311 research outputs found
Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning
Learning-based pattern classifiers, including deep networks, have shown
impressive performance in several application domains, ranging from computer
vision to cybersecurity. However, it has also been shown that adversarial input
perturbations carefully crafted either at training or at test time can easily
subvert their predictions. The vulnerability of machine learning to such wild
patterns (also referred to as adversarial examples), along with the design of
suitable countermeasures, have been investigated in the research field of
adversarial machine learning. In this work, we provide a thorough overview of
the evolution of this research area over the last ten years and beyond,
starting from pioneering, earlier work on the security of non-deep learning
algorithms up to more recent work aimed to understand the security properties
of deep learning algorithms, in the context of computer vision and
cybersecurity tasks. We report interesting connections between these
apparently-different lines of work, highlighting common misconceptions related
to the security evaluation of machine-learning algorithms. We review the main
threat models and attacks defined to this end, and discuss the main limitations
of current work, along with the corresponding future challenges towards the
design of more secure learning algorithms.Comment: Accepted for publication on Pattern Recognition, 201
Fingerprint verification by fusion of optical and capacitive sensors
A few works have been presented so far on information fusion for fingerprint verification. None, however, have explicitly investigated the use of multi-sensor fusion, in other words, the integration of the information provided by multiple devices to capture fingerprint images. In this paper, a multi-sensor fingerprint verification system based on the fusion of optical and capacitive sensors is presented. Reported results show that such a multi-sensor system can perform better than traditional fingerprint matchers based on a single sensor. (C) 2004 Elsevier B.V. All rights reserved
A Multiple Component Matching Framework for Person Re-Identification
Person re-identification consists in recognizing an individual that has
already been observed over a network of cameras. It is a novel and challenging
research topic in computer vision, for which no reference framework exists yet.
Despite this, previous works share similar representations of human body based
on part decomposition and the implicit concept of multiple instances. Building
on these similarities, we propose a Multiple Component Matching (MCM) framework
for the person re-identification problem, which is inspired by Multiple
Component Learning, a framework recently proposed for object detection. We show
that previous techniques for person re-identification can be considered
particular implementations of our MCM framework. We then present a novel person
re-identification technique as a direct, simple implementation of our
framework, focused in particular on robustness to varying lighting conditions,
and show that it can attain state of the art performances.Comment: Accepted paper, 16th Int. Conf. on Image Analysis and Processing
(ICIAP 2011), Ravenna, Italy, 14/09/201
Adversarial Detection of Flash Malware: Limitations and Open Issues
During the past four years, Flash malware has become one of the most
insidious threats to detect, with almost 600 critical vulnerabilities targeting
Adobe Flash disclosed in the wild. Research has shown that machine learning can
be successfully used to detect Flash malware by leveraging static analysis to
extract information from the structure of the file or its bytecode. However,
the robustness of Flash malware detectors against well-crafted evasion attempts
- also known as adversarial examples - has never been investigated. In this
paper, we propose a security evaluation of a novel, representative Flash
detector that embeds a combination of the prominent, static features employed
by state-of-the-art tools. In particular, we discuss how to craft adversarial
Flash malware examples, showing that it suffices to manipulate the
corresponding source malware samples slightly to evade detection. We then
empirically demonstrate that popular defense techniques proposed to mitigate
evasion attempts, including re-training on adversarial examples, may not always
be sufficient to ensure robustness. We argue that this occurs when the feature
vectors extracted from adversarial examples become indistinguishable from those
of benign data, meaning that the given feature representation is intrinsically
vulnerable. In this respect, we are the first to formally define and
quantitatively characterize this vulnerability, highlighting when an attack can
be countered by solely improving the security of the learning algorithm, or
when it requires also considering additional features. We conclude the paper by
suggesting alternative research directions to improve the security of
learning-based Flash malware detectors
Designing multi-label classifiers that maximize F measures: state of the art
Multi-label classification problems usually occur in tasks related to information retrieval, like text and image annotation, and are receiving increasing attention from the machine learning and pattern recognition fields. One of the main issues under investigation is the development of classification algorithms capable of maximizing specific accuracy measures based on precision and recall. We focus on the widely used F measure, defined for binary, single-label problems as the weighted harmonic mean of precision and recall, and later extended to multi-label problems in three ways: macro-averaged, micro-averaged and instance-wise. In this paper we give a comprehensive survey of theoretical results and algorithms aimed at maximizing F measures. We subdivide it according to the two main existing approaches: empirical utility maximization, and decision-theoretic. Under the former approach, we also derive the optimal (Bayes) classifier at the population level for the instance-wise and micro-averaged F, extending recent results about the single-label F. In a companion paper we shall focus on the micro-averaged F measure, for which relatively fewer solutions exist, and shall develop novel maximization algorithms under both approaches
Practical Attacks on Machine Learning: A Case Study on Adversarial Windows Malware
While machine learning is vulnerable to adversarial examples, it still lacks
systematic procedures and tools for evaluating its security in different
application contexts. In this article, we discuss how to develop automated and
scalable security evaluations of machine learning using practical attacks,
reporting a use case on Windows malware detection
- …