Pub Date : 2022-11-05DOI: 10.48550/arXiv.2211.02885
Yang Zheng, Xiaoyi Feng, Zhaoqiang Xia, Xiaoyue Jiang, Maura Pintor, Ambra Demontis, B. Biggio, F. Roli
Adversarial reprogramming allows stealing computational resources by repurposing machine learning models to perform a different task chosen by the attacker. For example, a model trained to recognize images of animals can be reprogrammed to recognize medical images by embedding an adversarial program in the images provided as inputs. This attack can be perpetrated even if the target model is a black box, supposed that the machine-learning model is provided as a service and the attacker can query the model and collect its outputs. So far, no defense has been demonstrated effective in this scenario. We show for the first time that this attack is detectable using stateful defenses, which store the queries made to the classifier and detect the abnormal cases in which they are similar. Once a malicious query is detected, the account of the user who made it can be blocked. Thus, the attacker must create many accounts to perpetrate the attack. To decrease this number, the attacker could create the adversarial program against a surrogate classifier and then fine-tune it by making few queries to the target model. In this scenario, the effectiveness of the stateful defense is reduced, but we show that it is still effective.
{"title":"Stateful Detection of Adversarial Reprogramming","authors":"Yang Zheng, Xiaoyi Feng, Zhaoqiang Xia, Xiaoyue Jiang, Maura Pintor, Ambra Demontis, B. Biggio, F. Roli","doi":"10.48550/arXiv.2211.02885","DOIUrl":"https://doi.org/10.48550/arXiv.2211.02885","url":null,"abstract":"Adversarial reprogramming allows stealing computational resources by repurposing machine learning models to perform a different task chosen by the attacker. For example, a model trained to recognize images of animals can be reprogrammed to recognize medical images by embedding an adversarial program in the images provided as inputs. This attack can be perpetrated even if the target model is a black box, supposed that the machine-learning model is provided as a service and the attacker can query the model and collect its outputs. So far, no defense has been demonstrated effective in this scenario. We show for the first time that this attack is detectable using stateful defenses, which store the queries made to the classifier and detect the abnormal cases in which they are similar. Once a malicious query is detected, the account of the user who made it can be blocked. Thus, the attacker must create many accounts to perpetrate the attack. To decrease this number, the attacker could create the adversarial program against a surrogate classifier and then fine-tune it by making few queries to the target model. In this scenario, the effectiveness of the stateful defense is reduced, but we show that it is still effective.","PeriodicalId":13641,"journal":{"name":"Inf. Sci.","volume":"21 1","pages":"119093"},"PeriodicalIF":0.0,"publicationDate":"2022-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78621414","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-11-01DOI: 10.1016/j.ins.2022.10.133
Hongyuan Gou, Xianyong Zhang
{"title":"Feature selection based on double-hierarchical and multiplication-optimal fusion measurement in fuzzy neighborhood rough sets","authors":"Hongyuan Gou, Xianyong Zhang","doi":"10.1016/j.ins.2022.10.133","DOIUrl":"https://doi.org/10.1016/j.ins.2022.10.133","url":null,"abstract":"","PeriodicalId":13641,"journal":{"name":"Inf. Sci.","volume":"7 1","pages":"434-467"},"PeriodicalIF":0.0,"publicationDate":"2022-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90998556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-30DOI: 10.48550/arXiv.2210.16956
Hani Sami, H. Otrok, J. Bentahar, A. Mourad, E. Damiani
In this paper, we propose Value Iteration Network for Reward Shaping (VIN-RS), a potential-based reward shaping mechanism using Convolutional Neural Network (CNN). The proposed VIN-RS embeds a CNN trained on computed labels using the message passing mechanism of the Hidden Markov Model. The CNN processes images or graphs of the environment to predict the shaping values. Recent work on reward shaping still has limitations towards training on a representation of the Markov Decision Process (MDP) and building an estimate of the transition matrix. The advantage of VIN-RS is to construct an effective potential function from an estimated MDP while automatically inferring the environment transition matrix. The proposed VIN-RS estimates the transition matrix through a self-learned convolution filter while extracting environment details from the input frames or sampled graphs. Due to (1) the previous success of using message passing for reward shaping; and (2) the CNN planning behavior, we use these messages to train the CNN of VIN-RS. Experiments are performed on tabular games, Atari 2600 and MuJoCo, for discrete and continuous action space. Our results illustrate promising improvements in the learning speed and maximum cumulative reward compared to the state-of-the-art.
