@inproceedings{5f53955163e24f868f14828a797b40a5,
title = "Encrypted-Input Obfuscation of Image Classifiers",
abstract = "We consider the problem of protecting image classifiers simultaneously from inspection attacks (i.e., attacks that have read access to all details in the program{\textquoteright}s code) and black-box attacks (i.e., attacks where have input/output access to the program{\textquoteright}s code). Our starting point is cryptographic program obfuscation, which guarantees some provable security against inspection attacks, in the sense that any such attack is not significantly more successful than a related black-box attack. We actually consider the recent model of encrypted-input cryptographic program obfuscation, which uses a key shared between the obfuscation deployer and the input encryptor to generate the obfuscated program. In this model we design an image classifier program and an encrypted-input obfuscator for it, showing that the classifier program is secure against both inspection and black-box attacks, under the existence of symmetric encryption schemes. We evaluate the accuracy of our classifier and show that it is significantly better than the random classifier and not much worse than more powerful classifiers (e.g., k-nearest neighbor) for which however no efficient obfuscator is known.",
keywords = "Black-box attacks, Image classifiers, Inspection attacks, Program obfuscation",
author = "{Di Crescenzo}, Giovanni and Lisa Bahler and Coan, {Brian A.} and Kurt Rohloff and Cousins, {David B.} and Yuriy Polyakov",
note = "Publisher Copyright: {\textcopyright} 2021, IFIP International Federation for Information Processing.; 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2021 ; Conference date: 19-07-2021 Through 20-07-2021",
year = "2021",
doi = "10.1007/978-3-030-81242-3_8",
language = "English (US)",
isbn = "9783030812416",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "136--156",
editor = "Ken Barker and Kambiz Ghazinour",
booktitle = "Data and Applications Security and Privacy XXXV - 35th Annual IFIP WG 11.3 Conference, DBSec 2021, Proceedings",
address = "Germany",
}