When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers

Wang, Yujia, Miller, David J., Kesidis, George

Oct-31-2018–arXiv.org Machine Learning

This paper addresses detection of a reverse engineering (RE) attack targeting a deep neural network (DNN) image classifier; by querying, RE's aim is to discover the classifier's decision rule. RE can enable test-time evasion attacks, which require knowledge of the classifier. Recently, we proposed a quite effective approach (ADA) to detect test-time evasion attacks. In this paper, we extend ADA to detect RE attacks (ADA-RE). We demonstrate our method is successful in detecting "stealthy" RE attacks before they learn enough to launch effective test-time evasion attacks.

artificial intelligence, classifier, machine learning, (16 more...)

arXiv.org Machine Learning

Oct-31-2018

arXiv.org PDF

Add feedback

Country:
- Asia (0.04)
- North America > United States
  - Pennsylvania > Centre County
    - University Park (0.04)
  - Texas > Travis County
    - Austin (0.04)

Genre:
- Research Report (0.40)

Technology:
- Information Technology > Artificial Intelligence > Machine Learning > Neural Networks > Deep Learning (0.49)

Duplicate Docs Excel Report

Title
None found

Similar Docs Excel Report more

Title	Similarity	Source
None found