Search Results (79)

Federated learning (FL) enables collaborative model building among a large number of participants without sharing sensitive data to the central server. Because of its distributed nature, FL has limited control over local data and the corresponding training process. Therefore, it is susceptible to data poisoning attacks where malicious workers use malicious training data to train the model. Furthermore, attackers on the worker side can easily manipulate local data by swapping the labels of training instances, adding noise to training instances, and adding out-of-distribution training instances in the local data to initiate data poisoning attacks. And local workers under such attacks carry incorrect information to the server, poison the global model, and cause misclassifications. So, the prevention and detection of such data poisoning attacks is crucial to build a robust federated training framework. To address this, we propose a prevention strategy in federated learning, namely confident federated learning, to protect workers from such data poisoning attacks. Our proposed prevention strategy at first validates the label quality of local training samples by characterizing and identifying label errors in the local training data, and then excludes the detected mislabeled samples from the local training. To this aim, we experiment with our proposed approach on both the image and audio domains, and our experimental results validated the robustness of our proposed confident federated learning in preventing the data poisoning attacks. Our proposed method can successfully detect the mislabeled training samples with above 85% accuracy and exclude those detected samples from the training set to prevent data poisoning attacks on the local workers. However, our prevention strategy can successfully prevent the attack locally in the presence of a certain percentage of poisonous samples. Beyond that percentage, the prevention strategy may not be effective in preventing attacks. In such cases, detection of the attacked workers is needed. So, in addition to the prevention strategy, we propose a novel detection strategy in the federated learning framework to detect the malicious workers under attack. We propose to create a class-wise cluster representation for every participating worker by utilizing the neuron activation maps of local models and analyze the resulting clusters to filter out the workers under attack before model aggregation. We experimentally demonstrated the efficacy of our proposed detection strategy in detecting workers affected by data poisoning attacks, along with the attack types, e.g., label-flipping or dirty labeling. In addition, our experimental results suggest that the global model could not converge even after a large number of training rounds in the presence of malicious workers, whereas after detecting the malicious workers with our proposed detection method and discarding them from model aggregation, we ensured that the global model achieved convergence within very few training rounds. Furthermore, our proposed approach stays robust under different data distributions and model sizes and does not require prior knowledge about the number of attackers in the system. Full article

The increasing global discovery of plant species presents both opportunities and challenges, particularly in distinguishing between beneficial and poisonous varieties. While computer vision techniques show promise for classifying plant species and predicting toxicity, the lack of comprehensive datasets including images, scientific names, descriptions, local names, and poisonous status complicates these predictions. In this paper, we propose an Explainable Deep Inherent Learning approach that leverages advanced computer vision techniques for effective plant species classification and poisonous status prediction. The proposed Deep Inherent Learning method was validated using different explanation techniques, and Explainable AI (XAI) was employed to clarify decision-making processes at both the local and global levels. Additionally, we provide visual information to enhance trust in the proposed method. To validate the efficacy of our approach, we present a case study involving 2500 images of 50 different plant species from the Arabian Peninsula, enriched with essential metadata. This research aims to reduce the incidence of poisoning from harmful plants, thereby benefiting individuals and society. Our experimental results demonstrate strong performance, with the XAI model achieving accuracy, Precision, Recall, and F1-Score of 0.94, 0.96, 0.96 and 0.97, respectively. By enhancing interpretability, our study fosters greater trust in AI-driven plant classification systems. Full article

With the widespread adoption of deep learning in critical domains, such as computer vision, model security has become a growing concern. Backdoor attacks, as a highly stealthy threat, have emerged as a significant research topic in AI security. Existing backdoor attack methods primarily introduce perturbations in the spatial domain of images, which suffer from limitations, such as visual detectability and signal fragility. Although subsequent approaches, such as those based on steganography, have proposed more covert backdoor attack schemes, they still exhibit various shortcomings. To address these challenges, this paper presents HCBA (high-frequency chroma backdoor attack), a novel backdoor attack method based on high-frequency injection in the UV chroma channels. By leveraging discrete wavelet transform (DWT), HCBA embeds a polarity-triggered perturbation in the high-frequency sub-bands of the UV channels in the YUV color space. This approach capitalizes on the human visual system’s insensitivity to high-frequency signals, thereby enhancing stealthiness. Moreover, high-frequency components exhibit strong stability during data transformations, improving robustness. The frequency-domain operation also simplifies the trigger embedding process, enabling high attack success rates with low poisoning rates. Extensive experimental results demonstrate that HCBA achieves outstanding performance in terms of both stealthiness and evasion of existing defense mechanisms while maintaining a high attack success rate (ASR > 98.5%). Specifically, it improves the PSNR by 25% compared to baseline methods, with corresponding enhancements in SSIM as well. Full article

