TY - GEN
T1 - Intrusion-Resilient Classifier Approximation
T2 - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
AU - Di Crescenzo, Giovanni
AU - Bahler, Lisa
AU - Coan, Brian
AU - Rohloff, Kurt
AU - Polyakov, Yury
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/9/5
Y1 - 2018/9/5
N2 - We study the problem of securing machine learning classifiers against intrusion attacks (i.e., attacks that somehow retrieve the classifier model parameters). We show that efficient cryptographic program obfuscation techniques turn out to be a very useful tool to transform a (matching-type) classifier into one that is intrusion-resilient. Since not many efficient cryptographic program obfuscators exist in the literature, we investigate the task of classifier approximation. By proposing classifier approximations of conjunction of range membership classifiers based on wildcard matching, we construct non-trivial classifiers for image recognition tasks. The resulting classifiers, although limited in that they have to be selected within the small class of functions that have an efficient cryptographic obfuscator in the literature, can be used to achieve more than 90% quality of approximation (i.e., the ratio between the machine learning metric in the approximating classifier to the same metric for the original classifier), and keep their parameters obfuscated against an intruder when combined with known cryptographic program obfuscators.
AB - We study the problem of securing machine learning classifiers against intrusion attacks (i.e., attacks that somehow retrieve the classifier model parameters). We show that efficient cryptographic program obfuscation techniques turn out to be a very useful tool to transform a (matching-type) classifier into one that is intrusion-resilient. Since not many efficient cryptographic program obfuscators exist in the literature, we investigate the task of classifier approximation. By proposing classifier approximations of conjunction of range membership classifiers based on wildcard matching, we construct non-trivial classifiers for image recognition tasks. The resulting classifiers, although limited in that they have to be selected within the small class of functions that have an efficient cryptographic obfuscator in the literature, can be used to achieve more than 90% quality of approximation (i.e., the ratio between the machine learning metric in the approximating classifier to the same metric for the original classifier), and keep their parameters obfuscated against an intruder when combined with known cryptographic program obfuscators.
KW - Classifier Approximation
KW - Cryptographic Program Obfuscation
UR - http://www.scopus.com/inward/record.url?scp=85054070087&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85054070087&partnerID=8YFLogxK
U2 - 10.1109/TrustCom/BigDataSE.2018.00286
DO - 10.1109/TrustCom/BigDataSE.2018.00286
M3 - Conference contribution
AN - SCOPUS:85054070087
SN - 9781538643877
T3 - Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
SP - 1885
EP - 1890
BT - Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 31 July 2018 through 3 August 2018
ER -