A cryptographic approach to black box adversarial machine learning

06/07/2019
by   Kevin Shi, et al.
2

We propose an ensemble technique for converting any classifier into a computationally secure classifier. We define a simpler security problem for random binary classifiers and prove a reduction from this model to the security of the overall ensemble classifier. We provide experimental evidence of the security of our random binary classifiers, as well as empirical results of the adversarial accuracy of the overall ensemble to black-box attacks. Our construction crucially leverages hidden randomness in the multiclass-to-binary reduction.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset