No Arabic abstract
Adversarial attacks have proved to be the major impediment in the progress on research towards reliable machine learning solutions. Carefully crafted perturbations, imperceptible to human vision, can be added to images to force misclassification by an otherwise high performing neural network. To have a better understanding of the key contributors of such structured attacks, we searched for and studied spatially co-located patterns in the distribution of pixels in the input space. In this paper, we propose a framework for segregating and isolating regions within an input image which are particularly critical towards either classification (during inference), or adversarial vulnerability or both. We assert that during inference, the trained model looks at a specific region in the image, which we call Region of Importance (RoI); and the attacker looks at a region to alter/modify, which we call Region of Attack (RoA). The success of this approach could also be used to design a post-hoc adversarial defence method, as illustrated by our observations. This uses the notion of blocking out (we call neutralizing) that region of the image which is highly vulnerable to adversarial attacks but is not important for the task of classification. We establish the theoretical setup for formalising the process of segregation, isolation and neutralization and substantiate it through empirical analysis on standard benchmarking datasets. The findings strongly indicate that mapping features into the input space preserves the significant patterns typically observed in the feature-space while adding major interpretability and therefore simplifies potential defensive mechanisms.
When securing complex infrastructures or large environments, constant surveillance of every area is not affordable. To cope with this issue, a common countermeasure is the usage of cheap but wide-ranged sensors, able to detect suspicious events that occur in large areas, supporting patrollers to improve the effectiveness of their strategies. However, such sensors are commonly affected by uncertainty. In the present paper, we focus on spatially uncertain alarm signals. That is, the alarm system is able to detect an attack but it is uncertain on the exact position where the attack is taking place. This is common when the area to be secured is wide such as in border patrolling and fair site surveillance. We propose, to the best of our knowledge, the first Patrolling Security Game model where a Defender is supported by a spatially uncertain alarm system which non-deterministically generates signals once a target is under attack. We show that finding the optimal strategy in arbitrary graphs is APX-hard even in zero-sum games and we provide two (exponential time) exact algorithms and two (polynomial time) approximation algorithms. Furthermore, we analyse what happens in environments with special topologies, showing that in linear and cycle graphs the optimal patrolling strategy can be found in polynomial time, de facto allowing our algorithms to be used in real-life scenarios, while in trees the problem is NP-hard. Finally, we show that without false positives and missed detections, the best patrolling strategy reduces to stay in a place, wait for a signal, and respond to it at best. This strategy is optimal even with non-negligible missed detection rates, which, unfortunately, affect every commercial alarm system. We evaluate our methods in simulation, assessing both quantitative and qualitative aspects.
Adversarial attacks pose a substantial threat to computer vision system security, but the social media industry constantly faces another form of adversarial attack in which the hackers attempt to upload inappropriate images and fool the automated screening systems by adding artificial graphics patterns. In this paper, we formulate the defense against such attacks as an artificial graphics pattern segmentation problem. We evaluate the efficacy of several segmentation algorithms and, based on observation of their performance, propose a new method tailored to this specific problem. Extensive experiments show that the proposed method outperforms the baselines and has a promising generalization capability, which is the most crucial aspect in segmenting artificial graphics patterns.
Correlated ${cal G}$ distributions can be used to describe the clutter seen in images obtained with coherent illumination, as is the case of B-scan ultrasound, laser, sonar and synthetic aperture radar (SAR) imagery. These distributions are derived using the square root of the generalized inverse Gaussian distribution for the amplitude backscatter within the multiplicative model. A two-parameters particular case of the amplitude ${mathcal G}$ distribution, called ${mathcal G}_{A}^{0}$, constitutes a modeling improvement with respect to the widespread ${mathcal K}_{A}$ distribution when fitting urban, forested and deforested areas in remote sensing data. This article deals with the modeling and the simulation of correlated ${mathcal G}_{A}^{0}$-distributed random fields. It is accomplished by means of the Inverse Transform method, applied to Gaussian random fields with spatial correlation. The main feature of this approach is its generality, since it allows the introduction of negative correlation values in the resulting process, necessary for the proper explanation of the shadowing effect in many SAR images.
We study how the dynamics of a drying front propagating through a porous medium are affected by small-scale correlations in material properties. For this, we first present drying experiments in micro-fluidic micro-models of porous media. Here, the fluid pressures develop more intermittent dynamics as local correlations are added to the structure of the pore spaces. We also consider this problem numerically, using a model of invasion percolation with trapping, and find that there is a crossover in invasion behaviour associated with the length-scale of the disorder in the system. The critical exponents associated with large enough events are similar to the classic invasion percolation problem, whereas the addition of a finite correlation length significantly affects the exponent values of avalanches and bursts, up to some characteristic size. This implies that the even a weak local structure can interfere with the universality of invasion percolation phenomena.
We present results of numerical and experimental investigation of the electric breakage of a cellular material in pulsed electric fields (PEF). The numerical model simulates the conductive properties of a cellular material by a two-dimensional array of biological cells. The application of an external field in the form of the idealised square pulse sequence with a pulse duration $t_{i}$, and a pulse repetition time $Delta t$ is assumed. The simulation model includes the known mechanisms of temporal and spatial evolution of the conductive properties of different microstructural elements in a tissue. The kinetics of breakage at different values of electric field strength $E$, $t_{i}$ and $Delta t$ was studied in experimental investigation. We propose the hypothesis for the nature of tissue properties evolution after PEF treatment and consider this phenomena as a correlated percolation, which is governed by two key processes: resealing of cells and moisture transfer processes inside the cellular structure. The breakage kinetics was shown to be very sensitive to the repetition times $Delta t$ of the PEF treatment. We observed correlated percolation patterns in a case when $Delta t$ exceeds the characteristic time of the processes of moisture transfer and random percolation patterns in other cases. The long-term mode of the pulse repetition times in PEF treatment allows us to visualize experimentally the macroscopic percolation channels in the sample.