Background: Forensic investigation of child homicides presents unique challenges due to the vulnerability of children and the complexity of distinguishing between natural, accidental, and intentional manner of death. A multidisciplinary approach integrating traditional forensic methods with emerging technologies is crucial to ensure accurate diagnosis and effective legal outcomes. Methods: This review examines current and emerging forensic techniques used in neonate, infant, and older child homicide investigations. It highlights advancements in postmortem imaging, histological examination, microbiological analysis, toxicology, and molecular autopsy. Results: Traditional forensic autopsy remains the cornerstone of child homicide investigations, providing critical insights into external and internal injuries. Histological examination enhances diagnostic accuracy by detecting microscopic evidence of trauma and infectious diseases. Postmortem imaging techniques are complementary for better identifying fractures, soft tissue injuries, and vascular abnormalities. Forensic toxicology plays a key role in detecting poisoning, while postmortem microbiology aids in identifying infectious causes of death. Furthermore, advancements in molecular autopsy and genetic testing have significantly enhanced the identification of hereditary conditions linked to sudden unexplained deaths in children, especially in cases involving multiple child fatalities within the same family, where forensic investigations are needed to accurately differentiate between natural causes and potential criminal involvement. Conclusions: A multidisciplinary approach incorporating traditional autopsy with postmortem imaging, histological examination, toxicology, postmortem microbiology, and molecular autopsy is essential for comprehensive forensic analysis, promoting both justice and prevention of fatal child abuse/homicide. Future research should focus on standardizing forensic protocols and exploring the potential of artificial intelligence (AI) in forensic investigations. Full article

Background: Manganese (Mn) is an essential trace element for humans. It has been recognized as a potential occupational toxin, but its danger as a toxin in patients under parenteral nutrition is often forgotten. Case Presentation: A 73-year-old man was logged for 210 days in the intensive care unit (ICU), receiving parenteral nutrition (PN) for a month, and was then transferred, first, to the internal medicine ward and, then, to the rehabilitation hospital, and 223 days after discharge from the ICU, he had current disease, chorea-type movements in the head and neck, and left hemibody. Diagnostic tests: The magnetic resonance imaging findings suggested manganese deposits, with a total blood manganese concentration of 34 µg·L⁻¹ (reference range: less than 13 µg·L⁻¹). Discussion: Abnormal movements can be caused by manganese poisoning due to parenteral nutrition and are associated with liver failure in the ICU. Our patient showed toxic Mn concentrations in whole blood after 31 days of receiving 300 μg·d⁻¹ of Mn in PN, a shorter duration than typically reported. Neurotoxicity was observed several months later (223 days). Factors such as liver dysfunction and iron deficiency can modulate neurotoxicity. Age may also be a susceptibility factor due to increased expression of Mn transport proteins. Magnetic resonance imaging (MRI) intensity in the globus pallidus is useful for detecting brain Mn accumulation, but it is not feasible for routine clinical practice. Conclusions: In this case, choreiform movements were attributed to manganese (Mn) accumulation in the basal ganglia. It is essential to monitor patients receiving parenteral nutrition (PN) solutions containing Mn, especially in those who have biomarkers of susceptibility, even if they have not yet shown neurological signs, and routinely measure whole-blood Mn concentrations, iron levels, age, and liver function. If Mn intoxication is suspected, a brain MRI examination should be conducted. Full article

Smart building applications require robust security measures to ensure system functionality, privacy, and security. To this end, this paper proposes a Federated Learning Intrusion Detection System (FL-IDS) composed of two convolutional neural network (CNN) models to detect network and IoT device attacks simultaneously. Collaborative training across multiple cooperative smart buildings enables model development without direct data sharing, ensuring privacy by design. Furthermore, the design of the proposed method considers three key principles: sustainability, adaptability, and trustworthiness. The proposed data pre-processing and engineering system significantly reduces the amount of data to be processed by the CNN, helping to limit the processing load and associated energy consumption towards more sustainable Artificial Intelligence (AI) techniques. Furthermore, the data engineering process, which includes sampling, feature extraction, and transformation of data into images, is designed considering its adaptability to integrate new sensor data and to fit seamlessly into a zero-touch system, following the principles of Machine Learning Operations (MLOps). The designed CNNs allow for the investigation of AI reasoning, implementing eXplainable AI (XAI) techniques such as the correlation map analyzed in this paper. Using the ToN-IoT dataset, the results show that the proposed FL-IDS achieves performance comparable to that of its centralized counterpart. To address the specific vulnerabilities of FL, a secure and robust aggregation method is introduced, making the system resistant to poisoning attacks from up to $20\%$ of the participating clients. Full article

The high demands on datasets and computing resources in deep learning make the models vulnerable to a range of security threats such as backdoor learning. The study of backdoor learning also helps to improve the understanding of model security. In order to ensure the attack effect, the triggers and targets in the existing backdoor learning methods are usually fixed and single, so a single defense will lead to the failure of the attack. This paper proposes an invisible backdoor learning scheme in the transform domain with flexible triggers and targets. By adding different offsets of different frequencies in the transform domain, multiple triggers and multiple targets are controlled. The generated poisoning images are added to the training dataset and the model is fine-tuned. Under the conception, two modes of backdoor learning enable flexible triggers and targets. One mode is multi-triggers and multi-targets (MTMT), and it can implement multiple triggers corresponding to different activation targets. The other mode is multi-triggers and one-target (MTOT), and it can realize multiple trigger sets to activate the target together. The experimental results show that the attack success rate reaches 95% and the accuracy of the model decreases within 3% under the premise that the trigger is not visible. This scheme can resist the common defense methods and has a good sample of the visual quality. Full article

Backdoor attacks aim to implant hidden backdoors into Deep Neural Networks (DNNs) so that the victim models perform well on clean images, whereas their predictions would be maliciously changed on poisoned images. However, most existing backdoor attacks lack the invisibility and robustness required for real-world applications, especially when it comes to resisting image compression techniques, such as JPEG and WEBP. To address these issues, in this paper, we propose a Backdoor Attack Method based on Trigger Generation (BATG). Specifically, a deep convolutional generative network is utilized as the trigger generation model to generate effective trigger images and an Invertible Neural Network (INN) is utilized as the trigger injection model to embed the generated trigger images into clean images to create poisoned images. Furthermore, a noise layer is used to simulate image compression attacks for adversarial training, enhancing the robustness against real-world image compression. Comprehensive experiments on benchmark datasets demonstrate the effectiveness, invisibility, and robustness of the proposed BATG. Full article

Wild mushrooms are popular for their taste and nutritional value; however, non-experts often struggle to distinguish between toxic and non-toxic species when foraging in the wild, potentially leading to poisoning incidents. To address this issue, this study proposes a compact bilinear neural network method based on Transformer and multi-scale feature fusion. The method utilizes a dual-stream structure that integrates multiple feature extractors, enhancing the comprehensiveness of image information capture. Additionally, bottleneck attention and efficient multi-scale attention modules are embedded to effectively capture multi-scale features while maintaining low computational costs. By employing a compact bilinear pooling module, the model achieves high-order feature interactions, reducing the number of parameters without compromising performance. Experimental results demonstrate that the proposed method achieves an accuracy of 98.03%, outperforming existing comparative methods. This proves the superior recognition performance of the model, making it more reliable in distinguishing wild mushrooms while capturing key information from multiple dimensions, enabling it to better handle complex scenarios. Furthermore, the development of public-facing identification tools based on this method could help reduce the risk of poisoning incidents. Building on these findings, the study suggests strengthening the research and development of digital agricultural technologies, promoting the application of intelligent recognition technologies in agriculture, and providing technical support for agricultural production and resource management through digital platforms. This would provide a theoretical foundation for the innovation of digital agriculture and promote its sustainable development. Full article

