Investigation of Methods for Defending against Recognizer Clones
-
- NAKAMURA Kazuaki
- Graduate School of Engineering, Osaka University
-
- NITTA Naoko
- Graduate School of Engineering, Osaka University
-
- BABAGUCHI Noboru
- Graduate School of Engineering, Osaka University
Bibliographic Information
- Other Title
-
- 認識サービスの運用:認識器クローンに対する防御法
Description
<p>With the development of machine learning technologies and the spread of mobile terminals, cloud-based image recognition services are getting popular in recent years. However, these services might suffer from a new type of attacks called retraining attack (RA), in which an attacker sends a lot of images to a recognition server and receives their recognition results to train a recognizer that mimics the serverʼs recognizer. We refer to the recognizers trained by RA as recognizer clones and aim to develop a defending method against them in our ongoing research project, whose current status is reported in this paper. Specifically, we consider the following two approaches: One is a method for preventing attackers from training recognizer clones by intentional misrecognition, where the server intentionally misrecognizes the images sent from the attackers. The other is a method for detecting already trained recognizer clones by checking the characteristics of their recognition results. While these two methods are still under development, we obtained some interesting knowledge through our experimental results.</p>
Journal
-
- Medical Imaging Technology
-
Medical Imaging Technology 37 (4), 188-193, 2019-09-25
The Japanese Society of Medical Imaging Technology
- Tweet
Keywords
Details 詳細情報について
-
- CRID
- 1390001277363298048
-
- NII Article ID
- 130007720103
-
- ISSN
- 21853193
- 0288450X
-
- Text Lang
- ja
-
- Data Source
-
- JaLC
- CiNii Articles
- KAKEN
-
- Abstract License Flag
- Disallowed