We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR
< prev | next >
new | recent | 1712

Change to browse by:

cs
cs.LG
stat
stat.ML

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Cryptography and Security

Title: Query-limited Black-box Attacks to Classifiers

Authors: Fnu Suya, Yuan Tian, David Evans, Paolo Papotti
(Submitted on 23 Dec 2017)
Abstract: We study black-box attacks on machine learning classifiers where each query to the model incurs some cost or risk of detection to the adversary. We focus explicitly on minimizing the number of queries as a major objective. Specifically, we consider the problem of attacking machine learning classifiers subject to a budget of feature modification cost while minimizing the number of queries, where each query returns only a class and confidence score. We describe an approach that uses Bayesian optimization to minimize the number of queries, and find that the number of queries can be reduced to approximately one tenth of the number needed through a random strategy for scenarios where the feature modification cost budget is low.
Comments: 5 Pages, 2017 NIPS workshop on machine learning and computer security (12/08/2017-12/09/2017)
Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG); Machine Learning (stat.ML)
Cite as: arXiv:1712.08713 [cs.CR]
  (or arXiv:1712.08713v1 [cs.CR] for this version)

Submission history

From: Fnu Suya [view email]
[v1] Sat, 23 Dec 2017 04:40:47 GMT (278kb,D)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.