Investigation of Methods for Defending against Recognizer Clones

DOI

Bibliographic Information

Other Title
  • 認識サービスの運用:認識器クローンに対する防御法

Description

<p>With the development of machine learning technologies and the spread of mobile terminals, cloud-based image recognition services are getting popular in recent years. However, these services might suffer from a new type of attacks called retraining attack (RA), in which an attacker sends a lot of images to a recognition server and receives their recognition results to train a recognizer that mimics the serverʼs recognizer. We refer to the recognizers trained by RA as recognizer clones and aim to develop a defending method against them in our ongoing research project, whose current status is reported in this paper. Specifically, we consider the following two approaches: One is a method for preventing attackers from training recognizer clones by intentional misrecognition, where the server intentionally misrecognizes the images sent from the attackers. The other is a method for detecting already trained recognizer clones by checking the characteristics of their recognition results. While these two methods are still under development, we obtained some interesting knowledge through our experimental results.</p>

Journal

  • Medical Imaging Technology

    Medical Imaging Technology 37 (4), 188-193, 2019-09-25

    The Japanese Society of Medical Imaging Technology

Related Projects

See more

Details 詳細情報について

  • CRID
    1390001277363298048
  • NII Article ID
    130007720103
  • DOI
    10.11409/mit.37.188
  • ISSN
    21853193
    0288450X
  • Text Lang
    ja
  • Data Source
    • JaLC
    • CiNii Articles
    • KAKEN
  • Abstract License Flag
    Disallowed

Report a problem

Back to top