Generating End-to-End Adversarial Examples for Malware Classifiers Using Explainability

In recent years, the topic of explainable machine learning (ML) has been extensively researched. Up until now, this research focused on regular ML users use-cases such as debugging a ML model. This paper takes a different posture and show that adversaries can leverage explainable ML to bypass multi-feature types malware classifiers. Previous adversarial attacks against such classifiers only add new features and not modify existing ones to avoid harming the modified malware executable's functionality. Current attacks use a single algorithm that both selects which features to modify and modifies them blindly, treating all features the same. In this paper, we present a different approach. We split the adversarial example generation task into two parts: First we find the importance of all features for a specific sample using explainability algorithms, and then we conduct a feature-specific modification, feature-by-feature. In order to apply our attack in black-box scenarios, we introduce the concept of transferability of explainability, that is, applying explainability algorithms to different classifiers using different features subsets and trained on different datasets still result in a similar subset of important features. We conclude that explainability algorithms can be leveraged by adversaries and thus the advocates of training more interpretable classifiers should consider the trade-off of higher vulnerability of those classifiers to adversarial attacks.Comment: Accepted as a conference paper at IJCNN 202

Deep Self-Taught Learning for Handwritten Character Recognition

Recent theoretical and empirical work in statistical machine learning has demonstrated the importance of learning algorithms for deep architectures, i.e., function classes obtained by composing multiple non-linear transformations. Self-taught learning (exploiting unlabeled examples or examples from other distributions) has already been applied to deep learners, but mostly to show the advantage of unlabeled examples. Here we explore the advantage brought by {\em out-of-distribution examples}. For this purpose we developed a powerful generator of stochastic variations and noise processes for character images, including not only affine transformations but also slant, local elastic deformations, changes in thickness, background images, grey level changes, contrast, occlusion, and various types of noise. The out-of-distribution examples are obtained from these highly distorted images or by including examples of object classes different from those in the target test set. We show that {\em deep learners benefit more from out-of-distribution examples than a corresponding shallow learner}, at least in the area of handwritten character recognition. In fact, we show that they beat previously published results and reach human-level performance on both handwritten digit classification and 62-class handwritten character recognition

Multiwavelength, aerosol lidars at Maïdo supersite, Reunion Island, France: instruments description, data processing chain and quality assessment

Understanding optical and radiative properties of aerosols and clouds is critical to reduce uncertainties in climate models. For over 10 years, the Observatory of Atmospheric Physics of La Réunion (OPAR) has been operating three active lidar instruments (named Li1200, LiO3S and LiO3T) providing time-series of vertical profiles from 3 to 45 km of the aerosol extinction and backscatter coefficients at 355 and 532 nm, as well as the linear depolarization ratio at 532 nm. This work provides a full technical description of the three systems, details about the methods chosen for the signal preprocessing and processing, and an uncertainty analysis. About 1737 night-time averaged profiles were manually screened to provide cloud-free and artifact-free profiles. Data processing consisted in Klett inversion to retrieve aerosol optical products from preprocessed files. The measurement frequency was lower during the wet season and the holiday periods. There is a good correlation between the Li1200 and LiO3S in terms of stratospheric AOD at 355 nm (0.001–0.107; R = 0.92 ± 0.01), and with the LiO3T in terms of Angström exponent 355/532 (0.079–1.288; R = 0.90 ± 0.13). The lowest values of the averaged uncertainty of the aerosol backscatter coefficient for the three time-series are 64.4 ± 31.6 % for the LiO3S, 50.3 ± 29.0 % for the Li1200, and 69.1 ± 42.7 % for the LiO3T. These relative uncertainties are high for the three instruments because of the very low values of extinction and backscatter coefficients for background aerosols above Maïdo observatory. Uncertainty increases due to SNR decrease above 25 km for the LIO3S and Li1200, and 20 km for the LiO3T. The LR is responsible for an uncertainty increase below 18 km (10 km) for the LiO3S and Li1200 (LiO3T). The LiO3S is the most stable instrument at 355 nm due to less technical modifications and less misalignments. The Li1200 is a valuable addition to fill in the gaps in the LiO3S time-series at 355 nm or for specific case-studies about the middle and low troposphere. Data described in this work are available at https://doi.org/10.26171/rwcm-q370 (Gantois et al., 2024)

Stratospheric AOD after the 2011 eruption of Nabro volcano measured by lidars over the Northern Hemisphere

International audienceNabro volcano (13.37°N, 41.70°E) in Eritrea erupted on 13 June 2011 generating a layer of sulfate aerosols that persisted in the stratosphere for months. For the first time we report on ground-based lidar observations of the same event from every continent in the Northern Hemisphere, taking advantage of the synergy between global lidar networks such as EARLINET, MPLNET and NDACC with independent lidar groups and satellite CALIPSO to track the evolution of the stratospheric aerosol layer in various parts of the globe. The globally averaged aerosol optical depth (AOD) due to the stratospheric volcanic aerosol layers was of the order of 0.018 ± 0.009 at 532 nm, ranging from 0.003 to 0.04. Compared to the total column AOD from the available collocated AERONET stations, the stratospheric contribution varied from 2% to 23% at 532 nm

Développement et utilisation d'un algorithme pour automatiser la standardisation des posologies en URC

Book of abstractInternational audienc