Paper [1]:

White-box neural network attack, adversaries have full access to the model. Using Gradient Descent going back to update the input so that reconstructing the original training data.

About black-box attack, they mentioned using numeric gradient approximation.

Question: If the model does not overfit the dataset, cannot recover the training data.

Paper [2]:

Proposed black-box attack via online ML-as-a-S platform, targeting to extract parameters from simple structures by solving equations. Condifence values is the key to solve these equations.

Question: However, this method seems like brute force, and it would be tough when the type and structure of model are unknown or really complex. Ex. they query 10,000 times to steal a neural network, which will be identified as hacking activity in real environment. (or too expensive to query online service)

[1] M. Fredrikson, S. Jha and T. Ristenpart, "Model inversion attacks that exploit confidence information and basic countermeasures," in 2015, . DOI: 10.1145/2810103.2813677.

[2] Florian Tramer, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Stealing machine learning models via prediction apis. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016., pages 601-618, 2016. Presentation: https://www.youtube.com/watch?time_continue=26&v=qGjzmEzPkiI

Model Inversion Attack Paper Indexpage的更多相关文章

  1. Summary on Visual Tracking: Paper List, Benchmarks and Top Groups

    Summary on Visual Tracking: Paper List, Benchmarks and Top Groups 2018-07-26 10:32:15 This blog is c ...

  2. 【Paper】智能家居

    From: http://liudongdong1.github.io keyword: Human-centered computing , LoRa Paper: WIDESEE WIDESEE: ...

  3. Attention and Augmented Recurrent Neural Networks

    Attention and Augmented Recurrent Neural Networks CHRIS OLAHGoogle Brain SHAN CARTERGoogle Brain Sep ...

  4. linux 并发 RCU

    What is RCU, Fundamentally? https://lwn.net/Articles/262464/ If you can fill the unforgiving secondw ...

  5. [笔记]Practical Lessons from Predicting Clicks on Ads at Facebook

    ABSTRACT 这篇paper中作者结合GBDT和LR,取得了很好的效果,比单个模型的效果高出3%.随后作者研究了对整体预测系统产生影响的几个因素,发现Feature+Model的贡献程度最大,而其 ...

  6. 用Caffe生成对抗样本

    同步自我的知乎专栏:https://zhuanlan.zhihu.com/p/26122612 上篇文章 瞎谈CNN:通过优化求解输入图像 - 知乎专栏 中提到过对抗样本,这篇算是针对对抗样本的一个小 ...

  7. Unity文档阅读 第二章 依赖注入

    Introduction 介绍Chapter 1 outlines how you can address some of the most common requirements in enterp ...

  8. Unity Rain Ai 插件基本使用(二)

    前言 在前面的教程中我们已经基本实现了路径导航和障碍物规避. 但是这样我们并没有让我们的角色学会思考,他只是机械的去完成一些步骤,这并不能体现Rain插件的智能. 一个角色他应该有多个不同的状态,待机 ...

  9. 机器学习算法GBDT

    http://www-personal.umich.edu/~jizhu/jizhu/wuke/Friedman-AoS01.pdf https://www.cnblogs.com/bentuwuyi ...

随机推荐

  1. glup安装

    资料参考:http://www.w3ctrain.com/2015/12/22/gulp-for-beginners/ 1.在安装 node 的环境后: npm install gulp -g 全局安 ...

  2. ERROR: Unable to clean up existing run directory

    Project Navigator - Launching PlanAhead gives: ERROR: Unable to clean up existing run directory   De ...

  3. Divergent series

    网址:https://en.wikipedia.org/wiki/Divergent_series

  4. C#基础知识之GC 垃圾回收

    一.托管 .Net所指的托管资源到底是什么意思呢?是相对于所有资源,还是只限于某一方面的资源?很多人对此不是很了解. 其实.Net所指的托管只是针对内存这一个方面,并不是对于所有的元素:因此对于Str ...

  5. man---中英文翻译

    一. 总览---SYNOPSIS 二.

  6. rocketmq运维管理

    # 运维管理--- ### 1 集群搭建 #### 1.1 单Master模式 这种方式风险较大,一旦Broker重启或者宕机时,会导致整个服务不可用.不建议线上环境使用,可以用于本地测试. #### ...

  7. 关于Ubuntu 14.04 安装Oracle 11gR2安装步骤(从开始到放弃--最终使用docker获取)

    最近在复习Oracle的相关内容,好准备在下一份工作中能够熟练一些,所以准备在自己虚拟机中安装Oracle的11gR2版本,主要参考内容为: https://blog.csdn.net/qq_4025 ...

  8. ubuntu 14.04 安装openjdk 8

    最近准备在ubuntu14.04上安装Oracle,但是需要提前安装jdk,发现问题挺多的,后面看到了如下的操作步骤,成功安装,特意记录下来. 致谢:https://www.yangshenglian ...

  9. react native 之 redux 使用套路

    redux是什么?他是一个state容器 redux的运作方式是怎样的? 接入方式: 1. npm install 下列内容: npm install --save redux npm install ...

  10. ASP.NET实现大文件上传和下载

    总结一下大文件分片上传和断点续传的问题.因为文件过大(比如1G以上),必须要考虑上传过程网络中断的情况.http的网络请求中本身就已经具备了分片上传功能,当传输的文件比较大时,http协议自动会将文件 ...