{"title":"Reward Shaping Using Convolutional Neural Network","authors":"Hani Sami, H. Otrok, J. Bentahar, A. Mourad, E. Damiani","doi":"10.48550/arXiv.2210.16956","DOIUrl":"https://doi.org/10.48550/arXiv.2210.16956","url":null,"abstract":"In this paper, we propose Value Iteration Network for Reward Shaping (VIN-RS), a potential-based reward shaping mechanism using Convolutional Neural Network (CNN). The proposed VIN-RS embeds a CNN trained on computed labels using the message passing mechanism of the Hidden Markov Model. The CNN processes images or graphs of the environment to predict the shaping values. Recent work on reward shaping still has limitations towards training on a representation of the Markov Decision Process (MDP) and building an estimate of the transition matrix. The advantage of VIN-RS is to construct an effective potential function from an estimated MDP while automatically inferring the environment transition matrix. The proposed VIN-RS estimates the transition matrix through a self-learned convolution filter while extracting environment details from the input frames or sampled graphs. Due to (1) the previous success of using message passing for reward shaping; and (2) the CNN planning behavior, we use these messages to train the CNN of VIN-RS. Experiments are performed on tabular games, Atari 2600 and MuJoCo, for discrete and continuous action space. Our results illustrate promising improvements in the learning speed and maximum cumulative reward compared to the state-of-the-art.","PeriodicalId":13641,"journal":{"name":"Inf. Sci.","volume":"278 1","pages":"119481"},"PeriodicalIF":0.0,"publicationDate":"2022-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76819546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1007/978-3-030-77867-5_6
Radek Janostik, J. Konečný, Petr Krajča
{"title":"Pruning Techniques in LinCbO for Computation of the Duquenne-Guigues Basis","authors":"Radek Janostik, J. Konečný, Petr Krajča","doi":"10.1007/978-3-030-77867-5_6","DOIUrl":"https://doi.org/10.1007/978-3-030-77867-5_6","url":null,"abstract":"","PeriodicalId":13641,"journal":{"name":"Inf. Sci.","volume":"79 1","pages":"182-203"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88580819","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.ins.2022.09.025
Di Liu, Zhongbo Hu, Qinghua Su
{"title":"Neighborhood-based differential evolution algorithm with direction induced strategy for the large-scale combined heat and power economic dispatch problem","authors":"Di Liu, Zhongbo Hu, Qinghua Su","doi":"10.1016/j.ins.2022.09.025","DOIUrl":"https://doi.org/10.1016/j.ins.2022.09.025","url":null,"abstract":"","PeriodicalId":13641,"journal":{"name":"Inf. Sci.","volume":"56 1","pages":"469-493"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80459904","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.ins.2022.09.012
Jingjing Yan, Xiaofan Mao, Yuanqing Xia, Lan Wu
{"title":"Quantized output feedback for continuous-time switched systems with time-delay","authors":"Jingjing Yan, Xiaofan Mao, Yuanqing Xia, Lan Wu","doi":"10.1016/j.ins.2022.09.012","DOIUrl":"https://doi.org/10.1016/j.ins.2022.09.012","url":null,"abstract":"","PeriodicalId":13641,"journal":{"name":"Inf. Sci.","volume":"20 1","pages":"806-827"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83850598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.ins.2022.08.069
Jianchang Lai, F. Guo, W. Susilo, Peng Jiang, Guoming Yang, Xinyi Huang
{"title":"Generic conversions from CPA to CCA without ciphertext expansion for threshold ABE with constant-size ciphertexts","authors":"Jianchang Lai, F. Guo, W. Susilo, Peng Jiang, Guoming Yang, Xinyi Huang","doi":"10.1016/j.ins.2022.08.069","DOIUrl":"https://doi.org/10.1016/j.ins.2022.08.069","url":null,"abstract":"","PeriodicalId":13641,"journal":{"name":"Inf. Sci.","volume":"55 1","pages":"966-981"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84759042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.1016/j.ins.2022.08.089
Mingjing Han, Han Zhang
{"title":"Multiple kernel learning for label relation and class imbalance in multi-label learning","authors":"Mingjing Han, Han Zhang","doi":"10.1016/j.ins.2022.08.089","DOIUrl":"https://doi.org/10.1016/j.ins.2022.08.089","url":null,"abstract":"","PeriodicalId":13641,"journal":{"name":"Inf. Sci.","volume":"18 1","pages":"344-356"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89516487","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: