Concerns regarding the security of deep learning architectures operating in adversarial settings are raised with more and more intensity. The feasibility of several kinds of attacks carried out at test time, training time or both, have been largely proven and countermeasures looked for. Such concerns assume a special importance in applications wherein deep learning techniques are used for biometric-based authentication, given the malicious setting such system must operate in. It is the goal of this speech to summarize the main security threats against deep learning architectures, illustrating them with examples regarding authentication systems based on face recognition. We focus, in particular, on the challenges that an adversary must tackle with to turn deep leaning weaknesses into real world threats, and on the possible countermeasures that can be deployed to defend biometric recognition systems against attacks targeting the deep learning modules employed within them.
Mauro Barni graduated in electronic engineering at the University of Florence in 1991. He received the PhD in informatics and telecommunications in October 1995. During the last two decades he has been studying the application of image processing techniques to copyright protection and authentication of multimedia, and the possibility of processing signals that have been previously encrypted without decrypting them. Lately he has been working on theoretical and practical aspects of adversarial signal processing with a particular focus on adversarial multimedia forensics. He is author/co-author of more than 300 papers published in international journals and conference proceedings, and holds five patents in the field of digital watermarking and image authentication. He is co-author of the book “Watermarking Systems Engineering: Enabling Digital Assets Security and other Applications”, published by Dekker Inc. in February 2004. He participated to several National and International research projects on diverse topics, including computer vision, multimedia signal processing, remote sensing, digital watermarking, multimedia forensics. He has been the Editor in Chief of the IEEE Transactions on Information Forensics and Security for the years 2015-2017. He was the funding editor of the EURASIP Journal on Information Security. He has been serving as associate editor of many journals including several IEEE Transactions. Prof. Barni has been the chairman of the IEEE Information Forensic and Security Technical Committee (IFS-TC) from 2010 to 2011. He was the technical program chair of ICASSP 2014. He was appointed DL of the IEEE SPS for the years 2013-2014. He is the recipient of the Individual Technical Achievement Award of EURASIP for 2016. He is a fellow member of the IEEE and a member of EURASIP.