Binary Hypothesis Testing Game with Training Data

We introduce a game-theoretic framework to study the hypothesis testing problem, in the presence of an adversary aiming at preventing a correct decision. Specifically, the paper considers a scenario in which an analyst has to decide whether a test sequence has been drawn according to a probability mass function (pmf) P_X or not. In turn, the goal of the adversary is to take a sequence generated according to a different pmf and modify it in such a way to induce a decision error. P_X is known only through one or more training sequences. We derive the asymptotic equilibrium of the game under the assumption that the analyst relies only on first order statistics of the test sequence, and compute the asymptotic payoff of the game when the length of the test sequence tends to infinity. We introduce the concept of indistinguishability region, as the set of pmf's that can not be distinguished reliably from P_X in the presence of attacks. Two different scenarios are considered: in the first one the analyst and the adversary share the same training sequence, in the second scenario, they rely on independent sequences. The obtained results are compared to a version of the game in which the pmf P_X is perfectly known to the analyst and the adversary

A new Backdoor Attack in CNNs by training set corruption without label poisoning

Backdoor attacks against CNNs represent a new threat against deep learning systems, due to the possibility of corrupting the training set so to induce an incorrect behaviour at test time. To avoid that the trainer recognises the presence of the corrupted samples, the corruption of the training set must be as stealthy as possible. Previous works have focused on the stealthiness of the perturbation injected into the training samples, however they all assume that the labels of the corrupted samples are also poisoned. This greatly reduces the stealthiness of the attack, since samples whose content does not agree with the label can be identified by visual inspection of the training set or by running a pre-classification step. In this paper we present a new backdoor attack without label poisoning Since the attack works by corrupting only samples of the target class, it has the additional advantage that it does not need to identify beforehand the class of the samples to be attacked at test time. Results obtained on the MNIST digits recognition task and the traffic signs classification task show that backdoor attacks without label poisoning are indeed possible, thus raising a new alarm regarding the use of deep learning in security-critical applications

An Improved Statistic for the Pooled Triangle Test against PRNU-Copy Attack

We propose a new statistic to improve the pooled version of the triangle test used to combat the fingerprint-copy counter-forensic attack against PRNU-based camera identification [1]. As opposed to the original version of the test, the new statistic exploits the one-tail nature of the test, weighting differently positive and negative deviations from the expected value of the correlation between the image under analysis and the candidate images, i.e., those image suspected to have been used during the attack. The experimental results confirm the superior performance of the new test, especially when the conditions of the test are challenging ones, that is when the number of images used for the fingerprint-copy attack is large and the size of the image under test is small.Comment: submitted to IEEE Signal Processing Letter

A Message Passing Approach for Decision Fusion in Adversarial Multi-Sensor Networks

We consider a simple, yet widely studied, set-up in which a Fusion Center (FC) is asked to make a binary decision about a sequence of system states by relying on the possibly corrupted decisions provided by byzantine nodes, i.e. nodes which deliberately alter the result of the local decision to induce an error at the fusion center. When independent states are considered, the optimum fusion rule over a batch of observations has already been derived, however its complexity prevents its use in conjunction with large observation windows. In this paper, we propose a near-optimal algorithm based on message passing that greatly reduces the computational burden of the optimum fusion rule. In addition, the proposed algorithm retains very good performance also in the case of dependent system states. By first focusing on the case of small observation windows, we use numerical simulations to show that the proposed scheme introduces a negligible increase of the decision error probability compared to the optimum fusion rule. We then analyse the performance of the new scheme when the FC make its decision by relying on long observation windows. We do so by considering both the case of independent and Markovian system states and show that the obtained performance are superior to those obtained with prior suboptimal schemes. As an additional result, we confirm the previous finding that, in some cases, it is preferable for the byzantine nodes to minimise the mutual information between the sequence system states and the reports submitted to the FC, rather than always flipping the local decision

A Game-Theoretic Framework for Optimum Decision Fusion in the Presence of Byzantines

Optimum decision fusion in the presence of malicious nodes - often referred to as Byzantines - is hindered by the necessity of exactly knowing the statistical behavior of Byzantines. By focusing on a simple, yet widely studied, set-up in which a Fusion Center (FC) is asked to make a binary decision about a sequence of system states by relying on the possibly corrupted decisions provided by local nodes, we propose a game-theoretic framework which permits to exploit the superior performance provided by optimum decision fusion, while limiting the amount of a-priori knowledge required. We first derive the optimum decision strategy by assuming that the statistical behavior of the Byzantines is known. Then we relax such an assumption by casting the problem into a game-theoretic framework in which the FC tries to guess the behavior of the Byzantines, which, in turn, must fix their corruption strategy without knowing the guess made by the FC. We use numerical simulations to derive the equilibrium of the game, thus identifying the optimum behavior for both the FC and the Byzantines, and to evaluate the achievable performance at the equilibrium. We analyze several different setups, showing that in all cases the proposed solution permits to improve the accuracy of data fusion. We also show that, in some instances, it is preferable for the Byzantines to minimize the mutual information between the status of the observed system and the reports submitted to the FC, rather than always flipping the decision made by the local nodes as it is customarily assumed in previous works

al-Sayyida Zaynab. Storia di una devozione egiziana

This volume presents an alternative narrative of the history of the cult of Zaynab bint 'Alī, who stands for eloquence and courage against oppression in Islamic history. She is highly venerated by Shi'a. Popular piety has identified at least three shrines dedicated to her in the Middle East; one of the most venerated is located in Cairo. We will explore the forgotten traces of the Egyptian devotion, in order to discover the roots of a contemporary Sunni/Sufi cult different from the Shi'i one. The study of this important cult of a member of ahl al-bayt will be presented in an interdisciplinary perspective. After presenting how the figure of Zaynab bint 'Alī has been constructed in the historical classical sources and her role in the conflict between the Alids and the Umayyads, we will examine the origin and the development of her cult in the Ottoman period from different perspectives: religious (devotional literature), social (the mawlid), architectural and literary. In particular, we will focus on how authors, from al-Azhar and the Sufi milieu, have expressed their love to al-Sayyida Zaynab in the devotional literature of the Ottoman period, from the 16th to the 19th century. The aim is to show how the cult of al-Sayyida Zaynab has been constructed in a period characterized by a strong attachment to the family of the Prophet, when confessionalization was not so strong. Finally, we will analyze the contemporary image of al-Sayyida Zaynab as described by important writers of the 20th century Egyptian literature, and the meanings they associated to her according to the social and political context of that period