Distribution-Based Adversarial Multiple-Instance Learning

Chen, Sherry

27 January 2023

No description available.

Artificial Intelligence

Computer Science

machine learning

adversarial learning

multiple-instance learning

resampling

Defending against Adversarial Malware

Nair, Rohit

January 2022

No description available.

Computer Engineering

Malware

Adversarial Examples

Defense

Attacks

Portable Executables

Neural Networks

Motor Imagery Signal Classification using Adversarial Learning - A Systematic Literature Review

Mahmudi, Osama, Mishra, Shubhra

January 2023

Context: Motor Imagery (MI) signal classification is a crucial task for developing Brain-Computer Interfaces (BCIs) that allow people to control devices using their thoughts. However, traditional machine learning approaches often suffer from limited performance due to inter-subject variability and limited data availability. In response, adversarial learning has emerged as a promising solution to enhance the resilience and accuracy of BCI systems. However, to the best of our knowledge, there has not been a review of the literature on adversarial learning specifically focusing on MI classification. Objective: The objective of this thesis is to perform a Systematic Literature Review (SLR) focusing on the latest techniques of adversarial learning used to classify motor imagery signals. It aims to analyze the publication trends of the reviewed studies, investigate their use-cases, and identify the challenges in the field. Additionally, this research recognizes the datasets used in previous studies and their associated use-cases. It also identifies the pre-processing and adversarial learning techniques, and compare their performance. Additionally, it could aid in evaluating the replicability of the studies included. The outcomes of this study will assist future researchers in selecting appropriate datasets, pre-processing, and adversarial learning techniques to advance their research objectives. The comparison of models will also provide practical insights, enabling researchers to make informed decisions when designing models for motor imagery classification. Furthermore, assessing reproducibility might help in validating the research outcomes and hence elevate the overall quality of future research. Method: A thorough and systematic search following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) guidelines is undertaken to gather primary research articles from several databases such as Scopus, Web of Science, IEEEXplore, PubMed, and ScienceDirect. Two independent reviewers evaluated the articles obtained based on predetermined eligibility criteria at the title-abstract level, and their agreement was measured using Cohen's Kappa. The articles that fulfill the criteria are then scrutinized at the full-text level by the same reviewers. Any discrepancies are resolved by the judge – played by the supervisor. Critical appraisal was employed to choose appropriate studies for data extraction, which was subsequently examined using bibliometric and descriptive analyses to answer the research questions. Result: The study's findings indicate substantial growth within the domain over the past six years, notably propelled by contributions from the Asian region. However, the need for augmented collaboration becomes evident as evidenced by the prevalence of insular co-author networks. Four principal use-cases for adversarial learning are identified, spanning data augmentation, domain adaptation, feature extraction, and artifact removal. The favored datasets are BCI Competition IV's 2a and 2b, often accompanied by band-pass filtering and exponential moving standardization preprocessing. This study identifies two primary adversarial learning techniques: GAN and Adversarial Training. GAN is mainly used for data augmentation and artifact removal, while adversarial training is employed for domain adaptation and feature extraction. Based on the results reported in the chosen papers, the accuracy achieved for data augmentation and domain adaptation use cases is nearly identical at 95.3%, while the highest accuracy for the feature extraction use case is 86.91%. However, for artifact removal, both correlation and root mean square methods have been referenced. Furthermore, a reproducibility table has been established which may help in evaluating the replicability of the selected studies . Conclusion: The outcomes provide researchers with valuable perspectives on less-explored areas that hold room for additional enhancement. Ultimately, these perspectives hold the promise of improving the practical applications intended to support individuals dealing with motor impairments.

