Neural Networks Security under Realistic Scenario

Artificial Intelligence is a hot topic today, driven by the revolution of neural networks that have shown impressive performances across various tasks. Notably, in Computer Vision, they have even outperformed humans. This thesis centers on neural networks applied to image classification tasks.

 

Yet, this remarkable success is not without its vulnerabilities. Neural networks exhibit weaknesses in terms of confidentiality, integrity, and availability of their components. The training data, the model, and the inference data, are susceptible to potential attacks. Even in the realistic scenario considered in this thesis where the model operates in a black-box setup with limitations on the number of queries, it remains possible for an attacker to steal and reconstruct the model and training data, as well as manipulate inference data.

 

This thesis places a particular emphasis on safeguarding the confidentiality of the model, which can be compromised through techniques such as model extraction and parameter extraction. Additionally, it delves into the realm of adversarial examples, which pose threats to the integrity of model inference. The deliberate introduction of small, well-crafted perturbations can result in misclassifications. Consequently, a significant portion of this thesis is dedicated to exploring the origins of adversarial examples, their creation, and strategies for defending against them.

 

ATTENTION  dans le cadre du plan VIGIPIRATE la règle suivante s'applique pour cet évènement :

L’accès du public à cette soutenance est contraint à une inscription préalable obligatoire auprès de aurelie [*] patieririsa [*] fr (aurelie[dot]patier[at]irisa[dot]fr)

– L’accès ne sera pas autorisé sans inscription préalable. Par ailleurs, les visiteurs ne porteront ni bagage ni sac.