Publications tagged with "Deep neural networks"

1. Exploring data and model poisoning attacks to deep learning-based NLP systems

   Marulli, F., Verde, L., & Campanile, L. (2021). Exploring data and model poisoning attacks to deep learning-based NLP systems [Conference paper]. Procedia Computer Science, 192, 3570–3579. https://doi.org/10.1016/j.procs.2021.09.130

   Abstract

   Natural Language Processing (NLP) is being recently explored also to its application in supporting malicious activities and objects detection. Furthermore, NLP and Deep Learning have become targets of malicious attacks too. Very recent researches evidenced that adversarial attacks are able to affect also NLP tasks, in addition to the more popular adversarial attacks on deep learning systems for image processing tasks. More precisely, while small perturbations applied to the data set adopted for training typical NLP tasks (e.g., Part-of-Speech Tagging, Named Entity Recognition, etc..) could be easily recognized, models poisoning, performed by the means of altered data models, typically provided in the transfer learning phase to a deep neural networks (e.g., poisoning attacks by word embeddings), are harder to be detected. In this work, we preliminary explore the effectiveness of a poisoned word embeddings attack aimed at a deep neural network trained to accomplish a Named Entity Recognition (NER) task. By adopting the NER case study, we aimed to analyze the severity of such a kind of attack to accuracy in recognizing the right classes for the given entities. Finally, this study represents a preliminary step to assess the impact and the vulnerabilities of some NLP systems we adopt in our research activities, and further investigating some potential mitigation strategies, in order to make these systems more resilient to data and models poisoning attacks. © 2021 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0) Peer-review under responsibility of the scientific committee of KES International.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Marulli20213570", "type"=>"Conference paper", "bibtex"=>"@conference{Marulli20213570,\n  author = {Marulli, Fiammetta and Verde, Laura and Campanile, Lelio},\n  title = {Exploring data and model poisoning attacks to deep learning-based NLP systems},\n  year = {2021},\n  journal = {Procedia Computer Science},\n  volume = {192},\n  pages = {3570 – 3579},\n  doi = {10.1016/j.procs.2021.09.130}\n}\n", "author"=>"Marulli, Fiammetta and Verde, Laura and Campanile, Lelio", "author_array"=>[{"first"=>"Fiammetta", "last"=>"Marulli", "prefix"=>"", "suffix"=>""}, {"first"=>"Laura", "last"=>"Verde", "prefix"=>"", "suffix"=>""}, {"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Fiammetta", "author_0_last"=>"Marulli", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Laura", "author_1_last"=>"Verde", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Lelio", "author_2_last"=>"Campanile", "author_2_prefix"=>"", "author_2_suffix"=>"", "title"=>"Exploring data and model poisoning attacks to deep learning-based NLP systems", "year"=>"2021", "journal"=>"Procedia Computer Science", "volume"=>"192", "pages"=>"3570 – 3579", "doi"=>"10.1016/j.procs.2021.09.130", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85116922484&doi=10.1016%2fj.procs.2021.09.130&partnerID=40&md5=bdd9c6e94db10582de39cd67012dfa4c", "abstract"=>"Natural Language Processing (NLP) is being recently explored also to its application in supporting malicious activities and objects detection. Furthermore, NLP and Deep Learning have become targets of malicious attacks too. Very recent researches evidenced that adversarial attacks are able to affect also NLP tasks, in addition to the more popular adversarial attacks on deep learning systems for image processing tasks. More precisely, while small perturbations applied to the data set adopted for training typical NLP tasks (e.g., Part-of-Speech Tagging, Named Entity Recognition, etc..) could be easily recognized, models poisoning, performed by the means of altered data models, typically provided in the transfer learning phase to a deep neural networks (e.g., poisoning attacks by word embeddings), are harder to be detected. In this work, we preliminary explore the effectiveness of a poisoned word embeddings attack aimed at a deep neural network trained to accomplish a Named Entity Recognition (NER) task. By adopting the NER case study, we aimed to analyze the severity of such a kind of attack to accuracy in recognizing the right classes for the given entities. Finally, this study represents a preliminary step to assess the impact and the vulnerabilities of some NLP systems we adopt in our research activities, and further investigating some potential mitigation strategies, in order to make these systems more resilient to data and models poisoning attacks. © 2021 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0) Peer-review under responsibility of the scientific committee of KES International.", "author_keywords"=>"Data poisoning attacks; Deep learning vulnerabilities; Natural language processing; Poisoned word embeddings; Reliable machine learning", "keywords"=>"Computational linguistics; Deep neural networks; Embeddings; Object detection; Speech recognition; Activity detection; Data poisoning attack; Deep learning vulnerability; Embeddings; ITS applications; Malicious activities; Named entity recognition; Poisoned word embedding; Poisoning attacks; Reliable machine learning; Natural language processing systems", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 27; All Open Access, Gold Open Access"}
       

