387 research outputs found
Recoverable Privacy-Preserving Image Classification through Noise-like Adversarial Examples
With the increasing prevalence of cloud computing platforms, ensuring data
privacy during the cloud-based image related services such as classification
has become crucial. In this study, we propose a novel privacypreserving image
classification scheme that enables the direct application of classifiers
trained in the plaintext domain to classify encrypted images, without the need
of retraining a dedicated classifier. Moreover, encrypted images can be
decrypted back into their original form with high fidelity (recoverable) using
a secret key. Specifically, our proposed scheme involves utilizing a feature
extractor and an encoder to mask the plaintext image through a newly designed
Noise-like Adversarial Example (NAE). Such an NAE not only introduces a
noise-like visual appearance to the encrypted image but also compels the target
classifier to predict the ciphertext as the same label as the original
plaintext image. At the decoding phase, we adopt a Symmetric Residual Learning
(SRL) framework for restoring the plaintext image with minimal degradation.
Extensive experiments demonstrate that 1) the classification accuracy of the
classifier trained in the plaintext domain remains the same in both the
ciphertext and plaintext domains; 2) the encrypted images can be recovered into
their original form with an average PSNR of up to 51+ dB for the SVHN dataset
and 48+ dB for the VGGFace2 dataset; 3) our system exhibits satisfactory
generalization capability on the encryption, decryption and classification
tasks across datasets that are different from the training one; and 4) a
high-level of security is achieved against three potential threat models. The
code is available at https://github.com/csjunjun/RIC.git.Comment: 23 pages, 9 figure
DifAttack: Query-Efficient Black-Box Attack via Disentangled Feature Space
This work investigates efficient score-based black-box adversarial attacks
with a high Attack Success Rate (ASR) and good generalizability. We design a
novel attack method based on a Disentangled Feature space, called DifAttack,
which differs significantly from the existing ones operating over the entire
feature space. Specifically, DifAttack firstly disentangles an image's latent
feature into an adversarial feature and a visual feature, where the former
dominates the adversarial capability of an image, while the latter largely
determines its visual appearance. We train an autoencoder for the
disentanglement by using pairs of clean images and their Adversarial Examples
(AEs) generated from available surrogate models via white-box attack methods.
Eventually, DifAttack iteratively optimizes the adversarial feature according
to the query feedback from the victim model until a successful AE is generated,
while keeping the visual feature unaltered. In addition, due to the avoidance
of using surrogate models' gradient information when optimizing AEs for
black-box models, our proposed DifAttack inherently possesses better attack
capability in the open-set scenario, where the training dataset of the victim
model is unknown. Extensive experimental results demonstrate that our method
achieves significant improvements in ASR and query efficiency simultaneously,
especially in the targeted attack and open-set scenarios. The code will be
available at https://github.com/csjunjun/DifAttack.git soon
Detecting Adversarial Examples from Sensitivity Inconsistency of Spatial-Transform Domain
Deep neural networks (DNNs) have been shown to be vulnerable against
adversarial examples (AEs), which are maliciously designed to cause dramatic
model output errors. In this work, we reveal that normal examples (NEs) are
insensitive to the fluctuations occurring at the highly-curved region of the
decision boundary, while AEs typically designed over one single domain (mostly
spatial domain) exhibit exorbitant sensitivity on such fluctuations. This
phenomenon motivates us to design another classifier (called dual classifier)
with transformed decision boundary, which can be collaboratively used with the
original classifier (called primal classifier) to detect AEs, by virtue of the
sensitivity inconsistency. When comparing with the state-of-the-art algorithms
based on Local Intrinsic Dimensionality (LID), Mahalanobis Distance (MD), and
Feature Squeezing (FS), our proposed Sensitivity Inconsistency Detector (SID)
achieves improved AE detection performance and superior generalization
capabilities, especially in the challenging cases where the adversarial
perturbation levels are small. Intensive experimental results on ResNet and VGG
validate the superiority of the proposed SID
A single-end protection scheme for hybrid MMC HVDC grids considering the impacts of the active fault current-limiting control
