Model-Reuse Attacks on Deep Learning SystemsModel-Reuse Attacks on Deep Learning SystemsYujie Ji and Xinyang Zhang and Shouling Ji and Xiapu Luo and Ting Wang2018
Paper summarydavidstutzJi et al. propose a model-reuse, or trojaning, attack against neural networks by deliberately manipulating specific weights. In particular, given a specific input, the attacker intends to manipulate the model into mis-classifying this input. This is achieved by first generating semantic neighbors of the input, e.g. through transformations or noise, and then identifying salient features for these inputs. These features are correlated to the classifiers output, i.e. some of them have positive impact on classification, some of them have negative impact. The model is fine-tuned by actively adapting the identifying features until the target input is mis-classified.
Also find this summary at [davidstutz.de](https://davidstutz.de/category/reading/).