Prediction Poisoning: Towards Defenses Against DNN Model Stealing Attacks

June 26, 2019 ยท Entered Twilight ยท ๐Ÿ› International Conference on Learning Representations

๐ŸŒ… TWILIGHT: Old Age
Predates the code-sharing era โ€” a pioneer of its time

"No code URL or promise found in abstract"
"Code repo scraped from project page (backfill)"

Evidence collected by the PWNC Scanner

Repo contents: .gitignore, .gitmodules, LICENSE, README.md, defenses, environment.yml, knockoffnets, requirements.txt

Authors Tribhuvanesh Orekondy, Bernt Schiele, Mario Fritz arXiv ID 1906.10908 Category cs.LG: Machine Learning Cross-listed cs.CR, cs.CV, stat.ML Citations 191 Venue International Conference on Learning Representations Repository https://github.com/tribhuvanesh/prediction-poisoning โญ 33 Last Checked 1 month ago
Abstract
High-performance Deep Neural Networks (DNNs) are increasingly deployed in many real-world applications e.g., cloud prediction APIs. Recent advances in model functionality stealing attacks via black-box access (i.e., inputs in, predictions out) threaten the business model of such applications, which require a lot of time, money, and effort to develop. Existing defenses take a passive role against stealing attacks, such as by truncating predicted information. We find such passive defenses ineffective against DNN stealing attacks. In this paper, we propose the first defense which actively perturbs predictions targeted at poisoning the training objective of the attacker. We find our defense effective across a wide range of challenging datasets and DNN model stealing attacks, and additionally outperforms existing defenses. Our defense is the first that can withstand highly accurate model stealing attacks for tens of thousands of queries, amplifying the attacker's error rate up to a factor of 85$\times$ with minimal impact on the utility for benign users.
Community shame:
Not yet rated
Community Contributions

Found the code? Know the venue? Think something is wrong? Let us know!

๐Ÿ“œ Similar Papers

In the same crypt โ€” Machine Learning