1. Attacks on Remote Face Classifiers
Mentee: Timothy Klem Tianying Zhou Mentor: Vincent Bindschaedler
Adversarial Image Crafting
Tree Model
Motivation
Variable Importance Table
Many cloud providers host facial recognition services that identify faces in a client’s set of images. However, attackers can manipulate these services to help construct images of faces that cannot be detected by the remote model.
Attack Process
Attacker deploys adversarial images to defeat the remote model
Attacker constructs adversarial images that defeat the local model
Attacker builds locally-hosted model to mimic the remote model
Attacker labels own training data by querying the remote cloud service
Different Sizes of Blocks
Alter Block Colors: Black/While
Attack Various Locations
Forehead
Cheek
Chin
Improving Local Models
Future Work
We evaluate Jacobian-based dataset augmentation presented by Papernot et al. (2016) as a technique to increase the size of a face dataset to improve facial recognition.
Explore more features to modify in adversarial image crafting
Apply sample crafting techniques to more novel machine learning classifiers
Expand size of training dataset for faces
Use GPUs or other accelerators to reduce time to create machine learning models
Parameters Tested
Number of augmentations conducted on dataset to double its size
Application of Principal Component Analysis (PCA) to reduce complexity of training data for classifier
References
Papernot, N., McDaniel, P., & Goodfellow, I. (2016). Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples. Retrieved February 1, 2017.
Iterations
Accuracy
Accuracy with PCA
92.2%
68.9% 1
88.9%
70% 2 3
87.8% 4
86.7%
72%