In the hybrid modular multilevel converter (MMC) based high voltage direct current (HVDC) systems, the fault current can be actively suppressed by the converter itself, which endows a smaller requirement for current-limiting reactors (CLR) and a larger time margin for fault detection algorithms, comparing with the half-bridge MMC. But the robustness to fault resistance and noise disturbance of existing boundary protection schemes will be deteriorated with small CLRs. Moreover, the fast response of the fault current-limiting control will change the output DC voltage of hybrid MMC, which affects the fault characteristics and may cause mal-operation of existing protection algorithms. Thus, a single-end protection scheme considering the impacts of the active current-limiting control is proposed for the hybrid MMC based DC grids. The traveling-wave characteristics under different fault stages are analyzed to evaluate the impacts of the fault current-limiting control. In addition, a coordination protection strategy versus different fault conditions is adopted to improve reliability. Various cases in PSCAD/EMTDC are simulated to verify that the proposed method is robust to fault resistance, fault distance, power reversal, AC faults, and immune to noise
A novel HVDC circuit breaker for HVDC application
Hybrid high voltage direct current circuit breakers (DCCBs) are capable of interrupting fault current within a few milliseconds, but this technology has high capital cost, especially in a meshed HVDC grid. To increase the economic competitiveness of hybrid DCCBs, this paper proposes a capacitor commutated dc circuit breaker (CCCB). The CCCB mainly comprises an auxiliary branch with a fast dis-connector in series with semiconductor devices and the main branch with the series connection of a dc capacitor and diode valves. This paper provides a detailed depiction of the CCCB. The topology and operating principles are discussed. The impact of snubber circuits and stray inductances on the commutation process is analyzed. The general sizing method for the main components in the CCCB is detailed. Reclosing to transmission lines with different operating conditions is studied. Several extended topologies are proposed to further reduce the semiconductor cost and on-state operation power loss. The power loss and cost of CCCB are assessed. Extensive simulations on PSCAD/EMTDC verified the dc fault isolation and reclosing of the CCCB
Generating Robust Adversarial Examples against Online Social Networks (OSNs)
Online Social Networks (OSNs) have blossomed into prevailing transmission
channels for images in the modern era. Adversarial examples (AEs) deliberately
designed to mislead deep neural networks (DNNs) are found to be fragile against
the inevitable lossy operations conducted by OSNs. As a result, the AEs would
lose their attack capabilities after being transmitted over OSNs. In this work,
we aim to design a new framework for generating robust AEs that can survive the
OSN transmission; namely, the AEs before and after the OSN transmission both
possess strong attack capabilities. To this end, we first propose a
differentiable network termed SImulated OSN (SIO) to simulate the various
operations conducted by an OSN. Specifically, the SIO network consists of two
modules: 1) a differentiable JPEG layer for approximating the ubiquitous JPEG
compression and 2) an encoder-decoder subnetwork for mimicking the remaining
operations. Based upon the SIO network, we then formulate an optimization
framework to generate robust AEs by enforcing model outputs with and without
passing through the SIO to be both misled. Extensive experiments conducted over
Facebook, WeChat and QQ demonstrate that our attack methods produce more robust
AEs than existing approaches, especially under small distortion constraints;
the performance gain in terms of Attack Success Rate (ASR) could be more than
60%. Furthermore, we build a public dataset containing more than 10,000 pairs
of AEs processed by Facebook, WeChat or QQ, facilitating future research in the
robust AEs generation. The dataset and code are available at
https://github.com/csjunjun/RobustOSNAttack.git.Comment: 26 pages, 9 figure
Rough set theory applied to pattern recognition of partial discharge in noise affected cable data
This paper presents an effective, Rough Set (RS) based, pattern recognition method for rejecting interference signals and recognising Partial Discharge (PD) signals from different sources. Firstly, RS theory is presented in terms of Information System, Lower and Upper Approximation, Signal Discretisation, Attribute Reduction and a flowchart of the RS based pattern recognition method. Secondly, PD testing of five types of artificial defect in ethylene-propylene rubber (EPR) cable is carried out and data pre-processing and feature extraction are employed to separate PD and interference signals. Thirdly, the RS based PD signal recognition method is applied to 4000 samples and is proven to have 99% accuracy. Fourthly, the RS based PD recognition method is applied to signals from five different sources and an accuracy of more than 93% is attained when a combination of signal discretisation and attribute reduction methods are applied. Finally, Back-propagation Neural Network (BPNN) and Support Vector Machine (SVM) methods are studied and compared with the developed method. The proposed RS method is proven to have higher accuracy than SVM and BPNN and can be applied for on-line PD monitoring of cable systems after training with valid sample data
- …