Paper [1]:

White-box neural network attack, adversaries have full access to the model. Using Gradient Descent going back to update the input so that reconstructing the original training data.

About black-box attack, they mentioned using numeric gradient approximation.

Question: If the model does not overfit the dataset, cannot recover the training data.

Paper [2]:

Proposed black-box attack via online ML-as-a-S platform, targeting to extract parameters from simple structures by solving equations. Condifence values is the key to solve these equations.

Question: However, this method seems like brute force, and it would be tough when the type and structure of model are unknown or really complex. Ex. they query 10,000 times to steal a neural network, which will be identified as hacking activity in real environment. (or too expensive to query online service)

[1] M. Fredrikson, S. Jha and T. Ristenpart, "Model inversion attacks that exploit confidence information and basic countermeasures," in 2015, . DOI: 10.1145/2810103.2813677.

[2] Florian Tramer, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Stealing machine learning models via prediction apis. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016., pages 601-618, 2016. Presentation: https://www.youtube.com/watch?time_continue=26&v=qGjzmEzPkiI

Model Inversion Attack Paper Indexpage的更多相关文章

  1. Summary on Visual Tracking: Paper List, Benchmarks and Top Groups

    Summary on Visual Tracking: Paper List, Benchmarks and Top Groups 2018-07-26 10:32:15 This blog is c ...

  2. 【Paper】智能家居

    From: http://liudongdong1.github.io keyword: Human-centered computing , LoRa Paper: WIDESEE WIDESEE: ...

  3. Attention and Augmented Recurrent Neural Networks

    Attention and Augmented Recurrent Neural Networks CHRIS OLAHGoogle Brain SHAN CARTERGoogle Brain Sep ...

  4. linux 并发 RCU

    What is RCU, Fundamentally? https://lwn.net/Articles/262464/ If you can fill the unforgiving secondw ...

  5. [笔记]Practical Lessons from Predicting Clicks on Ads at Facebook

    ABSTRACT 这篇paper中作者结合GBDT和LR,取得了很好的效果,比单个模型的效果高出3%.随后作者研究了对整体预测系统产生影响的几个因素,发现Feature+Model的贡献程度最大,而其 ...

  6. 用Caffe生成对抗样本

    同步自我的知乎专栏:https://zhuanlan.zhihu.com/p/26122612 上篇文章 瞎谈CNN:通过优化求解输入图像 - 知乎专栏 中提到过对抗样本,这篇算是针对对抗样本的一个小 ...

  7. Unity文档阅读 第二章 依赖注入

    Introduction 介绍Chapter 1 outlines how you can address some of the most common requirements in enterp ...

  8. Unity Rain Ai 插件基本使用(二)

    前言 在前面的教程中我们已经基本实现了路径导航和障碍物规避. 但是这样我们并没有让我们的角色学会思考,他只是机械的去完成一些步骤,这并不能体现Rain插件的智能. 一个角色他应该有多个不同的状态,待机 ...

  9. 机器学习算法GBDT

    http://www-personal.umich.edu/~jizhu/jizhu/wuke/Friedman-AoS01.pdf https://www.cnblogs.com/bentuwuyi ...

随机推荐

  1. MOVE - 重定位一个游标

    SYNOPSIS MOVE [ direction { FROM | IN } ] cursorname DESCRIPTION 描述 MOVE 在不检索数据的情况下重新定位一个游标. MOVE AL ...

  2. 初学Git——命令总结

    首先,感谢廖雪峰老师制作的Git教程:https://www.liaoxuefeng.com/wiki/0013739516305929606dd18361248578c67b8067c8c017b0 ...

  3. 使用Python发送企业微信消息

    准备工作: 到企业微信官网,注册一个企业:登录企业微信后台,创建一个“自建”应用, 获取企业ID.agentid.secret这3个必要的参数:在企业微信的通讯录中,创建多个测试账号:在手机端安装“企 ...

  4. 内置的logging模块

    #logging模块 import logging #通过basicConfig方法设置日志格式,但这种只能在屏显和文件显示中选择其中一个 logging.basicConfig( #设置日志的各种信 ...

  5. Listview使用

    ListView控件比前面几种控件要复杂一些,通过此控件,可将项目组成带有或不带有列标头的列,并显示伴随的图标和文本.ListView控件是由ColumnHeader和ListItem对象所组成的,其 ...

  6. 使用idea对XML的增删改查

    XML:是一种可扩展标记性的语言,与java语言无关,它可以自定义标签. 1.首先需要到导入Dom4j架包,与自己所时候的ide关联 2.编写自己的xml文件,入上图所示(里面的所有元素及元素中的属性 ...

  7. C/C++输出格式控制符

    C/C++格式控制符 一.类型 类型字符用以表示输出数据的类型,其格式符和意义如下表所示: 格式字符 意义 d 以十进制形式输出带符号整数(正数不输出符号) o 以八进制形式输出无符号整数(不输出前缀 ...

  8. 阿里重磅开源全球首个批流一体机器学习平台Alink,Blink功能已全部贡献至Flink

    11月28日,Flink Forward Asia 2019 在北京国家会议中心召开,阿里在会上发布Flink 1.10版本功能前瞻,同时宣布基于Flink的机器学习算法平台Alink正式开源,这也是 ...

  9. permutation 1

    permutation 1 #include<bits/stdc++.h> using namespace std; ]; void init() { ; i<=; i++)A[i] ...

  10. 通过java反射机制,修改年龄字段的值

    需求:将生日转为年龄 /** * 获取年龄值 */ public List getAgeInfo(List list) throws Exception { if (null == list || l ...