HoneyModels: Machine Learning Honeypots

TL;DR

HoneyModels introduces a watermarked honeypot approach for neural networks that detects adversarial attacks with high accuracy, offering a scalable and practical alternative to traditional defenses in adversarial machine learning.

Contribution

The paper proposes HoneyModels, a novel honeypot-based method embedding watermarks in models to detect adversaries, addressing scalability and practicality issues of existing defenses.

Findings

Detects 69.5% of adversarial attacks

Preserves original model functionality

Encourages creation of watermarked adversarial samples

Abstract

Machine Learning is becoming a pivotal aspect of many systems today, offering newfound performance on classification and prediction tasks, but this rapid integration also comes with new unforeseen vulnerabilities. To harden these systems the ever-growing field of Adversarial Machine Learning has proposed new attack and defense mechanisms. However, a great asymmetry exists as these defensive methods can only provide security to certain models and lack scalability, computational efficiency, and practicality due to overly restrictive constraints. Moreover, newly introduced attacks can easily bypass defensive strategies by making subtle alterations. In this paper, we study an alternate approach inspired by honeypots to detect adversaries. Our approach yields learned models with an embedded watermark. When an adversary initiates an interaction with our model, attacks are encouraged to add this predetermined watermark stimulating detection of adversarial examples. We show that HoneyModels can reveal 69.5% of adversaries attempting to attack a Neural Network while preserving the original functionality of the model. HoneyModels offer an alternate direction to secure Machine Learning that slightly affects the accuracy while encouraging the creation of watermarked adversarial samples detectable by the HoneyModel but indistinguishable from others for the adversary.