• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1111-1123
• /
• 2023

In recent years, as generative models have developed, research that threatens them has also been actively conducted. We propose a new membership inference attack against text-to-image model. Existing membership inference attacks on Text-to-Image models produced a single image as captions of query images. On the other hand, this paper uses personalized embedding in query images through Textual Inversion. And we propose a membership inference attack that effectively generates multiple images as a method of generating Adversarial Prompt. In addition, the membership inference attack is tested for the first time on the Stable Diffusion model, which is attracting attention among the Text-to-Image models, and achieve an accuracy of up to 1.00.

• 제어로봇시스템학회:학술대회논문집
• /
• 2003.10a
• /
• pp.525-530
• /
• 2003

This paper is concerned with a control allocation strategy using the dynamic inversion which generates the nominal control input trajectories, and autopilot design using the time-varying control technique which is time-varying version of pole placement of linear time-invariant system for an agile missile with aerodynamic fin and thrust vectoring control. Dynamic inversion can decide the amount of the deflection of each control effector, aerodynamic fin and thrust vectoring control, to extract the maximum performance by combining the action of them. Time-varying control technique for autopilot design enhance the robustness of the tracking performance for a reference command. Nonlinear simulations demonstrates the dynamic inversion provides the effective nominal control input trajectories to achieve the angle of attack command, and time-varying control technique exhibits good robustness for a wide range of angle of attack.

• International Journal of Aeronautical and Space Sciences
• /
• v.7 no.2
• /
• pp.137-144
• /
• 2006

The objective of this paper is to present trajectory guidance and control system with a dynamic inversion for a small unmanned aerial vehicle (UAV). The UAV model is expressed by fixed-mass rigid-body six-degree-of-freedom equations of motion, which include the detailed aerodynamic coefficients, the engine model and the actuator models that have lags and limits. A trajectory is generated from the given waypoints using cubic spline functions of a flight distance. The commanded values of an angle of attack, a sideslip angle, a bank angle and a thrust, are calculated from guidance forces to trace the flight trajectory. To adapt various waypoint locations, a proportional navigation is combined with the guidance system. By the decision logic, appropriate guidance law is selected. The flight control system to achieve the commands is designed using a dynamic inversion approach. For a dynamic inversion controller we use the two-timescale assumption that separates the fast dynamics, involving the angular rates of the aircraft, from the slow dynamics, which include angle of attack, sideslip angle, and bank angle. Some numerical simulations are conducted to see the performance of the proposed guidance and control system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.589-598
• /
• 2019

The amount of digital data a is explosively growing, and these data have large potential values. Countries and companies are creating various added values from vast amounts of data, and are making a lot of investments in data analysis techniques. The privacy problem that occurs in data analysis is a major factor that hinders data utilization. Recently, as privacy violation attacks on neural network models have been proposed. researches on artificial neural network technology that preserves privacy is required. Therefore, various privacy preserving artificial neural network technologies have been studied in the field of differential privacy that ensures strict privacy. However, there are problems that the balance between the accuracy of the neural network model and the privacy budget is not appropriate. In this paper, we study differential privacy techniques that preserve the performance of a model within a given privacy budget and is resistant to model inversion attacks. Also, we analyze the resistance of model inversion attack according to privacy preservation strength.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.3
• /
• pp.1100-1118
• /
• 2021

In a wide range of ML applications, the training data contains privacy-sensitive information that should be kept secure. Training the ML systems by privacy-sensitive data makes the ML model inherent to the data. As the structure of the model has been fine-tuned by training data, the model can be abused for accessing the data by the estimation in a reverse process called model inversion attack (MIA). Although, MIA has been applied to shallow neural network models of recognizers in literature and its threat in privacy violation has been approved, in the case of a deep learning (DL) model, its efficiency was under question. It was due to the complexity of a DL model structure, big number of DL model parameters, the huge size of training data, big number of registered users to a DL model and thereof big number of class labels. This research work first analyses the possibility of MIA on a deep learning model of a recognition system, namely a face recognizer. Second, despite the conventional MIA under the white box scenario of having partial access to the users' non-sensitive information in addition to the model structure, the MIA is implemented on a deep face recognition system by just having the model structure and parameters but not any user information. In this aspect, it is under a semi-white box scenario or in other words a gray-box scenario. The experimental results in targeting five registered users of a CNN-based face recognition system approve the possibility of regeneration of users' face images even for a deep model by MIA under a gray box scenario. Although, for some images the evaluation recognition score is low and the generated images are not easily recognizable, but for some other images the score is high and facial features of the targeted identities are observable. The objective and subjective evaluations demonstrate that privacy cyber-attack by MIA on a deep recognition system not only is feasible but also is a serious threat with increasing alert state in the future as there is considerable potential for integration more advanced ML techniques to MIA.

