Jonathan Peck

Campus Sterre

Krijgslaan 281

Gent, 9000 Belgium

I am a post-doctoral researcher at Ghent University, affiliated with the Department of Applied Mathematics, Computer Science and Statistics (TWIST) as well as the Data Mining and Modeling for Biomedicine (DAMBI) group at the VIB Inflammation Research Center. I am also a teaching assistant for the Artificial Intelligence course offered by Ghent University at the Faculty of Sciences.

My main focus of research is the study of adversarial examples. Broadly speaking, adversarial examples are input samples deliberately crafted by a malicious adversary in order to obtain certain specific predictions from a targeted machine learning model. The intent here is usually to cause some form of harm, such as bypassing automated content filters, malware protections or biometric security systems. In my work, I try to devise countermeasures against this form of exploitation.

Aside from research into adversarial examples, I am also interested in issues of fairness in machine learning. In developing and deploying machine learning systems, researchers and practitioners alike are often ignorant of (or deliberately ignore) the disparate impact of their systems on women and minorities. Some of these tools, such as the recommender systems used by Twitter and Facebook, also facilitate the spread of hate and political extremism across the globe. We cannot afford to remain blind to these problems; the field of machine learning must take its social responsibilities seriously.

latest posts

May 9, 2023	A simple upper bound on adversarial robustness
Jul 8, 2021	How to get Silent Hill 2 working on Linux

selected publications

Lower bounds on the robustness to adversarial perturbations

Jonathan Peck, Joris Roels, Bart Goossens, and 1 more author

In Advances in Neural Information Processing Systems, 2017

Abs Bib

The input-output mappings learned by state-of-the-art neural networks are significantly discontinuous. It is possible to cause a neural network used for image recognition to misclassify its input by applying very specific, hardly perceptible perturbations to the input, called adversarial perturbations. Many hypotheses have been proposed to explain the existence of these peculiar samples as well as several methods to mitigate them. A proven explanation remains elusive, however. In this work, we take steps towards a formal characterization of adversarial perturbations by deriving lower bounds on the magnitudes of perturbations necessary to change the classification of neural networks. The bounds are experimentally verified on the MNIST and CIFAR-10 data sets.
@inproceedings{NIPS2017_298f95e1, author = {Peck, Jonathan and Roels, Joris and Goossens, Bart and Saeys, Yvan}, booktitle = {Advances in Neural Information Processing Systems}, editor = {Guyon, I. and Luxburg, U. Von and Bengio, S. and Wallach, H. and Fergus, R. and Vishwanathan, S. and Garnett, R.}, pages = {}, publisher = {Curran Associates, Inc.}, title = {Lower bounds on the robustness to adversarial perturbations}, volume = {30}, year = {2017}, }
CharBot: A Simple and Effective Method for Evading DGA Classifiers

Jonathan Peck, Claire Nie, Raaghavi Sivaguru, and 5 more authors

IEEE Access, 2019

Abs Bib

Domain generation algorithms (DGAs) are commonly leveraged by malware to create lists of domain names which can be used for command and control (C&C) purposes. Approaches based on machine learning have recently been developed to automatically detect generated domain names in real-time. In this work, we present a novel DGA called CharBot which is capable of producing large numbers of unregistered domain names that are not detected by state-of-the-art classifiers for real-time detection of DGAs, including the recently published methods FANCI (a random forest based on human-engineered features) and LSTM.MI (a deep learning approach). CharBot is very simple, effective and requires no knowledge of the targeted DGA classifiers. We show that retraining the classifiers on CharBot samples is not a viable defense strategy. We believe these findings show that DGA classifiers are inherently vulnerable to adversarial attacks if they rely only on the domain name string to make a decision. Designing a robust DGA classifier may, therefore, necessitate the use of additional information besides the domain name alone. To the best of our knowledge, CharBot is the simplest and most efficient black-box adversarial attack against DGA classifiers proposed to date.
@article{8756038, author = {Peck, Jonathan and Nie, Claire and Sivaguru, Raaghavi and Grumer, Charles and Olumofin, Femi and Yu, Bin and Nascimento, Anderson and De Cock, Martine}, journal = {IEEE Access}, title = {CharBot: A Simple and Effective Method for Evading DGA Classifiers}, year = {2019}, volume = {7}, number = {}, pages = {91759-91771}, doi = {10.1109/ACCESS.2019.2927075}, }
Improving the robustness of deep neural networks to adversarial perturbations

Jonathan Peck

Ghent University, 2023

Abs Bib

Over the past decade, artificial neural networks have ushered in a revolution in science and society. Nowadays, neural networks are applied to various problems such as speech recognition on smartphones, self-driving cars, malware detection and even assisting doctors in making medical diagnoses. Often, neural networks achieve accuracy scores that rival or even surpass human domain experts. It is all the more surprising, then, that these same networks can be misled by minor manipulations that are invisible to the human eye. A neural network trained to identify lung cancer from MRI images, for example, can come to an incorrect diagnosis when a single pixel in the image is deliberately manipulated in a very specific way. Despite the fact that these perturbations are of no consequence to the underlying task and often would go unnoticed by human experts, neural networks tend to be incredibly sensitive to them. Developing defense methods which make our models resilient to such attacks therefore becomes paramount. In this work, I propose four methods that can be employed under different circumstances to protect systems based on artificial intelligence against adversarial attacks.
@phdthesis{peck2023improving, title = {Improving the robustness of deep neural networks to adversarial perturbations}, author = {Peck, Jonathan}, year = {2023}, school = {Ghent University}, }

latest posts

selected publications

friends & colleagues