检索结果-内蒙古大学图书馆

PPNNI: Privacy-Preserving Neural Network Inference Against adversarial example attack

IEEE TRANSACTIONS ON SERVICES COMPUTING 2024年第6期17卷 4083-4096页

作者： He, Guanghui Ren, Yanli He, Gang Feng, Guorui Zhang, Xinpeng Shanghai Univ Sch Commun & Informat Engn Shanghai 200444 Peoples R China

Outsourced inference services have greatly promoted the popularization of deep learning, and neural network models can help users customize a series of personalized applications, e.g., face recognition, image classification, etc. However, untrustworthy service providers also bring a variety of security issues, such as data privacy, network model privacy, etc. Meanwhile, the malicious example will result in the output of model incorrectly. For the above concerns, this paper proposes a privacy-reserving neural network inference against adversarial example attack (PPNNI) under two non-colluding cloud servers, where a series of efficient security protocols are designed to realize private prediction based on the additive secret sharing protocol. In the semi-honest model, the servers implement the neural network's private inference in the context of an unknown input and network model. Moreover, in order to prevent malicious examples from affecting the model accuracy, we produce a method of kernel density estimation and uncertainty value in the last layer of the hidden layer to determine whether the input is adversarial examples in the domain of ciphertext. The proposed PPNNI protocol is the first effort to efficiently detect adversarial attack behaviors under the ciphertexts. The theoretical analysis illustrate that the protocol can guarantee the privacy of input data, model parameters and the inference result. The results of the experiments demonstrate that the model accuracy are about 89 % and 83 % respectively with malicious examples on MNIST and CIFAR10 in the domain of ciphertext and they are nearly same as 91% and 85% in the domain of plaintext, which shows the effectiveness of our protocol.

关键词： Protocols Cryptography Neural networks Servers Privacy Data models Computational modeling adversarial example attack neural network inference privacy-preserving secret sharing

来源：评论

学校读者我要写书评

暂无评论

PhoneyTalker: An Out-of-the-Box Toolkit for adversarial example attack on Speaker Recognition 41

PhoneyTalker: An Out-of-the-Box Toolkit for Adversarial Exam...

引用

41st IEEE Conference on Computer Communications (IEEE INFOCOM)

作者： Chen, Meng Lu, Li Ba, Zhongjie Ren, Kui Zhejiang Univ Sch Cyber Sci & Technol Hangzhou Zhejiang Peoples R China Zhejiang Univ Key Lab Blockchain & Cyberspace Governance Zhejia Hangzhou Zhejiang Peoples R China

ISBN: (纸本)9781665458221

Voice has become a fundamental method for human-computer interactions and person identification these days. Benefit from the rapid development of deep learning, speaker recognition exploiting voice biometrics has achieved great success in various applications. However, the shadow of adversarial example attacks on deep neural network-based speaker recognition recently raised extensive public concerns and enormous research interests. Although existing studies propose to generate adversarial examples by iterative optimization to deceive speaker recognition, these methods require multiple iterations to construct specific perturbations for a single voice, which is inputspecific, time-consuming, and non-transferable, hindering the deployment and application for non-professional adversaries. In this paper, we propose PhoneyTalker, an out-of-the-box toolkit for any adversary to generate universal and transferable adversarial examples with low complexity, releasing the requirement for professional background and specialized equipment. PhoneyTalker decomposes an arbitrary voice into phone combinations and generates phone-level perturbations using a generative model, which are reusable for voices from different persons with various texts. Experiments on mainstream speaker recognition systems with large-scale corpus show that PhoneyTalker outperforms state-of-the-art methods with overall attack success rates of 99.9% and 84.0% under white-box and black-box settings respectively.

关键词： adversarial example attack universal adversarial perturbation generative model speaker recognition

来源：评论

学校读者我要写书评

暂无评论

BypTalker: An Adaptive adversarial example attack to Bypass Prefilter-enabled Speaker Recognition 19

BypTalker: An Adaptive Adversarial Example Attack to Bypass ...

