Why Don't You Clean Your Glasses? Perception Attacks with Dynamic Optical Perturbations

Camera-based autonomous systems that emulate human perception are increasingly being integrated into safety-critical platforms. Consequently, an established body of literature has emerged that explores adversarial attacks targeting the underlying machine learning models. Adapting adversarial attacks to the physical world is desirable for the attacker, as this removes the need to compromise digital systems. However, the real world poses challenges related to the "survivability" of adversarial manipulations given environmental noise in perception pipelines and the dynamicity of autonomous systems. In this paper, we take a sensor-first approach. We present EvilEye, a man-in-the-middle perception attack that leverages transparent displays to generate dynamic physical adversarial examples. EvilEye exploits the camera's optics to induce misclassifications under a variety of illumination conditions. To generate dynamic perturbations, we formalize the projection of a digital attack into the physical domain by modeling the transformation function of the captured image through the optical pipeline. Our extensive experiments show that EvilEye's generated adversarial perturbations are much more robust across varying environmental light conditions relative to existing physical perturbation frameworks, achieving a high attack success rate (ASR) while bypassing state-of-the-art physical adversarial detection frameworks. We demonstrate that the dynamic nature of EvilEye enables attackers to adapt adversarial examples across a variety of objects with a significantly higher ASR compared to state-of-the-art physical world attack frameworks. Finally, we discuss mitigation strategies against the EvilEye attack.Comment: 15 pages, 11 figure

ANALYSIS OF MULTIPLE ADVERSARIAL ATTACKS ON CONVOLUTIONAL NEURAL NETWORKS

The thesis studies different kind of adversarial attacks on Convolutional Neural Network by using electric load data set in order to fool deep neural network. With the improvement of Deep Learning methods, their securities and vulnerabilities have become an important research subject. An adversary who gains access to the model and data sets may add some perturbations to the datasets, which may cause significant damage to the system. By using adversarial attacks, it shows how much these attacks affect the system and shows the attacks\u27 success in this research

The Impact of Artificial Intelligence on Military Defence and Security

The twenty-first century is now being shaped by a multipolar system characterized by techno-nationalism and a post-Bretton Woods order. In the face of a rapidly evolving digital era, international cooperation will be critical to ensuring peace and security. Information sharing, expert conferences and multilateral dialogue can help the world's nation-states and their militaries develop a better understanding of one another's capabilities and intentions. As a global middle power, Canada could be a major partner in driving this effort. This paper explores the development of military-specific capabilities in the context of artificial intelligence (AI) and machine learning. Building on Canadian defence policy, the paper outlines the military applications of AI and the resources needed to manage next-generation military operations, including multilateral engagement and technology governance

Adversarial attacks on spiking convolutional neural networks for event-based vision

Event-based dynamic vision sensors provide very sparse output in the form of spikes, which makes them suitable for low-power applications. Convolutional spiking neural networks model such event-based data and develop their full energy-saving potential when deployed on asynchronous neuromorphic hardware. Event-based vision being a nascent field, the sensitivity of spiking neural networks to potentially malicious adversarial attacks has received little attention so far. We show how white-box adversarial attack algorithms can be adapted to the discrete and sparse nature of event-based visual data, and demonstrate smaller perturbation magnitudes at higher success rates than the current state-of-the-art algorithms. For the first time, we also verify the effectiveness of these perturbations directly on neuromorphic hardware. Finally, we discuss the properties of the resulting perturbations, the effect of adversarial training as a defense strategy, and future directions