Adversarial Learning

Motor Imagery

BCI

EEG

Machine Learning

Information Systems

<b>Deep Neural Network Structural Vulnerabilities And Remedial Measures</b>

Yitao Li (9148706)

02 December 2023

<p dir="ltr">In the realm of deep learning and neural networks, there has been substantial advancement, but the persistent DNN vulnerability to adversarial attacks has prompted the search for more efficient defense strategies. Unfortunately, this becomes an arms race. Stronger attacks are being develops, while more sophisticated defense strategies are being proposed, which either require modifying the model's structure or incurring significant computational costs during training. The first part of the work makes a significant progress towards breaking this arms race. Let’s consider natural images, where all the feature values are discrete. Our proposed metrics are able to discover all the vulnerabilities surrounding a given natural image. Given sufficient computation resource, we are able to discover all the adversarial examples given one clean natural image, eliminating the need to develop new attacks. For remedial measures, our approach is to introduce a random factor into DNN classification process. Furthermore, our approach can be combined with existing defense strategy, such as adversarial training, to further improve performance.</p>

Computer vision

Adversarial machine learning

Statistical data science

Model Robustness

explainable AI method

model security

Process Monitoring and Control of Advanced Manufacturing based on Physics-Assisted Machine Learning

Chung, Jihoon

05 July 2023

With the advancement of equipment and the development of technology, the manufacturing process is becoming more and more advanced. This appears as an advanced manufacturing process that uses innovative technology, including robotics, artificial intelligence, and autonomous systems. Additive manufacturing (AM), also known as 3D printing, is the representative advanced manufacturing technology that creates 3D geometries in a layer-by-layer fashion with various types of materials. However, quality assurance in the manufacturing process requires high expectations as the process develops. Therefore, the objective of this dissertation is to propose innovative methodologies for process monitoring and control to achieve quality assurance in advanced manufacturing. The development of sensor technologies and computational power offer process data, providing opportunities to achieve effective quality assurance through a machine learning approach. Hence, exploring the connections between sensor data and process quality using machine learning methodologies would be advantageous. Although this direction is promising, some constraints and complex process dynamics in the actual process hinder achieving quality assurance from the existing machine learning methods. To address these challenges, several machine learning approaches assisted by the physics knowledge obtained from the process have been proposed in this dissertation. These approaches are successfully validated by various manufacturing processes, including AM and multistage assembly processes. Specifically, three new methodologies are proposed and developed, as listed below. -To detect the process anomalies with imbalanced process data due to different ratios of occurrence between process states, a new Generative Adversarial Network (GAN)-based method is proposed. The proposed method jointly optimizes the GAN and classifier to augment realistic and state-distinguishable images to provide balanced data. Specifically, the method utilizes the knowledge and features of normal process data to generate effective abnormal process data. The benefits of the proposed approach have been confirmed in both polymer AM and metal AM processes. -To diagnose process faults with a limited number of sensors caused by the physical constraints in the multistage assembly process, a novel sparse Bayesian learning is proposed. The method is based on a practical assumption that it will likely have a few process faults (sparse). In addition, the temporal correlation of process faults and the prior knowledge of process faults are considered through the Bayesian framework. Based on the proposed method, process faults can be accurately identified with limited sensors. -To achieve online defect mitigation of new defects that occurred during the printing due to the complex process dynamics of the AM process, a novel Reinforcement Learning (RL)-based algorithm is proposed. The proposed method is to learn the machine parameter adjustment to mitigate the new defects during the printing. The method transfers knowledge learned from various sources in the AM process to RL. Therefore, with a theoretical guarantee, the proposed method learns the mitigation strategy with fewer training samples than traditional RL. By overcoming the challenges in the process, the above-proposed methodologies successfully achieve quality assurance in the advanced manufacturing process. Furthermore, the methods are not designed for the typical processes. Therefore, they can easily be applied to other domains, such as healthcare systems. / Doctor of Philosophy / The development of equipment and technologies has led to advanced manufacturing processes. Along with that, quality assurance in the manufacturing processes has become a very important issue. Therefore, the objective of this dissertation is to accomplish quality assurance by developing advanced machine learning approaches. In this dissertation, several advanced machine learning methodologies using the physics knowledge from the process are proposed. These methods overcome some constraints and complex process dynamics of the actual process that degrade the performance of existing machine learning methodologies in achieving quality assurance. To validate the effectiveness of the proposed methodologies, various advanced manufacturing processes, including additive manufacturing and multistage assembly processes, are utilized. The performance of the proposed methodologies provides superior results for achieving quality assurance in various scenarios compared to existing state-of-the-art machine learning methods. The applications of the achievements in this dissertation are not limited to the manufacturing process. Therefore, the proposed machine learning approaches can be further extended to other application areas, such as healthcare systems.

Quality Assurance

Reinforcement Learning

Sparse Bayesian Learning

Generative Adversarial Network

Additive Manufacturing

Comparison of Discriminative and Generative Image Classifiers

Budh, Simon, Grip, William

January 2022

In this report a discriminative and a generative image classifier, used for classification of images with handwritten digits from zero to nine, are compared. The aim of this project was to compare the accuracy of the two classifiers in absence and presence of perturbations to the images. This report describes the architectures and training of the classifiers using PyTorch. Images were perturbed in four ways for the comparison. The first perturbation was a model-specific attack that perturbed images to maximize likelihood of misclassification. The other three image perturbations changed pixels in a stochastic fashion. Furthermore, The influence of training using perturbed images on the robustness of the classifier, against image perturbations, was studied. The conclusions drawn in this report was that the accuracy of the two classifiers on unperturbed images was similar and the generative classifier was more robust against the model-specific attack. Also, the discriminative classifier was more robust against the stochastic noise and was significantly more robust against image perturbations when trained on perturbed images. / I den här rapporten jämförs en diskriminativ och en generativ bildklassificerare, som används för klassificering av bilder med handskrivna siffror från noll till nio. Syftet med detta projekt var att jämföra träffsäkerheten hos de två klassificerarna med och utan störningar i bilderna. Denna rapport beskriver arkitekturerna och träningen av klassificerarna med hjälp av PyTorch. Bilder förvrängdes på fyra sätt för jämförelsen. Den första bildförvrängningen var en modellspecifik attack som förvrängde bilder för att maximera sannolikheten för felklassificering. De andra tre bildförvrängningarna ändrade pixlar på ett stokastiskt sätt. Dessutom studerades inverkan av träning med störda bilder på klassificerarens robusthet mot bildstörningar. Slutsatserna som drogs i denna rapport är att träffsäkerheten hos de två klassificerarna på oförvrängda bilder var likartad och att den generativa klassificeraren var mer robust mot den modellspecifika attacken. Dessutom var den diskriminativa klassificeraren mer robust mot slumpmässiga bildförvrängningar och var betydligt mer robust mot bildstörningar när den tränades på förvrängda bilder. / Kandidatexjobb i elektroteknik 2022, KTH, Stockholm

Image classification

CNN

Normalizing flows

RealNVP

Adversarial examples

Elektroteknik och elektronik

Detecting Manipulated and Adversarial Images: A Comprehensive Study of Real-world Applications

Alkhowaiter, Mohammed

01 January 2023

The great advance of communication technology comes with a rapid increase of disinformation in many kinds and shapes; manipulated images are one of the primary examples of disinformation that can affect many users. Such activity can severely impact public behavior, attitude, and belief or sway the viewers' perception in any malicious or benign direction. Additionally, adversarial attacks targeting deep learning models pose a severe risk to computer vision applications. This dissertation explores ways of detecting and resisting manipulated or adversarial attack images. The first contribution evaluates perceptual hashing (pHash) algorithms for detecting image manipulation on social media platforms like Facebook and Twitter. The study demonstrates the differences in image processing between the two platforms and proposes a new approach to find the optimal detection threshold for each algorithm. The next contribution develops a new pHash authentication to detect fake imagery on social media networks, using a self-supervised learning framework and contrastive loss. In addition, a fake image sample generator is developed to cover three major image manipulating operations (copy-move, splicing, removal). The proposed authentication technique outperforms the state-of-the-art pHash methods. The third contribution addresses the challenges of adversarial attacks to deep learning models. A new adversarial-aware deep learning system is proposed using a classical machine learning model as the secondary verification system to complement the primary deep learning model in image classification. The proposed approach outperforms current state-of-the-art adversarial defense systems. Finally, the fourth contribution fuses big data from Extra-Military resources to support military decision-making. The study proposes a workflow, reviews data availability, security, privacy, and integrity challenges, and suggests solutions. A demonstration of the proposed image authentication is introduced to prevent wrong decisions and increase integrity. Overall, the dissertation provides practical solutions for detecting manipulated and adversarial attack images and integrates our proposed solutions in supporting military decision-making workflow.