引用

19th International Conference on Mobility, Sensing and Networking (MSN)

作者： Chen, Qianniu Fu, Kang Lu, Li Chen, Meng Ba, Zhongjie Lin, Feng Ren, Kui Zhejiang Univ Sch Cyber Sci & Technol Coll Comp Sci & Technol Hangzhou Peoples R China

ISBN: (纸本)9798350358261;9798350358278

With the broad integration of deep learning in Speaker Recognition (SR) systems, adversarial example attacks have been a significant threat raising user security concerns. Nevertheless, recent studies demonstrate that using input transformations (e.g., re-quantization, resampling, bandpass filtering) as a low-cost prefilter can efficiently mitigate such adversarial example attacks. These prefilters constrain the injection space of adversarial perturbations in both time and frequency domains, leading to either degraded attack performance or amplified perturbation noise. This paper proposes a new adversarial example attack, BypTalker, which could bypass these prefilter-enabled SR systems while remaining imperceptible to human listeners. BypTalker employs ensemble learning with diverse substitute prefilters in the training phase to enhance the adversarial example's adaptiveness to different prefilters. Furthermore, it incorporates an Acoustic Masker to cloak adversarial perturbations based on psychoacoustics effectively. This masker is well selected from a proposed metric M-Sup for minimizing the perturbation's auditory to human perception. Experimental results show that BypTalker can achieve an attack Success Rate of 99.1% and a Perceptual Evaluation of Speech Quality of 4.32, respectively.

关键词： Acoustics adversarial example attack Ensemble learning Speaker recognition

来源：评论

学校读者我要写书评

暂无评论

Push the Limit of adversarial example attack on Speaker Recognition in Physical Domain 20

Push the Limit of Adversarial Example Attack on Speaker Reco...

引用

20th ACM Conference on Embedded Networked Sensor Systems (SenSys)

作者： Chen, Qianniu Chen, Meng Lu, Li Yu, Jiadi Chen, Yingying Wang, Zhibo Ba, Zhongjie Lin, Feng Ren, Kui Zhejiang Univ Hangzhou Peoples R China ZJU HIC Hangzhou Zhejiang Peoples R China Shanghai Jiao Tong Univ Shanghai Peoples R China Rutgers State Univ New Brunswick NJ USA

ISBN: (纸本)9781450398862

The integration of deep learning on Speaker Recognition (SR) advances its development and wide deployment, but also introduces the emerging threat of adversarial examples. However, only a few existing studies investigate its practical threat in physical domain, which either evaluate its feasibility only by directly replaying generated adversarial examples, or explore the partial channel interference for robustness improvement. In this paper, we propose a physical adversarial example attack, PhyTalker, which could generate and inject perturbations on voices in a live-streaming manner on attacking various SR models in different physical channels. Compared with the typical adversarial example for digital attacks, PhyTalker generates a subphoneme-level perturbation dictionary to decouple the perturbation optimization and injection. Moreover, we introduce the channel augmentation to compensate both device and environmental distortions, as well as model ensemble to improve the perturbation transferability. Finally, PhyTalker recognizes and localizes the latest recorded phoneme to determine the corresponding perturbations for real-time broadcasting. Extensive experiments are conducted with a large-scale corpus in real physical scenarios, and results show that PhyTalker achieves an overall attack Success Rate (ASR) of 85.5% in attacking mainstream SR systems and Mel Cepstral Distortion (MCD) of 2.45dB in human audibility.

关键词： adversarial example attack Physical Domain Speaker Recognition Live-streaming

来源：评论

学校读者我要写书评

暂无评论

Study on the Method of adversarial example attack Based on MI-FGSM 17th

Study on the Method of Adversarial Example Attack Based on M...

