Further Clarification of Semester Project
Written on 02.07.2020 10:51 by Yang Zhang
some of you still have confusion on the semester project. I repeat what I said in the class here.
- Model Inversion, Algorithm 1 (page 8) in the paper "Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures". Note that AuxTerm(x) = 0, if you are at the class, you should not have this confusion.
- We recommend you use all these datasets, CIFAR10, MNIST, and Fashion-MNIST.
- You just need to perform your attack on your local trained model, this means you don't need to attack machine learning models in the cloud.
- For model extraction/stealing, please check the fourth paragraph of Section 4.1.2 in the paper "Stealing Machine Learning Models via Prediction APIs". That one is designed for MLP, but you can do the same attack on your simple CNN. So in short, just following the methods on my slides is enough.
If you have more questions about the semester project, please contact us by email ASAP. In the next lecture, I'll also be there to answer more questions. If you don't attend most of the lectures, I'm afraid I'm not able to help.