A black-Box adversarial attack for poisoning clustering

Clustering algorithms play a fundamental role as tools in decision-making and sensible automation pro-cesses. Due to the widespread use of these applications, a robustness analysis of this family of algorithms against adversarial noise has become imperative. To the best of our knowledge, however, only a few works have currently addressed this problem. In an attempt to fill this gap, in this work, we propose a black-box adversarial attack for crafting adversarial samples to test the robustness of clustering algo-rithms. We formulate the problem as a constrained minimization program, general in its structure and customizable by the attacker according to her capability constraints. We do not assume any information about the internal structure of the victim clustering algorithm, and we allow the attacker to query it as a service only. In the absence of any derivative information, we perform the optimization with a custom approach inspired by the Abstract Genetic Algorithm (AGA). In the experimental part, we demonstrate the sensibility of different single and ensemble clustering algorithms against our crafted adversarial samples on different scenarios. Furthermore, we perform a comparison of our algorithm with a state-of-the-art approach showing that we are able to reach or even outperform its performance. Finally, to highlight the general nature of the generated noise, we show that our attacks are transferable even against supervised algorithms such as SVMs, random forests and neural networks. (c) 2021 Elsevier Ltd. All rights reserved

Transductive Label Augmentation for Improved Deep Network Learning

A major impediment to the application of deep learning to real-world problems is the scarcity of labeled data. Small training sets are in fact of no use to deep networks as, due to the large number of trainable parameters, they will very likely be subject to overfitting phenomena. On the other hand, the increment of the training set size through further manual or semi-automatic labellings can be costly, if not possible at times. Thus, the standard techniques to address this issue are transfer learning and data augmentation, which consists of applying some sort of "transformation" to existing labeled instances to let the training set grow in size. Although this approach works well in applications such as image classification, where it is relatively simple to design suitable transformation operators, it is not obvious how to apply it in more structured scenarios. Motivated by the observation that in virtually all application domains it is easy to obtain unlabeled data, in this paper we take a different perspective and propose a \emph{label augmentation} approach. We start from a small, curated labeled dataset and let the labels propagate through a larger set of unlabeled data using graph transduction techniques. This allows us to naturally use (second-order) similarity information which resides in the data, a source of information which is typically neglected by standard augmentation techniques. In particular, we show that by using known game theoretic transductive processes we can create larger and accurate enough labeled datasets which use results in better trained neural networks. Preliminary experiments are reported which demonstrate a consistent improvement over standard image classification datasets.Comment: Accepted on IEEE International Conference on Pattern Recognitio

Unsupervised Domain Adaptation using Graph Transduction Games

Contains fulltext : 209251.pdf (Publisher’s version ) (Open Access)IJCNN 2019: International Joint Conference on Neural Networks, Budapest, Hungary, July 14-19, 201

Unsupervised Domain Adaptation using Graph Transduction Games

Unsupervised domain adaptation (UDA) amounts to assigning class labels to the unlabeled instances of a dataset from a target domain, using labeled instances of a dataset from a related source domain. In this paper we propose to cast this problem in a game-theoretic setting as a non-cooperative game and introduce a fully automatized iterative algorithm for UDA based on graph transduction games (GTG). The main advantages of this approach are its principled foundation, guaranteed termination of the iterative algorithms to a Nash equilibrium (which corresponds to a consistent labeling condition) and soft labels quantifying uncertainty of the label assignment process. We also investigate the beneficial effect of using pseudo-labels from linear classifiers to initialize the iterative process. The performance of the resulting methods is assessed on publicly available object recognition benchmark datasets involving both shallow and deep features. Results of experiments demonstrate the suitability of the proposed game-theoretic approach for solving UDA tasks

AIDA - Antennas diagnostics enhancement by combined use of AI and experts' knowledge

The increasing demand arisen in the last decades for high-quality performance of Radio-Frequency (RF) systems to be exploited in space applications, brought up the need for accurate measurements. Nowadays, several methods can be used to measure antennas far field properties, including Near-Field Test Ranges (NFTR) carried out in anechoic chambers. From the measured properties, gain or phase patterns are reconstructed and compared with theoretical patterns. The theoretical antenna patterns are produced by electromagnetic (EM) computational methods and are used in combination with the results of the measurement process in order to obtain the best test prediction of the configuration realized in the NFTR. The comparison between reference theoretical patterns and in-field measurements could highlight discrepancies which may be caused by misalignments between the antenna under test (AUT) and the measurement system or by the presence of an anomaly introduced by the manufacturing process. These discrepancies require an accurate post-test analysis to understand the anomaly typology and the associated root cause. The activity of smoothing the theoretical model to the best representation of the measured case is time and cost demanding, because it is based on the iteration up to convergence of the model-to-measure comparison process, and deeply depends on the expertise of antenna engineers. However, anomaly data are normally not recorded, nor is the experts' knowledge on how to quickly converge to the right diagnostic result. The huge amount of antenna test data and the experts' knowledge could be exploited to develop models that can detect the presence and the type of an anomaly based on the analysis of the antenna radiation patterns, thereby supporting young engineers addressing similar tasks or expert engineers speeding up the diagnostic process. AIDA is the result of a project carried out for the European Space Agency by S.A.T.E., Thales Alenia Space Italy and Ca' Foscari University of Venice, aiming at the development of a methodology and a software prototype intended to improve the iterative process of telecommunication antenna performance measurement, by supporting the anomaly detection due to different error sources, implementing an AI-based solution. This has been developed using state-of-the-art AI techniques, in particular implementing a fully supervised approach, exploiting a set of labelled observations (i.e. patterns of antennas with known anomaly class and anomaly entity) generated by simulations and real data. This contribution will describe the main results obtained with reflector and phased array antennas use cases