引用

17th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP) / 14th International Conference on Frontiers of Information Technology, Applications and Tools (FITAT)

作者： Mao, Guanqiao Li, Lu Wang, Qingyu Li, Junbao Harbin Inst Technol Sch Elect & Informat Engn Harbin 150001 Peoples R China Def Ind Secrecy Examinat & Certificat Ctr Beijing 100089 Peoples R China

ISBN: (纸本)9789811910579;9789811910562

Deep neural network outperformed human beings in many fields such as image classification [1-3], object detection [4, 5], and image semantic segmentation [6] in recent years. But this model has security risks;for instance, it can be considered as a black box and can hardly change to improve its performance when the training is complete, nobody is able to explain the exact meaning of the weights of a model. Those fatal flaws above produce a real problem, deep neural network is vulnerable and will be attacked by adversarial examples [7-9]. In this paper, we use MI-FGSM algorithm on three typical convolution neural network and produce three sets of adversarial example. Then we use these three sets of adversarial examples to attack three typical convolutional neural networks mentioned above, called white box attack. Next, we train three new convolutional neural network and attack them, called black box attack. The attack described above at military target dataset has a significant effect.

关键词： adversarial example attack Convolutional neural network Military targets Misclassification

来源：评论

学校读者我要写书评

暂无评论

Privacy-Enhanced Federated GNN Inference Against adversarial example attack

引用

IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE 2024年

作者： He, Guanghui Ren, Yanli Jiang, Jingyuan Feng, Guorui Zhang, Xinpeng Shanghai Univ Sch Commun & Informat Engn Shanghai 200444 Peoples R China

Graph neural networks (GNNs) have become a powerful tool for processing and learning graph data. However, due to the existence of data silos, the privacy of data and the processing result is an important concern. Meanwhile, the malicious example will result in the incorrect output of the model. For the above concerns, this paper proposes privacy-enhanced federated graph network inference against adversarial example attack. Specifically, we adopt secret sharing and homomorphic encryption to ensure the privacy of graph data, where the user can get the final inference, and the server holds nothing except the model parameters. Moreover, in order to prevent malicious users from interfering with the accuracy of the model, an adversarial example detection mechanism on the ciphertext is designed to identify local embedding submitted by malicious users. During the whole process, both local and global embedding are both protected. The experimental results show that the model accuracy is about 69% and 66% with malicious samples on Cora and Citeseer in the domain of ciphertext respectively and they are nearly same as 70% and 69% in the domain of plaintext, which shows the effectiveness of our protocol.

关键词： Graph neural networks Protocols Cryptography Federated learning Perturbation methods Data models Training Servers Neural networks Privacy adversarial example attack privacy-preserving secret sharing homomorphic encryption

来源：评论

学校读者我要写书评

暂无评论

Push the Limit of adversarial example attack on Speaker Recognition in Physical Domain 22

Push the Limit of Adversarial Example Attack on Speaker Reco...

引用

Proceedings of the 20th ACM Conference on Embedded Networked Sensor Systems

作者： Qianniu Chen Meng Chen Li Lu Jiadi Yu Yingying Chen Zhibo Wang Zhongjie Ba Feng Lin Kui Ren Zhejiang University and ZJU-HIC Zhejiang University Shanghai Jiao Tong University Rutgers University

ISBN: (纸本)9781450398862

关键词： live-streaming speaker recognition adversarial example attack physical domain

来源：评论

学校读者我要写书评

暂无评论

DroidEnemy: Battling adversarial example attacks for Android malware detection

引用

Digital Communications and Networks 2022年第6期8卷 1040-1047页

作者： Neha Bala Aemun Ahmar Wenjia Li Fernanda Tovar Arpit Battu Prachi Bambarkar Department of Computer Science New York Institute of TechnologyNew YorkNY10023USA

