CAMH: Advancing Model Hijacking Attack in Machine Learning

TL;DR

This paper introduces CAMH, a novel model hijacking attack method that effectively manipulates machine learning models to perform unintended tasks with minimal impact on original performance, highlighting security vulnerabilities.

Contribution

CAMH is the first approach to address class mismatch, data divergence, and performance balance in model hijacking, using synchronized layers and dual-loop optimization.

Findings

CAMH achieves high attack success across datasets.

Minimal performance degradation on original tasks.

Effective in diverse network architectures.

Abstract

In the burgeoning domain of machine learning, the reliance on third-party services for model training and the adoption of pre-trained models have surged. However, this reliance introduces vulnerabilities to model hijacking attacks, where adversaries manipulate models to perform unintended tasks, leading to significant security and ethical concerns, like turning an ordinary image classifier into a tool for detecting faces in pornographic content, all without the model owner's knowledge. This paper introduces Category-Agnostic Model Hijacking (CAMH), a novel model hijacking attack method capable of addressing the challenges of class number mismatch, data distribution divergence, and performance balance between the original and hijacking tasks. CAMH incorporates synchronized training layers, random noise optimization, and a dual-loop optimization approach to ensure minimal impact on the original task's performance while effectively executing the hijacking task. We evaluate CAMH across multiple benchmark datasets and network architectures, demonstrating its potent attack effectiveness while ensuring minimal degradation in the performance of the original task.