An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

Together with impressive advances touching every aspect of our society, AI technology based on Deep Neural Networks (DNN) is bringing increasing security concerns. While attacks operating at test time have monopolised the initial attention of researchers, backdoor attacks, exploiting the possibility of corrupting DNN models by interfering with the training process, represent a further serious threat undermining the dependability of AI techniques. In backdoor attacks, the attacker corrupts the training data to induce an erroneous behaviour at test time. Test-time errors, however, are activated only in the presence of a triggering event. In this way, the corrupted network continues to work as expected for regular inputs, and the malicious behaviour occurs only when the attacker decides to activate the backdoor hidden within the network. Recently, backdoor attacks have been an intense research domain focusing on both the development of new classes of attacks, and the proposal of possible countermeasures. The goal of this overview is to review the works published until now, classifying the different types of attacks and defences proposed so far. The classification guiding the analysis is based on the amount of control that the attacker has on the training process, and the capability of the defender to verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time. Hence, the proposed analysis is suited to highlight the strengths and weaknesses of both attacks and defences with reference to the application scenarios they are operating in

An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

Together with impressive advances touching every aspect of our society, AI technology based on Deep Neural Networks (DNN) is bringing increasing security concerns. While attacks operating at test time have monopolised the initial attention of researchers, backdoor attacks, exploiting the possibility of corrupting DNN models by interfering with the training process, represent a further serious threat undermining the dependability of AI techniques. In backdoor attacks, the attacker corrupts the training data to induce an erroneous behaviour at test time. Test-time errors, however, are activated only in the presence of a triggering event. In this way, the corrupted network continues to work as expected for regular inputs, and the malicious behaviour occurs only when the attacker decides to activate the backdoor hidden within the network. Recently, backdoor attacks have been an intense research domain focusing on both the development of new classes of attacks, and the proposal of possible countermeasures. The goal of this overview is to review the works published until now, classifying the different types of attacks and defences proposed so far. The classification guiding the analysis is based on the amount of control that the attacker has on the training process, and the capability of the defender to verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time. Hence, the proposed analysis is suited to highlight the strengths and weaknesses of both attacks and defences with reference to the application scenarios they are operating in

Manipulation and generation of synthetic satellite images using deep learning models

Generation and manipulation of digital images based on deep learning (DL) are receiving increasing attention for both benign and malevolent uses. As the importance of satellite imagery is increasing, DL has started being used also for the generation of synthetic satellite images. However, the direct use of techniques developed for computer vision applications is not possible, due to the different nature of satellite images. The goal of our work is to describe a number of methods to generate manipulated and synthetic satellite images. To be specific, we focus on two different types of manipulations: full image modification and local splicing. In the former case, we rely on generative adversarial networks commonly used for style transfer applications, adapting them to implement two different kinds of transfer: (i) land cover transfer, aiming at modifying the image content from vegetation to barren and vice versa and (ii) season transfer, aiming at modifying the image content from winter to summer and vice versa. With regard to local splicing, we present two different architectures. The first one uses image generative pretrained transformer and is trained on pixel sequences in order to predict pixels in semantically consistent regions identified using watershed segmentation. The second technique uses a vision transformer operating on image patches rather than on a pixel by pixel basis. We use the trained vision transformer to generate synthetic image segments and splice them into a selected region of the to-be-manipulated image. All the proposed methods generate highly realistic, synthetic, and satellite images. Among the possible applications of the proposed techniques, we mention the generation of proper datasets for the evaluation and training of tools for the analysis of satellite images. (c) The Authors. Published by SPIE under a Creative Commons Attribution 4.0 International License. Distribution or reproduction of this work in whole or in part requires full attribution of the original publication, including its DOI

Detecting Deepfake Videos in Data Scarcity Conditions by Means of Video Coding Features

The most powerful deepfake detection methods developed so far are based on deep learning, requiring that large amounts of training data representative of the specific task are available to the trainer. In this paper, we propose a feature-based method for video deepfake detection that can work in data scarcity conditions, that is, when only very few examples are available to the forensic analyst. The proposed method is based on video coding analysis and relies on a simple footprint obtained from the motion prediction modes in the video sequence. The footprint is extracted from video sequences and used to train a simple linear Support Vector Machine classifier. The effectiveness of the proposed method is validated experimentally on three different datasets, namely, a synthetic street video dataset and two datasets of Deepfake face videos

Tannin- caprolactam and Tannin- PEG formulations as outdoor wood preservatives: Weathering properties

