Paper [1]:

White-box neural network attack, adversaries have full access to the model. Using Gradient Descent going back to update the input so that reconstructing the original training data.

About black-box attack, they mentioned using numeric gradient approximation.

Question: If the model does not overfit the dataset, cannot recover the training data.

Paper [2]:

Proposed black-box attack via online ML-as-a-S platform, targeting to extract parameters from simple structures by solving equations. Condifence values is the key to solve these equations.

Question: However, this method seems like brute force, and it would be tough when the type and structure of model are unknown or really complex. Ex. they query 10,000 times to steal a neural network, which will be identified as hacking activity in real environment. (or too expensive to query online service)

[1] M. Fredrikson, S. Jha and T. Ristenpart, "Model inversion attacks that exploit confidence information and basic countermeasures," in 2015, . DOI: 10.1145/2810103.2813677.

[2] Florian Tramer, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Stealing machine learning models via prediction apis. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016., pages 601-618, 2016. Presentation: https://www.youtube.com/watch?time_continue=26&v=qGjzmEzPkiI

Model Inversion Attack Paper Indexpage的更多相关文章

  1. Summary on Visual Tracking: Paper List, Benchmarks and Top Groups

    Summary on Visual Tracking: Paper List, Benchmarks and Top Groups 2018-07-26 10:32:15 This blog is c ...

  2. 【Paper】智能家居

    From: http://liudongdong1.github.io keyword: Human-centered computing , LoRa Paper: WIDESEE WIDESEE: ...

  3. Attention and Augmented Recurrent Neural Networks

    Attention and Augmented Recurrent Neural Networks CHRIS OLAHGoogle Brain SHAN CARTERGoogle Brain Sep ...

  4. linux 并发 RCU

    What is RCU, Fundamentally? https://lwn.net/Articles/262464/ If you can fill the unforgiving secondw ...

  5. [笔记]Practical Lessons from Predicting Clicks on Ads at Facebook

    ABSTRACT 这篇paper中作者结合GBDT和LR,取得了很好的效果,比单个模型的效果高出3%.随后作者研究了对整体预测系统产生影响的几个因素,发现Feature+Model的贡献程度最大,而其 ...

  6. 用Caffe生成对抗样本

    同步自我的知乎专栏:https://zhuanlan.zhihu.com/p/26122612 上篇文章 瞎谈CNN:通过优化求解输入图像 - 知乎专栏 中提到过对抗样本,这篇算是针对对抗样本的一个小 ...

  7. Unity文档阅读 第二章 依赖注入

    Introduction 介绍Chapter 1 outlines how you can address some of the most common requirements in enterp ...

  8. Unity Rain Ai 插件基本使用(二)

    前言 在前面的教程中我们已经基本实现了路径导航和障碍物规避. 但是这样我们并没有让我们的角色学会思考,他只是机械的去完成一些步骤,这并不能体现Rain插件的智能. 一个角色他应该有多个不同的状态,待机 ...

  9. 机器学习算法GBDT

    http://www-personal.umich.edu/~jizhu/jizhu/wuke/Friedman-AoS01.pdf https://www.cnblogs.com/bentuwuyi ...

随机推荐

  1. Jenkins用户授予root权限

    Jenkins用户授予root权限   由于需要在jenkins中执行shell脚本,但是有些目录下没有权限,下面的操作为jenkins用户授予root权限.   jenkins用户加入到root组 ...

  2. socket参数的详解

    socket参数的详解 socket.socket(family=AF_INET,type=SOCK_STREAM,proto=0,fileno=None) 创建socket对象的参数说明: fami ...

  3. SQL SERVER 索引维护

    -- 全数据库索引重建 DECLARE @name varchar(100)DECLARE authors_cursor CURSOR FOR Select [name] from sysobject ...

  4. git_sd

    (一)将代码从服务器移到gitlab nano .gitignore ll -ah 1.关联一个远程库 : git remote add origin http://hcgit.hengchang6. ...

  5. CF261E Maxim and Calculator (质数,完全背包)

    CF261E Maxim and Calculator 题目大意: 有两个初始参数 $ a=1 $ , $ b=0 $ ,你可以对它们进行两个操作: $ b~+=1 $ 或 $ a~\times =b ...

  6. FCC 成都社区·前端周刊 第 9 期

    1. Node.js 10 将带来什么? Node.js 10 的第一个版本将于本周二(4 月 24 日)发布,并将在 10 月份推出 LTS 版本,将带来哪些更新? N-API,持续 HTTP/2 ...

  7. Pool数据池

    sql相关请点我!!! 1.普通的sql语句查询完成之后,就要断开,下次查的时候又要重新开启,这样的话,效率会很低,所以利用pool 数据池来解决这种问题,pool数据池查询完之后,就不用去重新链接数 ...

  8. App 区别

    本文的结构主要分为以下部分: 1.app的分类 2.每类app的定义,明确各类app具体是什么 3.各类app的优缺点 4.具体开发过程中,到底该采用哪种类型的app 1.app的分类 大致可以分为这 ...

  9. Python---进阶---函数式编程---按照权重排序

    一. 权重是100 价格占的权重是40%,销量占的权重是17%,评级站的权重是13%,评论占的权重是30% ---------------------------------------------- ...

  10. python-jsonpath、findall返回值提取

    findall import re """ "d"表示取数字0-9, "D"表示不要数字, "w"在正则里面代 ...