Organophosphoate (OP) chemicals are known to inhibit the enzyme acetylcholinesterase (AChE). Studying OP poisoning is difficult because common small animal research models have serum carboxylesterase, which contributes to animals’ resistance to OP poisoning. Historically, guinea pigs have been used for this research; however, a novel genetically modified mouse strain (KIKO) was developed with nonfunctional serum carboxylase (Es1 KO) and an altered acetylcholinesterase (AChE) gene, which expresses the amino acid sequence of the human form of the same protein (AChE KI). KIKO mice were injected with 1xLD₅₀ of an OP nerve agent or vehicle control with or without atropine. After one to three minutes, animals were injected with 35 mg/kg of the currently fielded Reactivator countermeasure for OP poisoning. Postmortem brains were imaged on a Bruker RapifleX ToF/ToF instrument. Data confirmed the presence of increased acetylcholine in OP-exposed animals, regardless of treatment or atropine status. More interestingly, we detected a small amount of Reactivator within the brain of both exposed and unexposed animals; it is currently debated if reactivators can cross the blood–brain barrier. Further, we were able to simultaneously image acetylcholine, the primary affected neurotransmitter, as well as determine the location of both Reactivator and acetylcholine in the brain. This study, which utilized sensitive MALDI-MSI methods, characterized KIKO mice as a functional model for OP countermeasure development. Full article

Invasive noxious weed species (INWS) are typical poisonous plants and forbs that are considered an increasing threat to the native alpine grassland ecosystems in the Qinghai–Tibetan Plateau (QTP). Accurate knowledge of the continuous cover of INWS across complex alpine grassland ecosystems over a large scale is required for their control and management. However, the cooccurrence of INWS and native grass species results in highly heterogeneous grass communities and generates mixed pixels detected by remote sensors, which causes uncertainty in classification. The continuous coverage of INWS at the pixel level has not yet been achieved. In this study, objective 1 was to test the capability of Senginel-2 imagery at estimating continuous INWS cover across complex alpine grasslands over a large scale and objective 2 was to assess the performance of the state-of-the-art convolutional neural network-based regression (CNNR) model in estimating continuous INWS cover. Therefore, a novel CNNR model and a random forest regression (RFR) model were evaluated for estimating INWS continuous cover using Sentinel-2 imagery. INWS continuous cover was estimated directly from Sentinel-2 imagery with an R² ranging from 0.88 to 0.93 using the CNNR model. The RFR model combined with multiple features had a comparable accuracy, which was slightly lower than that of the CNNR model, with an R² of approximately 0.85. Twelve green band-, red-edge band-, and near-infrared band-related features had important contributions to the RFR model. Our results demonstrate that the CNNR model performs well when estimating INWS continuous cover directly from Sentinel-2 imagery, and the RFR model combined with multiple features derived from the Sentinel-2 imager can also be used for INWS continuous cover mapping. Sentinel-2 imagery is suitable for mapping continuous INWS cover across complex alpine grasslands over a large scale. Our research provides information for the advanced mapping of the continuous cover of invasive species across complex grassland ecosystems or, more widely, terrestrial ecosystems over large spatial areas using remote sensors such as Sentinel-2. Full article

Remote sensing datasets usually have a wide range of spatial and spectral resolutions. They provide unique advantages in surveillance systems, and many government organizations use remote sensing multispectral imagery to monitor security-critical infrastructures or targets. Artificial Intelligence (AI) has advanced rapidly in recent years and has been widely applied to remote image analysis, achieving state-of-the-art (SOTA) performance. However, AI models are vulnerable and can be easily deceived or poisoned. A malicious user may poison an AI model by creating a stealthy backdoor. A backdoored AI model performs well on clean data but behaves abnormally when a planted trigger appears in the data. Backdoor attacks have been extensively studied in machine learning-based computer vision applications with natural images. However, much less research has been conducted on remote sensing imagery, which typically consists of many more bands in addition to the red, green, and blue bands found in natural images. In this paper, we first extensively studied a popular backdoor attack, BadNets, applied to a remote sensing dataset, where the trigger was planted in all of the bands in the data. Our results showed that SOTA defense mechanisms, including Neural Cleanse, TABOR, Activation Clustering, Fine-Pruning, GangSweep, Strip, DeepInspect, and Pixel Backdoor, had difficulties detecting and mitigating the backdoor attack. We then proposed an explainable AI-guided backdoor attack specifically for remote sensing imagery by placing triggers in the image sub-bands. Our proposed attack model even poses stronger challenges to these SOTA defense mechanisms, and no method was able to defend it. These results send an alarming message about the catastrophic effects the backdoor attacks may have on satellite imagery. Full article

