1,721,062 research outputs found
No Time to Spare: Adversarial Machine Learning at Training and Inference Time
No full textContains fulltext :
326242.pdf (Publisher’s version ) (Open Access)Radboud University, 12 januari 2026Promotor : Batina, L. Co-promotor : Picek, S.177 p
Dynamic Backdoors with Global Average Pooling
No full textOutsourced training and machine learning as a service have resulted in novel
attack vectors like backdoor attacks. Such attacks embed a secret functionality
in a neural network activated when the trigger is added to its input. In most
works in the literature, the trigger is static, both in terms of location and
pattern. The effectiveness of various detection mechanisms depends on this
property. It was recently shown that countermeasures in image classification,
like Neural Cleanse and ABS, could be bypassed with dynamic triggers that are
effective regardless of their pattern and location. Still, such backdoors are
demanding as they require a large percentage of poisoned training data. In this
work, we are the first to show that dynamic backdoor attacks could happen due
to a global average pooling layer without increasing the percentage of the
poisoned training data. Nevertheless, our experiments in sound classification,
text sentiment analysis, and image classification show this to be very
difficult in practice
Beyond the Security of Deep Learning: An Exploration of Stealthy Backdoor Attacks in Computer Vision
No full textContains fulltext :
319701.pdf (Publisher’s version ) (Open Access)This thesis investigates the security of deep learning systems, with a particular focus on backdoor attacks—a form of data poisoning where models behave normally under typical inputs but produce attacker-controlled outputs when a specific trigger is present. The research systematically analyzes the effectiveness and stealthiness of such attacks across a range of modern machine learning settings, including convolutional neural networks, spiking neural networks with neuromorphic data, vision transformers, and federated learning systems. The findings show that backdoor success depends heavily on trigger design, model architecture, and training conditions. Larger models and those trained from scratch tend to be more vulnerable. In decentralized and neuromorphic contexts, novel attack strategies are introduced that exploit the structure of data and training workflows, achieving high attack success rates while remaining undetected. The evaluation of common defenses reveals that many are ineffective against more sophisticated or context-specific attacks. Overall, the work highlights the growing complexity of securing machine learning systems and the need for defense mechanisms that are robust across architectures, data modalities, and deployment scenarios.Radboud University, 23 juni 2025Promotor : Batina, L. Co-promotores : Picek, S., Urbieta, A.xix, 274 p
Your PIN is Mine: Uncovering Users' PINs at Point of Sale Machines
No full textPoint of Sale (PoS) machines have become extremely popular recently. In many economies, most transactions occur using them. Although PoS technology is evolving, PINs are still heavily used. In this paper, we perform a large-scale study to understand how difficult it is to uncover user PINs at PoS, even when the users cover the pad with their hands. Our study involves 142 participants, two types of PoS, and around 13,800 PINs. We develop machine learning techniques to infer PoS PINs by using hidden cameras. Our results show that uncovering PINs in PoS is more complex than in other cases where a user PIN is used, e.g., ATMs, because of the small pad area of PoS. Nevertheless, we could achieve more than 50% Top-3 accuracy for 4-digit PINs and 45% Top-3 accuracy for 5-digit PINs, even when the PIN is covered by the user's hand. We comment on the impact of the camera's position and PoS on the successful inference of the user's PINs. We also comment on the hardness of inferring PINs depending on the physical distance of digits and recommend what are good practices to generate PINs and cover PoS to make PIN inference difficult
Turning Privacy-preserving Mechanisms against Federated Learning
No full textRecently, researchers have successfully employed Graph Neural Networks (GNNs) to build enhanced recommender systems due to their capability to learn patterns from the interaction between involved entities. In addition, previous studies have investigated federated learning as the main solution to enable a native privacy-preserving mechanism for the construction of global GNN models without collecting sensitive data into a single computation unit. Still, privacy issues may arise as the analysis of local model updates produced by the federated clients can return information related to sensitive local data. For this reason, researchers proposed solutions that combine federated learning with Differential Privacy strategies and community-driven approaches, which involve combining data from neighbor clients to make the individual local updates less dependent on local sensitive data. In this paper, we identify a crucial security flaw in such a configuration and design an attack capable of deceiving state-of-the-art defenses for federated learning. The proposed attack includes two operating modes, the first one focusing on convergence inhibition (Adversarial Mode), and the second one aiming at building a deceptive rating injection on the global federated model (Backdoor Mode). The experimental results show the effectiveness of our attack in both its modes, returning on average 60% performance detriment in all the tests on Adversarial Mode and fully effective backdoors in 93% of cases for the tests performed on Backdoor Mode
Artificial Intelligence for the Design of Symmetric Cryptographic Primitives
No full textThis chapter provides a general overview of AI methods used to support the design of cryptographic primitives and protocols. After giving a brief introduction to the basic concepts underlying the field of cryptography, we review the most researched use cases concerning the use of AI techniques and models to design cryptographic primitives, focusing mainly on Boolean functions, S-boxes and pseudorandom number generators. We then point out two interesting directions for further research on the design of cryptographic primitives where AI methods could be applied in the future.Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Cyber Securit
Evolutionary computation and machine learning in cryptology
No full textVirtual/online event due to COVID-19 Accepted author manuscriptCyber Securit
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
- …
