Adversarial Forensics/ DS Theory/ Deep Web Forensics Flashcards
Considering an adversarial set-up between a forgerer (F) and a forensic analyst (FA), we can state that …
Select one or more:
a. FA never cares about false negatives
b. FA wants to detect fake data
c. F aims at maximizing the probability that the data are classified as valid by FA with minimum distortion
d. F aims at altering the data so that FA detect them as valid.
e. F aims at maximizing the probability that the data are classified as valid by FA regardless of distortion
b. FA wants to detect fake data
c. F aims at maximizing the probability that the data are classified as valid by FA with minimum distortion
d. F aims at altering the data so that FA detect them as valid.
According to Dempster-Schafer theory, the belief associated to a given evidences or hypothesis …
Select one or more:
a. … is always lower than the plausibility.
b. … can be higher than probability.
c. … it correspond to 1 minus the plausibility of that evidence/hypothesis
d. … characterizes how much the evidence/hypothesis is provable.
a. … is always lower than the plausibility.
d. … characterizes how much the evidence/hypothesis is provable.
Given a set of data valid sources that can be modeled as Bernoulli processes with probability 𝑝=0.8,0.85,0.75 and a fake data source characterized by probability 𝑞=0.9, which target probability should a forgerer obtain by altering the input data (assuming that the forensic analyst wants to zero the probability of rejecting valid data)?
0,85
Which among the following adversarial ML attacks is the LEAST computationally expensive?
Select one:
a. Jacobian-based Saliency Map Attack (JSMA)
b. Fast Gradient Sign method (FGSM)
c. Deepfool
d. Broyden-Fletcher-Goldfarb-Shanno method (BFGS)
e. Carlini & Wagner
b. Fast Gradient Sign method (FGSM)
Given a set of data valid sources that can be modeled as Bernoulli processes with probability p= 0.57 , 0.6, 0.55 and a fake data source characterized by probability q=0.74, which reference probability should a forensic analyst choose in order to avoid discarding valid data and minimize the probability of accepting fake data?
Assume that the forensic analyst compute the difference between the estimated probability and a reference plausible values with an acceptance threshold equal to 0,2; assume also that he wants to zero the probability of rejecting valid data.
0,40
According to the DS theory, the value of the mass function for the empty set ∅
is 0.
Select one:
True
False
true
Among the following, select the wrong statement about the Frechet Inception Distance or FID.
Select one:
a. It is robust to noise
b. It models real and fake data as a multivariate distributions.
c. It is not affected by visual artifacts
d. It can be computed using mean and covariance matrix for fake and real data only.
c. It is not affected by visual artifacts
Given three IDS whose evidence results can be combined using DS theory, we can state that …
Select one or more:
a. … you must have a mass entry also for null intersections
b. … order of binary combination does not matter.
c. … you must have a mass entry for each non-null intersection
b. … order of binary combination does not matter.
c. … you must have a mass entry for each non-null intersection
Given a set of data valid sources that can be modeled as Bernoulli processes with probability p= 0.59 , 0.71, 0.61 and a fake data source characterized by probability q=0.91, which target probability should a forgerer obtain by altering the input data? Assume that the forensic analyst compute the difference between the estimated probability and a reference plausible values; assume also that he wants to zero the probability of rejecting valid data.
0.71
In adversarial machie learning, which of the following attack combination scenarios prove to be the most challenging …
Select one:
a. Blackbox individual attack
b. Blackbox targeted attack
c. Whitebox universal attack.
d. Whitebox targeted attack
Blackbox targeted attack
According to Dempster-Schafer theory, the domain of the mass function is the universe set 𝑋={𝑎,𝑏,𝑐,…} corresponding to the different possible events.
Select one:
True
False
False
According to the DS theory, plausibility is the probability that A is provable (supported) by the evidence.
Select one:
True
False
False
Which of the following attack types are most likely adressing an IDS?
Select one:
a. Poisoning attack
b. Evasion attack
c. Model extraction
b. Evasion attack
In clean data learning for anomaly detection, we can NOT use the training set to create …
Select one:
a. A dynamical system from Partial Differential Equations
b. ARMA models
c. Recurrent Neural Networks
d. A multiclass SVM classifier
d. A multiclass SVM classifier
Which of the following loss function can lead to a vanishing gradient problem in a GAN?
Select one:
a. 𝐿(𝐷,𝐺)=−0.5𝐸𝑧[log𝐷(𝐺(𝑧))]
b. 𝐿(𝐷,𝐺)=𝐷(𝑥)−𝐷(𝐺(𝑧))
c. 𝐿(𝐷,𝐺)=𝐸𝑥[log𝐷(𝑥)]+𝐸𝑧[log(1−𝐷(𝐺(𝑧)))]
c. 𝐿(𝐷,𝐺)=𝐸𝑥[log𝐷(𝑥)]+𝐸𝑧[log(1−𝐷(𝐺(𝑧)))]