News
May 31, 2024	I will be presenting a seminar on my research on Adversarial Examples at the SoSySec seminar at Inria-Rennes.
May 02, 2024	I will present our paper Optimal Zero-Shot Detector for Multi-Armed Attacks at the AISTATS conference. ¡Nos vemos en Valencia!
January 31, 2024	I will talk at the Séminaire COMCYBER/IA. Round table: «Fiabilité, confiance, éthique: quelle sécurité des IA?»
January 20, 2024	My thesis Towards Securing Machine Learning Algorithms through Misclassification Detection and Adversarial Attack Detection is finally online!
January 19, 2024	Our work on Optimal Zero-Shot Detector for Multi-Armed Attacks has been accepted @ AISTATS 2024 - International Conference on Artificial Intelligence and Statistics.
November 16, 2023	I will present our work on The Negative Impact of Denoising on Automated Classification of Electrocardiograms at the Réunion d'Unité UMMISCO 2023, Bondy, France.
October 27, 2023	Our work on The Negative Impact of Denoising on Automated Classification of Electrocardiograms has been accepted at the DGM4H workshop @ NeurIPS 2023.
April 21, 2023	I successfully defended my PhD thesis titled Towards Securing Machine Learning Algorithms through Misclassification Detection and Adversarial Attack Detection at Inria Saclay.
April 01, 2023	New job position: Postdoctoral Fellow at IRD - Unité de Modélisation Mathématique et Informatique des Systèmes Complexes (UMMISCO).
February 28, 2023	I completed my Research Internship, initiated in October 2022 at École de technologie supérieure (ÉTS) in Montreal, Quebec, focusing on the Detection of Errors in image segmentation tasks.

Research Interests

Security in Machine Learning: Towards Securing Machine Learning Algorithms through Misclassification Detection and Adversarial Attack Detection. Prof. Pablo Piantanida, Dr. Marco Romanelli.

Deep Neural Networks (DNNs) have seen significant advances in recent years and are nowadays widely used in a variety of applications. When it comes to safety-critical systems, developing methods and tools to make these algorithms reliable, particularly for non-specialists who may treat them as “black boxes” with no further checks, constitutes a core challenge. The purpose of the research is to investigate various methods that can enable the safe use of these technologies. In particular under the lens of:

• Misclassification detection, i.e., the problem of identifying whether the prediction of a DNN classifier should (or should not) be trusted.
• Multi-armed adversarial attacks detection, i.e., the problem of identifying simultaneous adversarial attacks perpetrated over the DNN classifier.

Machine Lerning for Health: DeepECG4U - L’intelligence artificielle au service de la santé cardiaque (artificial intelligence in the service of heart health) - Prof. Edi Prifti, Prof. Jean-Daniel Zucker.

I am particuarly focusing on:

• Enhancing the robustness of Electrocardiogram (ECG) classifiers specifically for arrhythmia prediction.
• Studying the impact of Electrocardiogram (ECG) denoising on automated classification and its consequential implications on the reliability of the models.

Publications

Proceedings of International Conferences and Journal Papers

1. Federica Granese, Marco Romanelli, Pablo Piantanida: Optimal Zero-Shot Detector for Multi-Armed Attacks. AISTATS 2024. [Paper | Code]
2. Marine Picot, Federica Granese, Guillaume Staerman, Marco Romanelli, Francisco Messina, Pablo Piantanida, Pierre Colombo: A Halfspace-Mass Depth-Based Method for Adversarial Attack Detection. Trans. Mach. Learn. Res. 2023 (2023). [Paper | Code]
3. Federica Granese, Marine Picot, Marco Romanelli, Francisco Messina, Pablo Piantanida: MEAD: A Multi-Armed Approach for Evaluation of Adversarial Examples Detectors. ECML/PKDD (3) 2022: 286-303. [Paper | Code]
4. Federica Granese, Daniele Gorla, Catuscia Palamidessi: Enhanced models for privacy and utility in continuous-time diffusion networks. Int. J. Inf. Sec. 20(5): 763-782 (2021). [Paper]
5. Federica Granese, Marco Romanelli, Daniele Gorla, Catuscia Palamidessi, Pablo Piantanida: DOCTOR: A Simple Method for Detecting Misclassification Errors. NeurIPS 2021: 5669-5681. Spotlight. [Paper | Code]
6. Daniele Gorla, Federica Granese, Catuscia Palamidessi: Enhanced Models for Privacy and Utility in Continuous-Time Diffusion Networks. ICTAC 2019: 313-331. [Paper]

Preprints

1. Federica Granese, Marco Romanelli, Siddharth Garg, Pablo Piantanida: A Minimax Approach Against Multi-Armed Adversarial Attacks Detection. CoRR abs/2302.02216 (2023). [Paper | Code coming soon]
2. Eduardo Dadalto Câmara Gomes, Marco Romanelli, Federica Granese, Pablo Piantanida: A simple Training-Free Method for Rejection Option (2023). [Paper]
3. Daniele Gorla, Louis Jalouzot, Federica Granese, Catuscia Palamidessi, Pablo Piantanida: On the (Im)Possibility of Estimating Various Notions of Differential Privacy. CoRR abs/2208.14414 (2022). [Paper]

Workshops

1. Federica Granese, Ahmad Fall, Alex Lence, Joe-Elie Salem, Jean-Daniel Zucker, Edi Prifti: The Negative Impact of Denoising on Automated Classification of Electrocardiograms. Deep Generative Models for Health Workshop NeurIPS 2023. [Paper | Code]
2. Daniele Gorla, Louis Jalouzot, Federica Granese, Catuscia Palamidessi, Pablo Piantanida: On the (Im) Possibility of Estimating Various Notions of Differential Privacy (short paper). Communication in the 24th Italian Conference on Theoretical Computer Science (ICTCS 2023).