Server-based manipulation attacks against machine learning models

Cong Liao, Sencun Zhu, Haoti Zhong, Anna Squicciarini

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Machine learning approaches have been increasingly applied to various applications for data analytics (e.g. spam filtering, image classification). Further, with the growing adoption of cloud computing, various cloud services have provided an efficient way for users to train, store or deploy machine learning algorithms in an easy-to-use manner. However, the models deployed in the cloud may be exposed to potential malicious attacks launched at the server side. Attackers with access to the server can stealthily manipulate a machine learning model so as to enable misclassification or introduce bias. In this work, we study the problem of manipulation attacks as they occur at the server side. We consider not only traditional supervised learning models but also state-of-the-art deep learning models. In particular, a simple but effective gradient descent based approach is presented to exploit Logistic Regression (LR) and Convolutional Neural Networks (CNN)[16] models. We evaluate manipulation attacks against machine learning or deep learning systems using both Enron email text and MINIST image dataset[17]. Experimental results have demonstrated such attacks can manipulate the model that allows malicious samples to evade detection easily without compromising the overall performance of the systems.

Original languageEnglish (US)
Title of host publicationCODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages2-34
Number of pages33
ISBN (Electronic)9781450356329
DOIs
StatePublished - Mar 13 2018
Event8th ACM Conference on Data and Application Security and Privacy, CODASPY 2018 - Tempe, United States
Duration: Mar 19 2018Mar 21 2018

Publication series

NameCODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy
Volume2018-January

Other

Other8th ACM Conference on Data and Application Security and Privacy, CODASPY 2018
CountryUnited States
CityTempe
Period3/19/183/21/18

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Information Systems
  • Software

Fingerprint Dive into the research topics of 'Server-based manipulation attacks against machine learning models'. Together they form a unique fingerprint.

Cite this