-
An Empirical Study of Aegis
Authors:
Daniel Saragih,
Paridhi Goel,
Tejas Balaji,
Alyssa Li
Abstract:
Bit flipping attacks are one class of attacks on neural networks with numerous defense mechanisms invented to mitigate its potency. Due to the importance of ensuring the robustness of these defense mechanisms, we perform an empirical study on the Aegis framework. We evaluate the baseline mechanisms of Aegis on low-entropy data (MNIST), and we evaluate a pre-trained model with the mechanisms fine-t…
▽ More
Bit flipping attacks are one class of attacks on neural networks with numerous defense mechanisms invented to mitigate its potency. Due to the importance of ensuring the robustness of these defense mechanisms, we perform an empirical study on the Aegis framework. We evaluate the baseline mechanisms of Aegis on low-entropy data (MNIST), and we evaluate a pre-trained model with the mechanisms fine-tuned on MNIST. We also compare the use of data augmentation to the robustness training of Aegis, and how Aegis performs under other adversarial attacks, such as the generation of adversarial examples. We find that both the dynamic-exit strategy and robustness training of Aegis has some drawbacks. In particular, we see drops in accuracy when testing on perturbed data, and on adversarial examples, as compared to baselines. Moreover, we found that the dynamic exit-strategy loses its uniformity when tested on simpler datasets. The code for this project is available on GitHub.
△ Less
Submitted 24 April, 2024;
originally announced April 2024.
-
Temporally coherent video anonymization through GAN inpainting
Authors:
Thangapavithraa Balaji,
Patrick Blies,
Georg Göri,
Raphael Mitsch,
Marcel Wasserer,
Torsten Schön
Abstract:
This work tackles the problem of temporally coherent face anonymization in natural video streams.We propose JaGAN, a two-stage system starting with detecting and masking out faces with black image patches in all individual frames of the video. The second stage leverages a privacy-preserving Video Generative Adversarial Network designed to inpaint the missing image patches with artificially generat…
▽ More
This work tackles the problem of temporally coherent face anonymization in natural video streams.We propose JaGAN, a two-stage system starting with detecting and masking out faces with black image patches in all individual frames of the video. The second stage leverages a privacy-preserving Video Generative Adversarial Network designed to inpaint the missing image patches with artificially generated faces. Our initial experiments reveal that image based generative models are not capable of inpainting patches showing temporal coherent appearance across neighboring video frames. To address this issue we introduce a newly curated video collection, which is made publicly available for the research community along with this paper. We also introduce the Identity Invariance Score IdI as a means to quantify temporal coherency between neighboring frames.
△ Less
Submitted 4 June, 2021;
originally announced June 2021.
-
Effective Features of Remote Sensing Image Classification Using Interactive Adaptive Thresholding Method
Authors:
T. Balaji,
Dr. M. Sumathi
Abstract:
Remote sensing image classification can be performed in many different ways to extract meaningful features. One common approach is to perform edge detection. A second approach is to try and detect whole shapes, given the fact that these shapes usually tend to have distinctive properties such as object foreground or background. To get optimal results, these two approaches can be combined. This pape…
▽ More
Remote sensing image classification can be performed in many different ways to extract meaningful features. One common approach is to perform edge detection. A second approach is to try and detect whole shapes, given the fact that these shapes usually tend to have distinctive properties such as object foreground or background. To get optimal results, these two approaches can be combined. This paper adopts a combinatorial optimization method to adaptively select threshold based features to improve remote sensing image. Feature selection is an important combinatorial optimization problem in the remote sensing image classification. The feature selection method has to achieve three characteristics: first the performance issues by facilitating data collection and reducing storage space and classification time, second to perform semantics analysis helping to understand the problem, and third to improve prediction accuracy by avoiding the curse of dimensionality. The goal of this thresholding an image is to classify pixels as either dark or light and evaluation of classification results. Interactive adaptive thresholding is a form of thresholding that takes into account spatial variations in illumination of remote sensing image. We present a technique for remote sensing based adaptive thresholding using the interactive satellite image of the input. However, our solution is more robust to illumination changes in the remote sensing image. Additionally, our method is simple and easy to implement but it is effective algorithm to classify the image pixels. This technique is suitable for preprocessing the remote sensing image classification, making it a valuable tool for interactive remote based applications such as augmented reality of the classification procedure.
△ Less
Submitted 30 January, 2014;
originally announced January 2014.
