Arezoo Rajabi scite author profile

Arezoo Rajabi

5Publications

51Citation Statements Received

188Citation Statements Given

How they've been cited

How they cite others

162

188

Affiliations

University of Washington, Oregon State University

Publications

Order By: Most citations

On the (Im)Practicality of Adversarial Perturbation for Image Privacy

Rajabi

Bobba

Rosulek

et al. 2020

View full text Add to dashboard Cite

Image hosting platforms are a popular way to store and share images with family members and friends. However, such platforms typically have full access to images raising privacy concerns. These concerns are further exacerbated with the advent of Convolutional Neural Networks (CNNs) that can be trained on available images to automatically detect and recognize faces with high accuracy.Recently, adversarial perturbations have been proposed as a potential defense against automated recognition and classification of images by CNNs. In this paper, we explore the practicality of adversarial perturbation-based approaches as a privacy defense against automated face recognition. Specifically, we first identify practical requirements for such approaches and then propose two practical adversarial perturbation approaches – (i) learned universal ensemble perturbations (UEP), and (ii) k-randomized transparent image overlays (k-RTIO) that are semantic adversarial perturbations. We demonstrate how users can generate effective transferable perturbations under realistic assumptions with less effort.We evaluate the proposed methods against state-of-theart online and offline face recognition models, Clarifai.com and DeepFace, respectively. Our findings show that UEP and k-RTIO respectively achieve more than 85% and 90% success against face recognition models. Additionally, we explore potential countermeasures that classifiers can use to thwart the proposed defenses. Particularly, we demonstrate one effective countermeasure against UEP.

show abstract

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Abbasi

Rajabi

Gagné

et al. 2020

View full text Add to dashboard Cite

DANI: A Fast Diffusion Aware Network Inference Algorithm

Ramezani¹,

Rabiee²,

Tahani³

et al. 2017

Preprint

View full text Add to dashboard Cite

The fast growth of social networks and their privacy requirements in recent years, has lead to increasing difficulty in obtaining complete topology of these networks. However, diffusion information over these networks is available and many algorithms have been proposed to infer the underlying networks by using this information. The previously proposed algorithms only focus on inferring more links and do not pay attention to the important characteristics of the underlying social networks In this paper, we propose a novel algorithm, called DANI, to infer the underlying network structure while preserving its properties by using the diffusion information. Moreover, the running time of the proposed method is considerably lower than the previous methods. We applied the proposed method to both real and synthetic networks. The experimental results showed that DANI has higher accuracy and lower run time compared to well-known network inference methods.

show abstract

Trojan Horse Training for Breaking Defenses against Backdoor Attacks in Deep Learning

Rajabi¹,

Ramasubramanian²,

Poovendran³

2022

Preprint

View full text Add to dashboard Cite

Machine learning (ML) models that use deep neural networks are vulnerable to backdoor attacks. Such attacks involve the insertion of a (hidden) trigger by an adversary. As a consequence, any input that contains the trigger will cause the neural network to misclassify the input to a (single) target class, while classifying other inputs without a trigger correctly. ML models that contain a backdoor are called Trojaned models. Backdoors can have severe consequences in safety-critical cyber and cyber physical systems when only the outputs of the model are available. Defense mechanisms have been developed and illustrated to be able to distinguish between outputs from a Trojaned model and a non-Trojaned model in the case of a single-target backdoor attack with accuracy > 96%.Understanding the limitations of a defense mechanism requires the construction of examples where the mechanism fails. Current single-target backdoor attacks require one trigger per target class. We introduce a new, more general attack that will enable a single trigger to result in misclassification to more than one target class. Such a misclassification will depend on the true (actual) class that the input belongs to. We term this category of attacks multi-target backdoor attacks. We demonstrate that a Trojaned model with either a single-target or multi-target trigger can be trained so that the accuracy of a defense mechanism that seeks to distinguish between outputs coming from a Trojaned and a non-Trojaned model will be reduced. Our approach uses the non-Trojaned model as a 'teacher' for the Trojaned model and solves a min-max optimization problem between the Trojaned model and defense mechanism. Empirical evaluations demonstrate that our training procedure reduces the accuracy of a state-of-the-art defense mechanism from > 96% to 0%. We also discuss possible approaches to improve defense mechanisms to ensure resilience to backdoor attacks for a broader category of ML models.

show abstract

Resilience Against Data Manipulation in Distributed Synchrophasor-Based Mode Estimation

Rajabi

Bobba

2021

IEEE Trans. Smart Grid

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Arezoo Rajabi

On the (Im)Practicality of Adversarial Perturbation for Image Privacy

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

DANI: A Fast Diffusion Aware Network Inference Algorithm

Trojan Horse Training for Breaking Defenses against Backdoor Attacks in Deep Learning

Resilience Against Data Manipulation in Distributed Synchrophasor-Based Mode Estimation

Contact Info

Product

Resources

About