Image Authentication

Manipulation Detection

Adversarial Attacks Detection

Fake News Detection

Cybersecurity

Computer Vision

Computer Engineering

A New Approach to Synthetic Image Evaluation

Memari, Majid

01 December 2023

This study is dedicated to enhancing the effectiveness of Optical Character Recognition (OCR) systems, with a special emphasis on Arabic handwritten digit recognition. The choice to focus on Arabic handwritten digits is twofold: first, there has been relatively less research conducted in this area compared to its English counterparts; second, the recognition of Arabic handwritten digits presents more challenges due to the inherent similarities between different Arabic digits.OCR systems, engineered to decipher both printed and handwritten text, often face difficulties in accurately identifying low-quality or distorted handwritten text. The quality of the input image and the complexity of the text significantly influence their performance. However, data augmentation strategies can notably improve these systems' performance. These strategies generate new images that closely resemble the original ones, albeit with minor variations, thereby enriching the model's learning and enhancing its adaptability. The research found Conditional Variational Autoencoders (C-VAE) and Conditional Generative Adversarial Networks (C-GAN) to be particularly effective in this context. These two generative models stand out due to their superior image generation and feature extraction capabilities. A significant contribution of the study has been the formulation of the Synthetic Image Evaluation Procedure, a systematic approach designed to evaluate and amplify the generative models' image generation abilities. This procedure facilitates the extraction of meaningful features, computation of the Fréchet Inception Distance (LFID) score, and supports hyper-parameter optimization and model modifications.

Data Augmentation

Generative Adversarial Networks

Generative Models

Optical Character Recognition

Synthetic Image Evaluation

Variational Autoencoders

Two-way Multi-input Generative Neural Network for Anomaly Event Detection and Localization

Yang, Mingchen

January 2022

Anomaly event detection has become increasingly important and is of great significance for real-time monitoring systems. However, developing a reliable anomaly detection and localization model still requires overcoming many challenging problems considering the ambiguity in the definition of an abnormal event and the lack of ground truth datasets for training. In this thesis, we propose a Two-way Multi-input Generative Neural Network (TMGNN), which is an unsupervised anomaly events detection and localization method based on Generative Adversarial Network (GAN). TMGNN is composed of two neural networks, an appearance generation neural network and a motion generation neural network. These two networks are trained on normal frames and their corresponding motion and mosaic frames respectively. In the testing steps, the trained model cannot properly reconstruct the anomalous objects since the network is trained only on normal frames and has not learned patterns of anomalous cases. With the help of our new patch-based evaluation method, we utilize the reconstruction error to detect and localize possible anomalous objects. Our experiments show that on the UCSD Pedestrain2 dataset, our approach achieves 96.5% Area Under Curve (AUC) and 94.1% AUC for the frame-level and pixel-level criteria, respectively, reaching the best classification results compared to other traditional and deep learning methods. / Thesis / Master of Applied Science (MASc) / Recently, abnormal event detection has attracted increasing attention in the field of surveillance video. However, it is still a big challenge to build an automatic and reliable abnormal event detection system to review a surveillance video containing hundreds of frames and mask the frames with abnormal objects or events. In this thesis, we build a model and teach it to memorize the structure of normal frames. Then the model is able to tell which frames are normal. Any other frames that appear in the surveillance video will be classified as abnormal frames. Moreover, we design a new method to evaluate the performance of our model and compare it with other models’ results.

Anomaly detection and localization

Generative adversarial network

Linguistic Knowledge Transfer for Enriching Vector Representations

Kim, Joo-Kyung

12 December 2017

No description available.

Computer Science

Artificial Intelligence

Transfer Learning

Word Embedding

Intent Detection

Slot Filling

POS Tagging

Adversarial Traning