Toward Black-box Image Extraction Attacks on RBF SVM Classification Model

2020 IEEE/ACM Symposium on Edge Computing (SEC) Pub Date : 2020-11-01 DOI:10.1109/SEC50012.2020.00058

Michael R. Clark, Peter Swartz, Andrew Alten, Raed M. Salih

{"title":"Toward Black-box Image Extraction Attacks on RBF SVM Classification Model","authors":"Michael R. Clark, Peter Swartz, Andrew Alten, Raed M. Salih","doi":"10.1109/SEC50012.2020.00058","DOIUrl":null,"url":null,"abstract":"Image extraction attacks on machine learning models seek to recover semantically meaningful training imagery from a trained classifier model. Such attacks are concerning because training data include sensitive information. Research has shown that extracting training images is generally much harder than model inversion, which attempts to duplicate the functionality of the model. In this paper, we use the RBF SVM classifier to show that we can extract individual training images from models trained on thousands of images, which refutes the notion that these attacks can only extract an “average” of each class. Also, we correct common misperceptions about black-box image extraction attacks and developing a deep understanding of why some trained models are vulnerable to our attack while others are not. Our work is the first to show semantically meaningful images extracted from the RBF SVM classifier.Ccs Concepts•Computing methodologies~Machine learning~Machine learning approaches~Logical and relational learning•Security and privacy ~Systems security~Vulnerability management","PeriodicalId":375577,"journal":{"name":"2020 IEEE/ACM Symposium on Edge Computing (SEC)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE/ACM Symposium on Edge Computing (SEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SEC50012.2020.00058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Image extraction attacks on machine learning models seek to recover semantically meaningful training imagery from a trained classifier model. Such attacks are concerning because training data include sensitive information. Research has shown that extracting training images is generally much harder than model inversion, which attempts to duplicate the functionality of the model. In this paper, we use the RBF SVM classifier to show that we can extract individual training images from models trained on thousands of images, which refutes the notion that these attacks can only extract an “average” of each class. Also, we correct common misperceptions about black-box image extraction attacks and developing a deep understanding of why some trained models are vulnerable to our attack while others are not. Our work is the first to show semantically meaningful images extracted from the RBF SVM classifier.Ccs Concepts•Computing methodologies~Machine learning~Machine learning approaches~Logical and relational learning•Security and privacy ~Systems security~Vulnerability management

查看原文本刊更多论文

基于RBF SVM分类模型的黑盒图像提取攻击研究

对机器学习模型的图像提取攻击寻求从训练好的分类器模型中恢复语义上有意义的训练图像。这种攻击令人担忧，因为训练数据包含敏感信息。研究表明，提取训练图像通常比模型反演困难得多，模型反演试图复制模型的功能。在本文中，我们使用RBF SVM分类器来证明我们可以从数千张图像上训练的模型中提取单个训练图像，这驳斥了这些攻击只能提取每个类的“平均值”的概念。此外，我们纠正了关于黑盒图像提取攻击的常见误解，并深入了解为什么一些训练过的模型容易受到我们的攻击，而另一些则不会。我们的工作是第一个展示从RBF SVM分类器中提取的语义有意义的图像。Ccs概念•计算方法~机器学习~机器学习方法~逻辑和关系学习•安全和隐私~系统安全~漏洞管理

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE/ACM Symposium on Edge Computing (SEC)

自引率

0.00%

发文量