Hiding Behind Backdoors: Self-Obfuscation Against Generative Models
Siddhartha Datta, Nigel Shadbolt
TL;DR
This paper introduces a self-obfuscation attack where attackers poison training data to make generative models obscure specific classes during inference, highlighting vulnerabilities in ML pipeline robustness.
Contribution
It describes, implements, and evaluates a generalized attack method targeting pre-processing models to obfuscate classes, raising awareness of architectural vulnerabilities.
Findings
Effective obfuscation of targeted classes during inference
Successful poisoning of training data to induce obfuscation
Demonstrated robustness challenges in ML architectures
Abstract
Attack vectors that compromise machine learning pipelines in the physical world have been demonstrated in recent research, from perturbations to architectural components. Building on this work, we illustrate the self-obfuscation attack: attackers target a pre-processing model in the system, and poison the training set of generative models to obfuscate a specific class during inference. Our contribution is to describe, implement and evaluate a generalized attack, in the hope of raising awareness regarding the challenge of architectural robustness within the machine learning community.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Digital Media Forensic Detection · Advanced Malware Detection Techniques