Model-Reuse Attacks on Deep Learning Systems Model-Reuse Attacks on Deep Learning Systems
Paper summary Ji et al. propose a model-reuse, or trojaning, attack against neural networks by deliberately manipulating specific weights. In particular, given a specific input, the attacker intends to manipulate the model into mis-classifying this input. This is achieved by first generating semantic neighbors of the input, e.g. through transformations or noise, and then identifying salient features for these inputs. These features are correlated to the classifiers output, i.e. some of them have positive impact on classification, some of them have negative impact. The model is fine-tuned by actively adapting the identifying features until the target input is mis-classified. Also find this summary at [](

Summary by David Stutz 1 year ago
Your comment: allows researchers to publish paper summaries that are voted on and ranked!

Sponsored by: and