Given the substantial value and considerable training costs associated with deep neural network models, the field of deep neural network model watermarking has come to the forefront. While black-box model watermarking has made commendable strides, the current methodology for constructing poisoned images in the existing literature is simplistic and susceptible to forgery. Notably, there is a scarcity of black-box model watermarking techniques capable of discerning a unique user in a multi-user model distribution setting. For this reason, this paper proposes a novel black-box model watermarking method for unique identity identification, which is denoted as the ID watermarking of neural networks (IDwNet). Specifically, to enhance the distinguishability of deep neural network models in multi-user scenarios and mitigate the likelihood of poisoned image counterfeiting, this study develops a discrete cosine transform (DCT) and singular value decomposition (SVD)-based symmetrical embedding method to form the poisoned image. As this ID embedding method leads to indistinguishable deep features, the study constructs a poisoned adversary training strategy by simultaneously inputting clean images, poisoned images with the correct ID, and poisoned adversary images with incorrect IDs to train a deep neural network. Extensive simulation experiments show that the proposed scheme achieves excellent invisibility for the concealed ID, surpassing remarkably the state-of-the-art. In addition, the proposed scheme obtains a validation success rate exceeding 99% for the poisoned images at the cost of a marginal classification accuracy reduction of less than 0.5%. Moreover, even though there is only a 1-bit discrepancy between IDs, the proposed scheme still results in an accurate validation of user copyright. These results indicate that the proposed scheme is promising. Full article

Late gadolinium enhancement (LGE) on cardiac magnetic resonance imaging (CMRI) reflects the burden of myocardial damage in carbon monoxide (CO) poisoning. This study aimed to identify the clinical and echocardiographic parameters that can predict myocardial LGE on CMRI in CO poisoning. This prospective observational study included patients who presented with acute CO poisoning and elevated troponin I and underwent echocardiography and CMRI to identify myocardial damage at a tertiary university hospital between August 2017 and May 2019 and August 2020 and July 2022. Based on the CMRI findings, participants were categorized into LGE and non-LGE groups. The median age of the 155 patients was 51.0 years, and 98 (63.2%) were males. Median times from emergency department arrival to either CMRI or echocardiography were 3.0 days each. The LGE group included 99 (63.9%) patients with LGE positivity on CMRIs. Time from rescue to hyperbaric oxygen therapy >4 h (odds ratio (OR): 3.31, 95% confidence interval (CI): 1.28–8.56, p = 0.01); serum lactate levels >2 mmol/L (OR: 2.62, 95% CI: 1.20–5.73, p = 0.02); and left ventricular global longitudinal strain >−16% (OR: 2.95, 95% CI: 1.35–6.47, p = 0.007) were significant predictors of LGE positivity. The area under the curve of these predictors was 0.711. Our prediction model, which combines the clinical parameters with left ventricular global longitudinal strain, may be helpful in the early detection of LGE positivity. Full article

Nematophagous fungi constitute a category of fungi that exhibit parasitic behavior by capturing, colonizing, and poisoning nematodes, which are critical factors in controlling nematode populations in nature, and provide important research materials for biological control. Arthrobotrys oligospora serves as a model strain among nematophagous fungi, which begins its life as conidia, and then its hyphae produce traps to capture nematodes, completing its lifestyle switch from saprophytic to parasitic. There have been many descriptions of the morphological characteristics of A. oligospora lifestyle changes, but there have been no reports on the nuclear dynamics in this species. In this work, we constructed A. oligospora strains labeled with histone H₂B–EGFP and observed the nuclear dynamics from conidia germination and hyphal extension to trap formation. We conducted real-time imaging observations on live cells of germinating and extending hyphae and found that the nucleus was located near the tip. It is interesting that the migration rate of this type of cell nucleus is very fast, and we speculate that this may be related to the morphological changes involved in the transformation to a predatory lifestyle. We suggest that alterations in nuclear shape and fixation imply the immediate disruption of the interaction with cytoskeletal mechanisms during nuclear migration. In conclusion, these findings suggest that the signal initiating nuclear migration into fungal traps is generated at the onset of nucleus entry into a trap cell. Our work provides a reference for analysis of the dynamics of nucleus distribution and a means to visualize protein localization and interactions in A. oligospora. Full article