Generative Adversarial Networks for Black-Box API Attacks with Limited
Training Data
release_xubnsti6obaitjzd7lzz2b2yvm
by
Yi Shi, Yalin E. Sagduyu, Kemal Davaslioglu, Jason H. Li
2019
Abstract
As online systems based on machine learning are offered to public or paid
subscribers via application programming interfaces (APIs), they become
vulnerable to frequent exploits and attacks. This paper studies adversarial
machine learning in the practical case when there are rate limitations on API
calls. The adversary launches an exploratory (inference) attack by querying the
API of an online machine learning system (in particular, a classifier) with
input data samples, collecting returned labels to build up the training data,
and training an adversarial classifier that is functionally equivalent and
statistically close to the target classifier. The exploratory attack with
limited training data is shown to fail to reliably infer the target classifier
of a real text classifier API that is available online to the public. In
return, a generative adversarial network (GAN) based on deep learning is built
to generate synthetic training data from a limited number of real training data
samples, thereby extending the training data and improving the performance of
the inferred classifier. The exploratory attack provides the basis to launch
the causative attack (that aims to poison the training process) and evasion
attack (that aims to fool the classifier into making wrong decisions) by
selecting training and test data samples, respectively, based on the confidence
scores obtained from the inferred classifier. These stealth attacks with small
footprint (using a small number of API calls) make adversarial machine learning
practical under the realistic case with limited training data available to the
adversary.
In text/plain
format
Archived Files and Locations
application/pdf 466.9 kB
file_3pyr2keatbcl5folltip7wdhqq
|
arxiv.org (repository) web.archive.org (webarchive) |
1901.09113v1
access all versions, variants, and formats of this works (eg, pre-prints)