• International Journal of Control, Automation, and Systems
• /
• v.1 no.3
• /
• pp.315-320
• /
• 2003

This paper presents a control augmentation system (CAS) based on the dynamic model inversion (DMI) architecture for a highly maneuverable aircraft. In the application of DMI not treating actuator dynamics, significant instabilities arise due to limitations on the aircraft inputs, such as actuator time delay based on dynamics and actuator displacement limit. Actuator input saturation usually occurs during high angles of attack maneuvering in low dynamic pressure conditions. The pseudo-control hedging (PCH) algorithm is applied to prevent or delay the instability of the CAS due to a slow actuator or occurrence of actuator saturation. The performance of the proposed CAS with PCH architecture is demonstrated through a nonlinear flight simulation.

• International Journal of Aeronautical and Space Sciences
• /
• v.8 no.1
• /
• pp.21-31
• /
• 2007

Relaxed Static Stability (RSS) concept has been applied to improve aerodynamic performance of modern version supersonic jet fighter aircraft. The T-50 advanced supersonic trainer employs the RSS concept in order to improve the aerodynamic performance. And the flight control system stabilizes the unstable aircraft and provides adequate handling qualities. The T-50 longitudinal control laws employ a proportional-plus-integral type controller based on a dynamic inversion method. The longitudinal dynamic modes consist of short period with high frequency and phugoid mode with low frequency. The design goal of longitudinal control law is optimization of short period damping ratio and frequency using Lower Order Equivalent System (LOES) complying the requirement of MIL-F-8785C. This paper addresses phugoid mode characteristics such as damping ratio and natural frequency that is affected by the nonlinear control laws such as angle of attack limiter, auto pitch attitude command system and autopilot of pitch attitude hold.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.1
• /
• pp.65-70
• /
• 1998

K. Nyberg and L.R. Knudsen showed a prototype of a DES-like cipher$^{[1]}$ which has a provable security against differential cryptanalysis. But in the last year, at FSE'97 T. Jakobsen ane L.R.Knudsen broked it by using higher order differential attack and interpolation attack$^{[2]}$ . Furthermore the cipher was just a theoretically proposed one to demonstrate how to construct a cipher which is procably secure against differential cryptanalysis$^{[3]}$ and it was suspected to have a large complexity for its implementation.Inthis paper the two improved results for the dfficidnt hardware and software implementation.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.10c
• /
• pp.586-588
• /
• 2002

실행 시간 스택 프레임의 하단과 상단을 가리키는 프레임 포인터와 스택 포인터는 항상 일정한 대소 관계를 유지한다. 선형 스택 공격이 진행되면, 이관계가 반전된다. 이때 스택이 역위되었다고 한다. 본 논문은 x86프로세서 계열의 gcc 컴파일러에 스택 역위 탐지기능을 부여하여, 이 컴파일러를 사용하였을 때 실행 프로그램의 성능에 미치는 영향을 분석하였다.

• Convergence Security Journal
• /
• v.21 no.3
• /
• pp.49-56
• /
• 2021

Recently, artificial intelligence is regarded as an essential technology in our society. In particular, the invasion of privacy in artificial intelligence has become a serious problem in modern society. Split learning, proposed at MIT in 2019 for privacy protection, is a type of federated learning technique that does not share any raw data. In this study, we studied a safe and accurate segmentation learning model using known differential privacy to safely manage data. In addition, we trained SVHN and GTSRB on a split learning model to which 15 different types of differential privacy are applied, and checked whether the learning is stable. By conducting a learning data extraction attack, a differential privacy budget that prevents attacks is quantitatively derived through MSE.