   Details
2. Exploring a Federated Learning Approach to Enhance Authorship Attribution of Misleading Information from Heterogeneous Sources

   Marulli, F., Balzanella, A., Campanile, L., Iacono, M., & Mastroianni, M. (2021). Exploring a Federated Learning Approach to Enhance Authorship Attribution of Misleading Information from Heterogeneous Sources [Conference paper]. Proceedings of the International Joint Conference on Neural Networks, 2021-July. https://doi.org/10.1109/IJCNN52387.2021.9534377

   Abstract

   Authorship Attribution (AA) is currently applied in several applications, among which fraud detection and anti-plagiarism checks: this task can leverage stylometry and Natural Language Processing techniques. In this work, we explored some strategies to enhance the performance of an AA task for the automatic detection of false and misleading information (e.g., fake news). We set up a text classification model for AA based on stylometry exploiting recurrent deep neural networks and implemented two learning tasks trained on the same collection of fake and real news, comparing their performances: one is based on Federated Learning architecture, the other on a centralized architecture. The goal was to discriminate potential fake information from true ones when the fake news comes from heterogeneous sources, with different styles. Preliminary experiments show that a distributed approach significantly improves recall with respect to the centralized model. As expected, precision was lower in the distributed model. This aspect, coupled with the statistical heterogeneity of data, represents some open issues that will be further investigated in future work. © 2021 IEEE.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Marulli2021", "type"=>"Conference paper", "bibtex"=>"@conference{Marulli2021,\n  author = {Marulli, Fiammetta and Balzanella, Antonio and Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele},\n  title = {Exploring a Federated Learning Approach to Enhance Authorship Attribution of Misleading Information from Heterogeneous Sources},\n  year = {2021},\n  journal = {Proceedings of the International Joint Conference on Neural Networks},\n  volume = {2021-July},\n  doi = {10.1109/IJCNN52387.2021.9534377}\n}\n", "author"=>"Marulli, Fiammetta and Balzanella, Antonio and Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele", "author_array"=>[{"first"=>"Fiammetta", "last"=>"Marulli", "prefix"=>"", "suffix"=>""}, {"first"=>"Antonio", "last"=>"Balzanella", "prefix"=>"", "suffix"=>""}, {"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Iacono", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Fiammetta", "author_0_last"=>"Marulli", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Antonio", "author_1_last"=>"Balzanella", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Lelio", "author_2_last"=>"Campanile", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Mauro", "author_3_last"=>"Iacono", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Michele", "author_4_last"=>"Mastroianni", "author_4_prefix"=>"", "author_4_suffix"=>"", "title"=>"Exploring a Federated Learning Approach to Enhance Authorship Attribution of Misleading Information from Heterogeneous Sources", "year"=>"2021", "journal"=>"Proceedings of the International Joint Conference on Neural Networks", "volume"=>"2021-July", "doi"=>"10.1109/IJCNN52387.2021.9534377", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85116453728&doi=10.1109%2fIJCNN52387.2021.9534377&partnerID=40&md5=1a66f680877de40ba6525a359903672e", "abstract"=>"Authorship Attribution (AA) is currently applied in several applications, among which fraud detection and anti-plagiarism checks: this task can leverage stylometry and Natural Language Processing techniques. In this work, we explored some strategies to enhance the performance of an AA task for the automatic detection of false and misleading information (e.g., fake news). We set up a text classification model for AA based on stylometry exploiting recurrent deep neural networks and implemented two learning tasks trained on the same collection of fake and real news, comparing their performances: one is based on Federated Learning architecture, the other on a centralized architecture. The goal was to discriminate potential fake information from true ones when the fake news comes from heterogeneous sources, with different styles. Preliminary experiments show that a distributed approach significantly improves recall with respect to the centralized model. As expected, precision was lower in the distributed model. This aspect, coupled with the statistical heterogeneity of data, represents some open issues that will be further investigated in future work. © 2021 IEEE.", "author_keywords"=>"Authorship Attribution; Cooperative Computing; Federated Learning; Natural Language Processing; Text classification", "keywords"=>"Classification (of information); Deep neural networks; Network architecture; Recurrent neural networks; Text processing; Authorship attribution; Cooperative computing; Federated learning; Fraud detection; Heterogeneous sources; Learning approach; Misleading informations; Performance; Stylometry; Text classification; Natural language processing systems", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 17"}
       

   Details

← Back to all publications