International audienceAbstractKey messageThis article presents the leaching, fire and weathering resistance improvements of samples treated with tannin-based wood preservatives added of caprolactam. PEG-added formulations show limited applicability. The FT-IR and13C-NMR analyses of the caprolactam-added formulations show some evidences of copolymerization.ContextTannin-boron wood preservatives are known for their high resistance against leaching, biological attacks, fire as well as for the good mechanical properties that they impart to wood. These properties promoted these formulations for being a candidate for the protection of green buildings. However, the low elasticity of these polymers and their dark colour implied limited weathering resistances.AimsThe aim of the study is to find suitable additives for tannin-based formulations to overcome their limited weathering resistances, without compromising the other properties.MethodsTreatment, leaching and fire tests, dimensional stability as well as artificial and natural weathering of the timber treated with caprolactam-added and PEG-added formulations were performed. FT-IR and 13C-NMR of the formulations were presented.ResultsThe presence of caprolactam improved the properties of the formulation with particularly significant results in terms of resistance against leaching and dimensional stability. These enhancements were imparted also to the weathering resistance of the tannin-caprolactam formulations. Indeed, the colour changes during the artificial and natural exposures were stable for longer periods. FT-IR and 13C-NMR investigations of the advanced formulations were led, and covalent copolymerization of the caprolactam with the tannin-hexamine polymer was observed.ConclusionThe tannin formulations with caprolactam improved the durability of the wood specimens, while the PEG-tannin presented strong application drawbacks

Targeting Class A and C Serine \u3b2-Lactamases with a Broad-Spectrum Boronic Acid Derivative

Production of \u3b2-lactamases (BLs) is the most widespread resistance mechanism adopted by bacteria to fight \u3b2-lactam antibiotics. The substrate spectrum of BLs has become increasingly broad, posing a serious health problem. Thus, there is an urgent need for novel BL inhibitors. Boronic acid transition-state analogues are able to reverse the resistance conferred by class A and C BLs. We describe a boronic acid analogue possessing interesting and potent broad-spectrum activity vs class A and C serine-based BLs. Starting from benzo(b)thiophene-2-boronic acid (BZBTH2B), a nanomolar non-\u3b2-lactam inhibitor of AmpC that can potentiate the activity of a third-generation cephalosporin against AmpC-producing resistant bacteria, we designed a novel broad-spectrum nanomolar inhibitor of class A and C BLs. Structure-based drug design (SBDD), synthesis, enzymology data, and X-ray crystallography results are discussed. We clarified the inhibitor binding geometry responsible for broad-spectrum activity vs serine-active BLs using double mutant thermodynamic cycle studies

Structure-Based Discovery of A2A Adenosine Receptor Ligands

The recent determination of X-ray structures of pharmacologically relevant GPCRs has made these targets accessible to structure-based ligand discovery. Here we explore whether novel chemotypes may be discovered for the A(2A) adenosine receptor, based on complementarity to its recently determined structure. The A(2A) adenosine receptor signals in the periphery and the CNS, with agonists explored as anti-inflammatory drugs and antagonists explored for neurodegenerative diseases. We used molecular docking to screen a 1.4 million compound database against the X-ray structure computationally and tested 20 high-ranking, previously unknown molecules experimentally. Of these 35% showed substantial activity with affinities between 200 nM and 9 microM. For the most potent of these new inhibitors, over 50-fold specificity was observed for the A(2A) versus the related A(1) and A(3) subtypes. These high hit rates and affinities at least partly reflect the bias of commercial libraries toward GPCR-like chemotypes, an issue that we attempt to investigate quantitatively. Despite this bias, many of the most potent new ligands were novel, dissimilar from known ligands, providing new lead structures for modulation of this medically important target

A database of the coseismic effects following the 30 October 2016 Norcia earthquake in Central Italy

We provide a database of the coseismic geological surface effects following the Mw 6.5 Norcia earthquake that hit central Italy on 30 October 2016. This was one of the strongest seismic events to occur in Europe in the past thirty years, causing complex surface ruptures over an area of >400 km 2. The database originated from the collaboration of several European teams (Open EMERGEO Working Group; about 130 researchers) coordinated by the Istituto Nazionale di Geofisica e Vulcanologia. The observations were collected by performing detailed field surveys in the epicentral region in order to describe the geometry and kinematics of surface faulting, and subsequently of landslides and other secondary coseismic effects. The resulting database consists of homogeneous georeferenced records identifying 7323 observation points, each of which contains 18 numeric and string fields of relevant information. This database will impact future earthquake studies focused on modelling of the seismic processes in active extensional settings, updating probabilistic estimates of slip distribution, and assessing the hazard of surface faulting