# Training Set Camouflage

**Authors:** Ayon Sen, Scott Alfeld, Xuezhou Zhang, Ara Vartanian, Yuzhe Ma and, Xiaojin Zhu

arXiv: 1812.05725 · 2018-12-17

## TL;DR

This paper presents training set camouflage, a steganographic method allowing covert communication of machine learning tasks by disguising the true training set as a benign one, using optimization techniques.

## Contribution

It introduces a novel steganographic approach in machine learning, formulating it as a bilevel optimization problem and providing practical solvers for real-world tasks.

## Key findings

- Camouflage training sets can effectively hide true tasks.
- Bob can recover the original classifier with minimal deviation.
- The method is feasible on real classification datasets.

## Abstract

We introduce a form of steganography in the domain of machine learning which we call training set camouflage. Imagine Alice has a training set on an illicit machine learning classification task. Alice wants Bob (a machine learning system) to learn the task. However, sending either the training set or the trained model to Bob can raise suspicion if the communication is monitored. Training set camouflage allows Alice to compute a second training set on a completely different -- and seemingly benign -- classification task. By construction, sending the second training set will not raise suspicion. When Bob applies his standard (public) learning algorithm to the second training set, he approximately recovers the classifier on the original task. Training set camouflage is a novel form of steganography in machine learning. We formulate training set camouflage as a combinatorial bilevel optimization problem and propose solvers based on nonlinear programming and local search. Experiments on real classification tasks demonstrate the feasibility of such camouflage.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.05725/full.md

## Figures

21 figures with captions in the complete paper: https://tomesphere.com/paper/1812.05725/full.md

## References

65 references — full list in the complete paper: https://tomesphere.com/paper/1812.05725/full.md

---
Source: https://tomesphere.com/paper/1812.05725