Doutorado em Ciência da Computação

URI Permanente para esta coleção

http://repositorio.ufes.br/handle/10/17626

Nível: Doutorado
Ano de início:
Conceito atual na CAPES:
Ato normativo:
Periodicidade de seleção:
Área(s) de concentração:
Url do curso:

Navegar

Navegando Doutorado em Ciência da Computação por Assunto "Aprendizado Profundo"

Agora exibindo 1 - 2 de 2
  • Nenhuma Miniatura disponível
    Item
    Copycat CNN: convolutional neural network extraction attack with unlabeled natural images
    (Universidade Federal do Espírito Santo, 2023-04-25) Silva, Jacson Rodrigues Correia da; Santos, Thiago Oliveira dos; https://orcid.org/0000-0001-7607-635X; http://lattes.cnpq.br/5117339495064254; https://orcid.org/0000-0002-4314-1693; http://lattes.cnpq.br/0637308986252382; Goncalves, Claudine Santos Badue; https://orcid.org/0000-0003-1810-8581; http://lattes.cnpq.br/1359531672303446; Luz, Eduardo Jose da Silva; https://orcid.org/0000-0001-5249-1559; http://lattes.cnpq.br/5385878413487984; Almeida Junior, Jurandy Gomes de; https://orcid.org/0000-0002-4998-6996; http://lattes.cnpq.br/4495269939725770; Rauber, Thomas Walter; https://orcid.org/0000000263806584; http://lattes.cnpq.br/0462549482032704
    Convolutional Neural Networks (CNNs) have been achieving state-of-the-art performance on a variety of problems in recent years, leading to many companies developing neuralbased products that require expensive data acquisition, annotation, and model generation. To protect their models from being copied or attacked, companies often deliver them as black-boxes only accessible through APIs, that must be secure, robust, and reliable across different problem domains. However, recent studies have shown that state-of-the-art CNNs have vulnerabilities, where simple perturbations in input images can change the model’s response, and even images unrecognizable to humans can achieve a higher level of confidence in the model’s output. These methods need to access the model parameters, but there are studies showing how to generate a copy (imitation) of a model using its probabilities (soft-labels) and problem domain data. By using the surrogate model, an adversary can perform attacks on the target model with a higher possibility of success. We further explored these vulnerabilities. Our hypothesis is that by using publicly available images (accessible to everyone) and responses that any model should provide (even blackboxes), it is possible to copy a model achieving high performance. Therefore, we proposed a method called Copycat to explore CNN classification models. Our main goal is to copy the model in two stages: first, by querying it with random natural images, such as those from ImageNet, and annotating its maximum probabilities (hard-labels). Then, using these labeled images to train a Copycat model that should achieve similar performance to the target model. We evaluated this hypothesis on seven real-world problems and against a cloud-based API. All Copycat models achieved performance (F1-Score) above 96.4% when compared to target models. After achieving these results, we performed several experiments to consolidate and evaluate our method. Furthermore, concerned about such vulnerability, we also analyzed various existing defenses against the Copycat method. Among the experiments, defenses that detect attack queries do not work against our method, but defenses that use watermarking can identify the target model’s Intellectual Property. Thus, the method proved to be effective in model extraction, having immunity to the literature defenses, but being identified only by watermark defenses.
  • Nenhuma Miniatura disponível
    Item
    Detecção automática de doenças em frutos do mamão a partir da análise de imagens por meio de redes neurais profundas
    (Universidade Federal do Espírito Santo, 2023-07-14) Moraes, Jairo Lucas de; Souza, Alberto Ferreira de; https://orcid.org/0000000315618447; http://lattes.cnpq.br/7573837292080522; https://orcid.org/0000-0002-5111-0811; http://lattes.cnpq.br/8743832227027911; França, Felipe Maia Galvão; https://orcid.org/0000-0002-8980-6208; http://lattes.cnpq.br/1097952760431187; Partelli, Fabio Luiz; https://orcid.org/0000000288300846; http://lattes.cnpq.br/6730543200776161; Komati, Karin Satie; https://orcid.org/0000-0001-5677-4724; http://lattes.cnpq.br/9860697624155451; Oliveira, Elias Silva de; http://lattes.cnpq.br/2210356035827181
    Horticulture plays an essential role in the economies of various countries, serving as a significant source of income and job creation, particularly in developing nations. Within this sector, papaya holds substantial importance, being cultivated in over 60 countries, including Brazil, which stands as the second-largest producer of this fruit. Papaya is a delicate and climacteric fruit, leading to considerable post-harvest losses, underscoring the pivotal role of early detection and accurate classification of fruit injuries in quality control and loss mitigation. Presently, papaya quality control is conducted manually, demanding exhaustive and repetitive efforts, often necessitating specialized knowledge that may not always be readily available to small-scale farmers or small fruit processing facilities. Given this backdrop, the implementation of autonomous or semi-autonomous system solutions aimed at assisting in papaya quality control, including disease detection and physical damage identification, is highly desirable. Such solutions could effectively mitigate industry losses, offering a more efficient, precise, and reliable approach to ensuring fruit quality and maximizing productivity in the sector. In this thesis, we propose a comprehensive solution spanning from the creation of an unprecedented dataset in the literature to the development of a mobile application. This includes the implementation of novel convolutional neural network (CNN) architectures utilizing the Convolutional Block Attention Module (CBAM). Our dataset comprises more than 23,000 examples of eight types of injuries (Anthracnose, Phytophthora, Chocolate Spot, Sticky Disease, Black Spot, Physiological Spot, Mechanical Damage, and Scar) affecting papaya fruits, alongside examples of healthy fruits. The developed detector achieves a new state-ofthe-art in papaya fruit disease detection, with an average precision (mAP) of 86.2%. This performance significantly surpasses that of human experts, who achieved an average precision of 67.3%. Lastly, we optimized the structure and weights of our detector for use on mobile devices and created a robust mobile application that can run on common smartphones. It can detect diseases in papaya fruits at a rate of up to 6 frames per second without requiring additional resources.