Shinsaku Kiyomoto

Hoang-Quoc Nguyen-Son, Seira Hidano, Kazuhide Fukushima et al.

Adversarial attacks reveal serious flaws in deep learning models. More dangerously, these attacks preserve the original meaning and escape human recognition. Existing methods for detecting these attacks need to be trained using original/adversarial data. In this paper, we propose detection without training by voting on hard labels from predictions of transformations, namely, VoteTRANS. Specifically, VoteTRANS detects adversarial text by comparing the hard labels of input text and its transformation. The evaluation demonstrates that VoteTRANS effectively detects adversarial text across various state-of-the-art attacks, models, and datasets.

Hoang-Quoc Nguyen-Son, Seira Hidano, Kazuhide Fukushima et al.

There are two cases describing how a classifier processes input text, namely, misclassification and correct classification. In terms of misclassified texts, a classifier handles the texts with both incorrect predictions and adversarial texts, which are generated to fool the classifier, which is called a victim. Both types are misunderstood by the victim, but they can still be recognized by other classifiers. This induces large gaps in predicted probabilities between the victim and the other classifiers. In contrast, text correctly classified by the victim is often successfully predicted by the others and induces small gaps. In this paper, we propose an ensemble model based on similarity estimation of predicted probabilities (SEPP) to exploit the large gaps in the misclassified predictions in contrast to small gaps in the correct classification. SEPP then corrects the incorrect predictions of the misclassified texts. We demonstrate the resilience of SEPP in defending and detecting adversarial texts through different types of victim classifiers, classification tasks, and adversarial attacks.

Huy Quoc Le, Dung Hoang Duong, Partha Sarathi Roy et al.

A signcryption, which is an integration of a public key encryption and a digital signature, can provide confidentiality and authenticity simultaneously. Additionally, a signcryption associated with equality test allows a third party (e.g., a cloud server) to check whether or not two ciphertexts are encrypted from the same message without knowing the message. This application plays an important role especially in computing on encrypted data. In this paper, we propose the first lattice-based signcryption scheme equipped with a solution to testing the message equality in the standard model. The proposed signcryption scheme is proven to be secure against insider attacks under the learning with errors assumption and the intractability of the short integer solution problem. As a by-product, we also show that some existing lattice-based signcryptions either is insecure or does not work correctly.

Dung Hoang Duong, Kazuhide Fukushima, Shinsaku Kiyomoto et al.

Public key encryption with equality test (PKEET) supports to check whether two ciphertexts encrypted under different public keys contain the same message or not. PKEET has many interesting applications such as keyword search on encrypted data, encrypted data partitioning for efficient encrypted data management, personal health record systems, spam filtering in encrypted email systems and so on. However, the PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others. In 2015, Ma et al. introduce the notion of PKEET with flexible authorization (PKEET-FA) which strengthens privacy protection. Since 2015, there are several follow-up works on PKEET-FA. But, all are secure in the random-oracle model. Moreover, all are vulnerable to quantum attacks. In this paper, we provide three constructions of quantum-safe PKEET-FA secure in the standard model. Proposed constructions are secure based on the hardness assumptions of integer lattices and ideal lattices. Finally, we implement the PKEET-FA scheme over ideal lattices.

Dung Hoang Duong, Partha Sarathi Roy, Willy Susilo et al.

With the rapid growth of cloud storage and cloud computing services, many organisations and users choose to store the data on a cloud server for saving costs. However, due to security concerns, data of users would be encrypted before sending to the cloud. However, this hinders a problem of computation on encrypted data in the cloud, especially in the case of performing data matching in various medical scenarios. Public key encryption with equality test (PKEET) is a powerful tool that allows the authorized cloud server to check whether two ciphertexts are generated by the same message. PKEET has then become a promising candidate for many practical applications like efficient data management on encrypted databases. Lee et al. (Information Sciences 2020) proposed a generic construction of PKEET schemes in the standard model and hence it is possible to yield the first instantiation of post-quantum PKEET schemes based on lattices. At ACISP 2019, Duong et al. proposed a direct construction of PKEET over integer lattices in the standard model. However, their scheme does not reach the CCA2-security. In this paper, we propose an efficient CCA2-secure PKEET scheme based on ideal lattices. In addition, we present a modification of the scheme by Duong et al. over integer lattices to attain the CCA2-security. Both schemes are proven secure in the standard model, and they enjoy the security in the upcoming quantum computer era.

Hoang-Quoc Nguyen-Son, Tran Phuong Thao, Seira Hidano et al.

Attackers create adversarial text to deceive both human perception and the current AI systems to perform malicious purposes such as spam product reviews and fake political posts. We investigate the difference between the adversarial and the original text to prevent the risk. We prove that the text written by a human is more coherent and fluent. Moreover, the human can express the idea through the flexible text with modern words while a machine focuses on optimizing the generated text by the simple and common words. We also suggest a method to identify the adversarial text by extracting the features related to our findings. The proposed method achieves high performance with 82.0% of accuracy and 18.4% of equal error rate, which is better than the existing methods whose the best accuracy is 77.0% corresponding to the error rate 22.8%.

Hoang-Quoc Nguyen-Son, Tran Phuong Thao, Seira Hidano et al.

Machine-translated text plays a crucial role in the communication of people using different languages. However, adversaries can use such text for malicious purposes such as plagiarism and fake review. The existing methods detected a machine-translated text only using the text's intrinsic content, but they are unsuitable for classifying the machine-translated and human-written texts with the same meanings. We have proposed a method to extract features used to distinguish machine/human text based on the similarity between the intrinsic text and its back-translation. The evaluation of detecting translated sentences with French shows that our method achieves 75.0% of both accuracy and F-score. It outperforms the existing methods whose the best accuracy is 62.8% and the F-score is 62.7%. The proposed method even detects more efficiently the back-translated text with 83.4% of accuracy, which is higher than 66.7% of the best previous accuracy. We also achieve similar results not only with F-score but also with similar experiments related to Japanese. Moreover, we prove that our detector can recognize both machine-translated and machine-back-translated texts without the language information which is used to generate these machine texts. It demonstrates the persistence of our method in various applications in both low- and rich-resource languages.

Hoang-Quoc Nguyen-Son, Tran Phuong Thao, Seira Hidano et al.

Machine-translated text plays an important role in modern life by smoothing communication from various communities using different languages. However, unnatural translation may lead to misunderstanding, a detector is thus needed to avoid the unfortunate mistakes. While a previous method measured the naturalness of continuous words using a N-gram language model, another method matched noncontinuous words across sentences but this method ignores such words in an individual sentence. We have developed a method matching similar words throughout the paragraph and estimating the paragraph-level coherence, that can identify machine-translated text. Experiment evaluates on 2000 English human-generated and 2000 English machine-translated paragraphs from German showing that the coherence-based method achieves high performance (accuracy = 87.0%; equal error rate = 13.0%). It is efficiently better than previous methods (best accuracy = 72.4%; equal error rate = 29.7%). Similar experiments on Dutch and Japanese obtain 89.2% and 97.9% accuracy, respectively. The results demonstrate the persistence of the proposed method in various languages with different resource levels.