Model Inversion Attack Paper Indexpage
Paper [1]:
White-box neural network attack, adversaries have full access to the model. Using Gradient Descent going back to update the input so that reconstructing the original training data.

About black-box attack, they mentioned using numeric gradient approximation.
Question: If the model does not overfit the dataset, cannot recover the training data.
Paper [2]:
Proposed black-box attack via online ML-as-a-S platform, targeting to extract parameters from simple structures by solving equations. Condifence values is the key to solve these equations.

Question: However, this method seems like brute force, and it would be tough when the type and structure of model are unknown or really complex. Ex. they query 10,000 times to steal a neural network, which will be identified as hacking activity in real environment. (or too expensive to query online service)
[1] M. Fredrikson, S. Jha and T. Ristenpart, "Model inversion attacks that exploit confidence information and basic countermeasures," in 2015, . DOI: 10.1145/2810103.2813677.
[2] Florian Tramer, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. Stealing machine learning models via prediction apis. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016., pages 601-618, 2016. Presentation: https://www.youtube.com/watch?time_continue=26&v=qGjzmEzPkiI
Model Inversion Attack Paper Indexpage的更多相关文章
- Summary on Visual Tracking: Paper List, Benchmarks and Top Groups
Summary on Visual Tracking: Paper List, Benchmarks and Top Groups 2018-07-26 10:32:15 This blog is c ...
- 【Paper】智能家居
From: http://liudongdong1.github.io keyword: Human-centered computing , LoRa Paper: WIDESEE WIDESEE: ...
- Attention and Augmented Recurrent Neural Networks
Attention and Augmented Recurrent Neural Networks CHRIS OLAHGoogle Brain SHAN CARTERGoogle Brain Sep ...
- linux 并发 RCU
What is RCU, Fundamentally? https://lwn.net/Articles/262464/ If you can fill the unforgiving secondw ...
- [笔记]Practical Lessons from Predicting Clicks on Ads at Facebook
ABSTRACT 这篇paper中作者结合GBDT和LR,取得了很好的效果,比单个模型的效果高出3%.随后作者研究了对整体预测系统产生影响的几个因素,发现Feature+Model的贡献程度最大,而其 ...
- 用Caffe生成对抗样本
同步自我的知乎专栏:https://zhuanlan.zhihu.com/p/26122612 上篇文章 瞎谈CNN:通过优化求解输入图像 - 知乎专栏 中提到过对抗样本,这篇算是针对对抗样本的一个小 ...
- Unity文档阅读 第二章 依赖注入
Introduction 介绍Chapter 1 outlines how you can address some of the most common requirements in enterp ...
- Unity Rain Ai 插件基本使用(二)
前言 在前面的教程中我们已经基本实现了路径导航和障碍物规避. 但是这样我们并没有让我们的角色学会思考,他只是机械的去完成一些步骤,这并不能体现Rain插件的智能. 一个角色他应该有多个不同的状态,待机 ...
- 机器学习算法GBDT
http://www-personal.umich.edu/~jizhu/jizhu/wuke/Friedman-AoS01.pdf https://www.cnblogs.com/bentuwuyi ...
随机推荐
- git设置Eclipse中忽略的文件
GitHub 官网样例文件https://github.com/github/gitignorehttps://github.com/github/gitignore/blob/master/Java ...
- Python实现IP地址归属地查询
一.使用淘宝IP地址库查询 使用淘宝的Rest API,可以快速查询IP地址的归属地: 图00-淘宝IP地址库RestAPI使用说明 图01-使用淘宝免费IP地址库-查询IP归属地 存在问题:淘宝的免 ...
- dos2unix 将DOS格式转换成NUIX格式
1.命令功能 dos2unix将windows文件格式转换成unix文件格式. 2.语法格式 dos2unix file 3.使用范例 [root@localhost ~]# dos2unix wi ...
- java代码实现H5页面
public void getH5(HttpServletResponse response){ StringBuffer res=new StringBuffer(); res.append(&qu ...
- css多种方式实现双飞翼布局
圣杯布局.双飞翼布局效果图 从效果图来看圣杯布局.双飞翼布局效果是一样一样的.圣杯布局.双飞翼布局就是左右两侧宽度固定,中间内容宽度自适应,即100% 圣杯布局 <style> *{ ma ...
- 前端之JavaScript:JS之DOM对象三
js之DOM对象三 一.JS中for循环遍历测试 for循环遍历有两种 第一种:是有条件的那种,例如 for(var i = 0;i<ele.length;i++){} 第二种:for ...
- 关于sword框架浏览器上方小图标的修改
sword框架默认有一个document.ejs文件,可以导出html模板(找了很久没找到index.html,哈哈哈),里面有一行代码 这个href就是代表着浏览器上方图标的路径. 在public文 ...
- hbase完全分布式搭建
1.解压缩hbase的软件包,使用命令: tar -zxvf hbase-1.3.0-bin.tar.gz 2.进入hbase的配置目录,在hbase-env.sh文件里面加入java环境变量.即: ...
- 【leetcode】1111. Maximum Nesting Depth of Two Valid Parentheses Strings
题目如下: A string is a valid parentheses string (denoted VPS) if and only if it consists of "(&quo ...
- RedisTemplate访问Redis数据结构(五)——ZSet
Redis 有序集合和无序集合一样也是string类型元素的集合,且不允许重复的成员.不同的是每个元素都会关联一个double类型的分数.有序集合的成员是唯一的,但分数(score)却可以重复.red ...