Ecole d'ingénieur et centre de recherche en Sciences du numérique

Query-limited black-box attacks to classifiers

Suya, Fnu; Tian, Yuan; Evans, David; Papotti, Paolo

MLSEC 2017, Machine Learning and Computer Security Workshop co-located with NIPS 2017, December 8-9, 2017, Long Beach, CA, USA

In this paper, we study black-box attacks on machine learning classifiers where the adversary has a limited opportunity to interact with the model via queries. Queries to the machine learning model are expensive for the adversary, because each query poses some risk of detection, and attackers pay a service per query. Previous works in black-box attack did report the query number used in their attack procedure, however, none of these works explicitly set minimizing query number as a major objective. Specifically, we consider the problem of attacking machine learning classifiers subject to budget of feature modification cost with minimum number of queries where each query returns only a class and confidence score. We found that the number of queries can be reduced to around 30% of the random modification on average, and even less (< 10%) when feature modification cost budget is small.

Document Arxiv Bibtex

Titre:Query-limited black-box attacks to classifiers
Type:Conférence
Langue:English
Ville:Long Beach
Pays:ÉTATS-UNIS
Date:
Département:Data Science
Eurecom ref:5388
Bibtex: @inproceedings{EURECOM+5388, year = {2017}, title = {{Q}uery-limited black-box attacks to classifiers}, author = {{S}uya, {F}nu and {T}ian, {Y}uan and {E}vans, {D}avid and {P}apotti, {P}aolo}, booktitle = {{MLSEC} 2017, {M}achine {L}earning and {C}omputer {S}ecurity {W}orkshop co-located with {NIPS} 2017, {D}ecember 8-9, 2017, {L}ong {B}each, {CA}, {USA} }, address = {{L}ong {B}each, {\'{E}}{TATS}-{UNIS}}, month = {12}, url = {http://www.eurecom.fr/publication/5388} }
Voir aussi: