipolar disorder, and the remaining on post‐traumatic stress disorder, anxiety disorders, and eating disorders. 63% of studies built machine learning predictive models, and the remaining 37% performed null‐hypothesis testing only. We provide an online database with our search results and synthesize how acoustic features appear in each disorder. Conclusion Speech processing technology could aid mental health assessments, but there are many obstacles to overcome, especially the need for comprehensive transdiagnostic and longitudinal studies. Given the diverse types of data sets, feature extraction, computational methodologies, and evaluation criteria, we provide guidelines for both acquiring data and building machine learning models with a focus on testing hypotheses, open science, reproducibility, and generalizability. Level of Evidence 3a

show abstract

“…1 A) [39]. Worse, adversarial examples are often transferable across algorithms (see [1] for a recent review), and certain "universal" perturbations fool any algorithm.…”

Section: Introductionmentioning

confidence: 99%

Attack and defence in cellular decision-making: lessons from machine learning

Rademaker

Bengio

François

2018

Preprint

View full text Add to dashboard Cite

Machine learning algorithms are sensitive to meaningless (or "adversarial") perturbations. This is reminiscent of cellular decision-making where ligands (called "antagonists") prevent correct signalling, like in early immune recognition. We draw a formal analogy between neural networks used in machine learning and models of cellular decision-making (adaptive proofreading). We apply attacks from machine learning to simple decision-making models, and show explicitly the correspondence to antagonism by weakly bound ligands. Such antagonism is absent in more nonlinear models, which inspired us to implement a biomimetic defence in neural networks filtering out adversarial perturbations. We then apply a gradient-descent approach from machine learning to different cellular decision-making models, and we reveal the existence of two regimes characterized by the presence or absence of a critical point. The critical point causes the strongest antagonists to lie close to the threshold. This is validated in the loss landscapes of robust neural networks and cellular decision-making models, and observed experimentally for immune cells. For both regimes, we explain how associated defence mechanisms shape the geometry of the loss landscape, and why different adversarial attacks are effective in different regimes. Our work connects evolved cellular decision-making to machine learning, and motivates the design of a general theory of adversarial perturbations, both for in vivo and in silico systems.

show abstract

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

Cited by 1,719 publications

References 424 publications

Digital Twin: Values, Challenges and Enablers From a Modeling Perspective

Digital Twin: Values, Challenges and Enablers From a Modeling Perspective

Automated assessment of psychiatric disorders using speech: A systematic review

Attack and defence in cellular decision-making: lessons from machine learning

Contact Info

Product

Resources

About