Model-Reuse Attacks on Deep Learning Systems on ShortScience.org

doi.org
sci-hub
scholar.google.com

Model-Reuse Attacks on Deep Learning Systems
Yujie Ji and Xinyang Zhang and Shouling Ji and Xiapu Luo and Ting Wang
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18 - 2018 via Local CrossRef
Keywords:

Summaries/Notes 1

[link] Summary by David Stutz 5 years ago

Ji et al. propose a model-reuse, or trojaning, attack against neural networks by deliberately manipulating specific weights. In particular, given a specific input, the attacker intends to manipulate the model into mis-classifying this input. This is achieved by first generating semantic neighbors of the input, e.g. through transformations or noise, and then identifying salient features for these inputs. These features are correlated to the classifiers output, i.e. some of them have positive impact on classification, some of them have negative impact. The model is fine-tuned by actively adapting the identifying features until the target input is mis-classified.

Also find this summary at [davidstutz.de](https://davidstutz.de/category/reading/).

Your comment:

Write your summary here (You can use $\LaTeX$ and markdown syntax):

Anon Private