In recent years,we have witnessed a surge in mobile devices such as smartphones,tablets,smart watches,etc.,most of which are based on the Android operating ***,because these Android-based mobile devices are becoming increasingly popular,they are now the primary target of mobile malware,which could lead to both privacy leakage and property *** address the rapidly deteriorating security issues caused by mobile malware,various research efforts have been made to develop novel and effective detection mechanisms to identify and combat ***,in order to avoid being caught by these malware detection mechanisms,malware authors are inclined to initiate adversarial example attacks by tampering with mobile *** this paper,several types of adversarial example attacks are investigated and a feasible approach is proposed to fight against ***,we look at adversarial example attacks on the Android system and prior solutions that have been proposed to address these ***,we specifically focus on the data poisoning attack and evasion attack models,which may mutate various application features,such as API calls,permissions and the class label,to produce adversarial ***,we propose and design a malware detection approach that is resistant to adversarial *** observe and investigate how the malware detection system is influenced by the adversarial example attacks,we conduct experiments on some real Android application datasets which are composed of both malware and benign *** results clearly indicate that the performance of Android malware detection is severely degraded when facing adversarial example attacks.

关键词： Security Malware detection adversarial example attack Data poisoning attack Evasi on attack Machine learning Android

来源：评论

学校读者我要写书评

暂无评论

A Robust Malware Detection Approach for Android System against adversarial example attacks 5

A Robust Malware Detection Approach for Android System again...

引用

IEEE 5th International Conference on Collaboration and Internet Computing (CIC)

作者： Li, Wenjia Bala, Neha Ahmar, Aemun Tovar, Fernanda Battu, Arpit Bambarkar, Prachi New York Inst Technol Dept Comp Sci New York NY 10023 USA

ISBN: (纸本)9781728167398

In recent years, Android has become the leading smartphone operating system across the world. However, due to their increasing popularity, Android devices have become the primary target to mobile malware. To address the arising security threats, many malware detection approaches have been studied that aim at providing strong defense mechanisms against malware. However, with more such malware detection systems being distributed and deployed, malware authors tend to generate adversarial examples by manipulating mobile applications to avoid being detected by the malware detection systems. In this paper, we investigate different types of adversarial example attacks while researching a viable approach to fight against them. More specifically, we first present the literature review on both existing malware detection approaches and adversarial example attacks against them. Then, we focus on the widely used evasion attack model that is applied to generate mutated samples. By working with various app features such as binary N-grams of API calls, we will generate feature sets consisting of a selected range of binary N-grams. As a result, we intend to use the manipulated dataset to develop and train our classifier to detect the evasion attack, and the goal of our approach is to further enhance the robustness of malware detection approach in the presence of adversarial example attacks.

关键词： Android security malware detection machine learning adversarial example attack

来源：评论

学校读者我要写书评

暂无评论

Reusable generator data-free knowledge distillation with hard loss simulation for image classification

引用

EXPERT SYSTEMS WITH APPLICATIONS 2025年 265卷

作者： Sun, Yafeng Wang, Xingwang Huang, Junhong Chen, Shilin Hou, Minghui Jilin Univ Coll Comp Sci & Technol Changchun 130012 Peoples R China Jilin Univ Key Lab Symbol Computat & Knowledge Engn Minist Educ Changchun 130012 Peoples R China

In many image classification scenarios where knowledge distillation (KD) is applied, multiple users need to train various student models that conform to the device's computational limitations at different times. However, due to security concerns, existing data-free KD (DFKD) methods discard the trained generator after completing a task, preventing its reuse in training subsequent students and resulting in wasted resources. Furthermore, the unlabeled nature of fake images eliminates the hard loss that plays a crucial role in data-driven KD. This paper introduces the reusable generator DFKD with hard loss simulation (RG-HLS) to address these challenges. RG-HLS employs a generator consisting of two generative networks and a decoder. The decoder and one of the generative networks can be reused in subsequent tasks. The adversarial example attack is also introduced to mimic the behavior of the teacher model in predicting real images, ensuring that DFKD exhibits a hard loss similar to that of data-driven KD. ,Extensive experiments across CIFAR-10, CIFAR 100, MNIST, SVHN, and Tiny-ImageNet datasets validate the proposed method's superior performance. The reusable generator accelerates convergence without compromising security, and integrating the hard loss further boosts accuracy. Code is available at https://***/sunyafeng-jlu/RG-HLS.

关键词： Data-free Knowledge distillation Generator adversarial example attack Image classification

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：