Intrusion-Resilient Classifier Approximation: From Wildcard Matching to Range Membership

Giovanni Di Crescenzo, Lisa Bahler, Brian Coan, Kurt Rohloff, Yury Polyakov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We study the problem of securing machine learning classifiers against intrusion attacks (i.e., attacks that somehow retrieve the classifier model parameters). We show that efficient cryptographic program obfuscation techniques turn out to be a very useful tool to transform a (matching-type) classifier into one that is intrusion-resilient. Since not many efficient cryptographic program obfuscators exist in the literature, we investigate the task of classifier approximation. By proposing classifier approximations of conjunction of range membership classifiers based on wildcard matching, we construct non-trivial classifiers for image recognition tasks. The resulting classifiers, although limited in that they have to be selected within the small class of functions that have an efficient cryptographic obfuscator in the literature, can be used to achieve more than 90% quality of approximation (i.e., the ratio between the machine learning metric in the approximating classifier to the same metric for the original classifier), and keep their parameters obfuscated against an intruder when combined with known cryptographic program obfuscators.

Original languageEnglish (US)
Title of host publicationProceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1885-1890
Number of pages6
ISBN (Print)9781538643877
DOIs
StatePublished - Sep 5 2018
Externally publishedYes
Event17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 - New York, United States
Duration: Jul 31 2018Aug 3 2018

Publication series

NameProceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018

Other

Other17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
CountryUnited States
CityNew York
Period7/31/188/3/18

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Keywords

  • Classifier Approximation
  • Cryptographic Program Obfuscation

Fingerprint Dive into the research topics of 'Intrusion-Resilient Classifier Approximation: From Wildcard Matching to Range Membership'. Together they form a unique fingerprint.

Cite this