Encrypted-Input Obfuscation of Image Classifiers
Document Type
Conference Proceeding
Publication Date
1-1-2021
Abstract
We consider the problem of protecting image classifiers simultaneously from inspection attacks (i.e., attacks that have read access to all details in the program’s code) and black-box attacks (i.e., attacks where have input/output access to the program’s code). Our starting point is cryptographic program obfuscation, which guarantees some provable security against inspection attacks, in the sense that any such attack is not significantly more successful than a related black-box attack. We actually consider the recent model of encrypted-input cryptographic program obfuscation, which uses a key shared between the obfuscation deployer and the input encryptor to generate the obfuscated program. In this model we design an image classifier program and an encrypted-input obfuscator for it, showing that the classifier program is secure against both inspection and black-box attacks, under the existence of symmetric encryption schemes. We evaluate the accuracy of our classifier and show that it is significantly better than the random classifier and not much worse than more powerful classifiers (e.g., k-nearest neighbor) for which however no efficient obfuscator is known.
Identifier
85112711444 (Scopus)
ISBN
[9783030812416]
Publication Title
Lecture Notes in Computer Science Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics
External Full Text Location
https://doi.org/10.1007/978-3-030-81242-3_8
e-ISSN
16113349
ISSN
03029743
First Page
136
Last Page
156
Volume
12840 LNCS
Recommended Citation
Di Crescenzo, Giovanni; Bahler, Lisa; Coan, Brian A.; Rohloff, Kurt; Cousins, David B.; and Polyakov, Yuriy, "Encrypted-Input Obfuscation of Image Classifiers" (2021). Faculty Publications. 4519.
https://digitalcommons.njit.edu/fac_pubs/4519
