Cryptanalytic Extraction of Neural Network Models.
CRYPTO (3)(2020)
摘要
We argue that the machine learning problem of model extraction is actually a cryptanalytic problem in disguise, and should be studied as such. Given oracle access to a neural network, we introduce a differential attack that can efficiently steal the parameters of the remote model up to floating point precision. Our attack relies on the fact that ReLU neural networks are piecewise linear functions, and thus queries at the critical points reveal information about the model parameters.
更多查看译文
关键词
cryptanalytic extraction,models
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络