Document worth reading: “Whitening Black-Box Neural Networks”
Many deployed found fashions are black bins: given enter, returns output. Internal particulars concerning the model, such as a result of the construction, optimisation course of, or teaching data, simply is not disclosed explicitly because it’d comprise proprietary knowledge or make the system additional vulnerable. This work reveals that such attributes of neural networks could possibly be uncovered from a sequence of queries. This has various implications. On the one hand, our work exposes the vulnerability of black-box neural networks to a number of varieties of assaults — we current that the revealed interior knowledge helps generate easier adversarial examples in opposition to the black subject model. On the other hand, this methodology will be utilized for greater security of non-public content material materials from computerized recognition fashions using adversarial examples. Our paper implies that it is actually exhausting to draw a line between white subject and black subject fashions. Whitening Black-Box Neural Networks