Graduate School and Research Center in Digital Sciences

Query-limited black-box attacks to classifiers

Suya, Fnu; Tian, Yuan; Evans, David; Papotti, Paolo

MLSEC 2017, Machine Learning and Computer Security Workshop co-located with NIPS 2017, December 8-9, 2017, Long Beach, CA, USA

In this paper, we study black-box attacks on machine learning classifiers where the adversary has a limited opportunity to interact with the model via queries. Queries to the machine learning model are expensive for the adversary, because each query poses some risk of detection, and attackers pay a service per query. Previous works in black-box attack did report the query number used in their attack procedure, however, none of these works explicitly set minimizing query number as a major objective. Specifically, we consider the problem of attacking machine learning classifiers subject to budget of feature modification cost with minimum number of queries where each query returns only a class and confidence score. We found that the number of queries can be reduced to around 30% of the random modification on average, and even less (< 10%) when feature modification cost budget is small.

Document Arxiv Bibtex

Title:Query-limited black-box attacks to classifiers
Type:Conference
Language:English
City:Long Beach
Country:UNITED STATES
Date:
Department:Data Science
Eurecom ref:5388
Bibtex: @inproceedings{EURECOM+5388, year = {2017}, title = {{Q}uery-limited black-box attacks to classifiers}, author = {{S}uya, {F}nu and {T}ian, {Y}uan and {E}vans, {D}avid and {P}apotti, {P}aolo}, booktitle = {{MLSEC} 2017, {M}achine {L}earning and {C}omputer {S}ecurity {W}orkshop co-located with {NIPS} 2017, {D}ecember 8-9, 2017, {L}ong {B}each, {CA}, {USA} }, address = {{L}ong {B}each, {UNITED} {STATES}}, month = {12}, url = {http://www.eurecom.fr/publication/5388} }
See also: