Machine learning techniques are commonly used in many applications and are known to be highly vulnerable to adversarial attacks. Test time attacks are carried out by adding malicious noise to test instances and are highly effective against deployed machine learning models, and a single test input can be used by different machine learning models. Test time attacks targeting one machine learning model often neglect their impact on other machine learning models.
In this study, Vibha Belavadi, Yan Zhou, Murat Kantarcioglu, and Bhavani M. Thuraisingham demonstrate that a naive attack by a classifier learning one concept can negatively impact classifiers learning other concepts.
The experts addressed the question of whether it is possible to attack one set of classifiers without affecting another set using the same test instance. When trying to answer this question, it turns out that attacks on machine learning models that create unnecessary privacy risks can be an important tool in protecting people from malicious exploitation of privacy. In response to the above question, researchers are developing new attack methods that can simultaneously attack one set of machine learning models while maintaining the accuracy of the other. In the case of linear classifiers, a theoretical basis is provided for finding the optimal solution for creating such adversarial examples, and a multi-concept attack strategy is developed in the context of deep learning. Research has shown that these methods can successfully attack target classes while protecting protected classes in many different settings.
The images captured by the camera play are very important for the training of deep neural networks (DNN). It is generally accepted that images captured by cameras correspond to images perceived by human eyes, but in fact, due to the different physical mechanisms between the systems of human vision and computer vision, the final perceived images can be very different. In this article, Dantong Niu, Ruohao Guo, and Yisen Wang discuss a special phenomenon in digital image processing called moiré, which can cause unnoticed security threats to DNN.
The researchers propose a moiré (MA) attack, which generates a moiré pattern of the physical world that is added to images to simulate the process of photographing digital devices. Our proposed digital Moire attack (MA) has been proven to be the perfect camouflage for attackers to successfully interfere with DNN. Also, this attack is very stealthy, because the moiré effect is inevitable due to the internal physical structure of the camera.
Adversarial attacks on commercial black box speech platforms have received little attention until recent years. All current black box attacks rely heavily on knowledge of prediction and confidence scores to create effective countermeasures.
In this article, researchers Baolin Zheng, Peipei Jiang, Qian Wang, Qi Li, Chao Shen, Cong Wang, Yunjie Ge, Qingyang Teng, and Shenyi Zhang propose two new adversarial attacks in more practical and rigorous scenarios. For commercial cloud-based speech APIs, Occam is introduced, which is a decision-only adversarial black box attack in which only final decisions are available to an attacker. Within the framework of the attack, the generation of AE only for decision-making is formulated as an intermittent large-scale problem of global optimization.
Occam is a one-size-fits-all approach that delivers 100% attack success with an average SNR of 14.23 dB on a wide range of popular speech and speaker recognition APIs. For commercial voice control devices, NI-Occam is introduced, the first non-interactive physical adversarial attack in which an attacker does not have to query the oracle and does not have access to its internal information and training data.
The researchers combine adversarial attacks with model inversion attacks and generate physically effective, highly portable AE audio without any interaction with target devices. According to experiments, NI-Occam can successfully trick Apple Siri, Microsoft Cortana, Google Assistant, iFlytek and Amazon Echo with an average SRoA of 52% and SNR of 9.65 dB, shedding light on non-interactive physical attacks on voice control devices.
Even the most recent developments in AI need to be improved Graph Neural Networks Are Trending, Here’s Why Analytics India Mag, October 22, 2021 GNNs are used in computer vision, ...
