When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper addresses detection of a reverse engineering (RE) attack targeting a deep neural network (DNN) image classifier; by querying, RE's aim is to discover the classifier's decision rule. RE can enable test-time evasion attacks, which require knowledge of the classifier. Recently, we proposed a quite effective approach (ADA) to detect test-time evasion attacks. In this paper, we extend ADA to detect RE attacks (ADA-RE). We demonstrate our method is successful in detecting »stealthy» RE attacks before they learn enough to launch effective test-time evasion attacks.

Original languageEnglish (US)
Title of host publication2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages8063-8066
Number of pages4
ISBN (Electronic)9781479981311
DOIs
StatePublished - May 1 2019
Event44th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Brighton, United Kingdom
Duration: May 12 2019May 17 2019

Publication series

NameICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings
Volume2019-May
ISSN (Print)1520-6149

Conference

Conference44th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019
CountryUnited Kingdom
CityBrighton
Period5/12/195/17/19

Fingerprint

Reverse engineering
Classifiers
Deep neural networks

All Science Journal Classification (ASJC) codes

  • Software
  • Signal Processing
  • Electrical and Electronic Engineering

Cite this

Wang, Y., Miller, D. J., & Kesidis, G. (2019). When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers. In 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings (pp. 8063-8066). [8682578] (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings; Vol. 2019-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICASSP.2019.8682578
Wang, Yujia ; Miller, David Jonathan ; Kesidis, George. / When Not to Classify : Detection of Reverse Engineering Attacks on DNN Image Classifiers. 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 8063-8066 (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings).
@inproceedings{134870f62e5b474dbe4c482d5c3dac3a,
title = "When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers",
abstract = "This paper addresses detection of a reverse engineering (RE) attack targeting a deep neural network (DNN) image classifier; by querying, RE's aim is to discover the classifier's decision rule. RE can enable test-time evasion attacks, which require knowledge of the classifier. Recently, we proposed a quite effective approach (ADA) to detect test-time evasion attacks. In this paper, we extend ADA to detect RE attacks (ADA-RE). We demonstrate our method is successful in detecting »stealthy» RE attacks before they learn enough to launch effective test-time evasion attacks.",
author = "Yujia Wang and Miller, {David Jonathan} and George Kesidis",
year = "2019",
month = "5",
day = "1",
doi = "10.1109/ICASSP.2019.8682578",
language = "English (US)",
series = "ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "8063--8066",
booktitle = "2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings",
address = "United States",

}

Wang, Y, Miller, DJ & Kesidis, G 2019, When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers. in 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings., 8682578, ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings, vol. 2019-May, Institute of Electrical and Electronics Engineers Inc., pp. 8063-8066, 44th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019, Brighton, United Kingdom, 5/12/19. https://doi.org/10.1109/ICASSP.2019.8682578

When Not to Classify : Detection of Reverse Engineering Attacks on DNN Image Classifiers. / Wang, Yujia; Miller, David Jonathan; Kesidis, George.

2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. p. 8063-8066 8682578 (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings; Vol. 2019-May).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - When Not to Classify

T2 - Detection of Reverse Engineering Attacks on DNN Image Classifiers

AU - Wang, Yujia

AU - Miller, David Jonathan

AU - Kesidis, George

PY - 2019/5/1

Y1 - 2019/5/1

N2 - This paper addresses detection of a reverse engineering (RE) attack targeting a deep neural network (DNN) image classifier; by querying, RE's aim is to discover the classifier's decision rule. RE can enable test-time evasion attacks, which require knowledge of the classifier. Recently, we proposed a quite effective approach (ADA) to detect test-time evasion attacks. In this paper, we extend ADA to detect RE attacks (ADA-RE). We demonstrate our method is successful in detecting »stealthy» RE attacks before they learn enough to launch effective test-time evasion attacks.

AB - This paper addresses detection of a reverse engineering (RE) attack targeting a deep neural network (DNN) image classifier; by querying, RE's aim is to discover the classifier's decision rule. RE can enable test-time evasion attacks, which require knowledge of the classifier. Recently, we proposed a quite effective approach (ADA) to detect test-time evasion attacks. In this paper, we extend ADA to detect RE attacks (ADA-RE). We demonstrate our method is successful in detecting »stealthy» RE attacks before they learn enough to launch effective test-time evasion attacks.

UR - http://www.scopus.com/inward/record.url?scp=85068969241&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85068969241&partnerID=8YFLogxK

U2 - 10.1109/ICASSP.2019.8682578

DO - 10.1109/ICASSP.2019.8682578

M3 - Conference contribution

AN - SCOPUS:85068969241

T3 - ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings

SP - 8063

EP - 8066

BT - 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Wang Y, Miller DJ, Kesidis G. When Not to Classify: Detection of Reverse Engineering Attacks on DNN Image Classifiers. In 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2019. p. 8063-8066. 8682578. (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings). https://doi.org/10.1109/ICASSP.2019.8682578