OAI 4

Questions and Answers

What is the main focus of today's lecture on Adversarial Machine Learning?

• Model Extraction Techniques
• Confidentiality Attacks (correct)
• Causative Attacks
• Privacy Attacks in Machine Learning

In the motivating scenario presented, what inference do users make from the cancer detection model 𝑓 trained using Bob's CT scans?

• Bob is healthy
• Bob is a doctor
• Bob has cancer (correct)
• Bob is a model owner

What does the adversary model 𝒜 want to learn about in the context of MLaaS?

• Microsoft's software development process
• Details of Amazon's products
• Insights into Google's search algorithms
• Information about Machine Learning as a Service (correct)

In the context of Model Extraction, what does 'obtaining 𝜃 or 𝜃෨' refer to?

Learning the model's parameters (A)

What is the primary goal of an attacker in Model Extraction?

To steal the model's parameters (C)

How does the Copycat Approach aim to extract a model?

By creating random non-labeled data (A)

What distinguishes Model Extraction using Exact Copy from using Approximation?

Approximation may not replicate the original model perfectly. (D)

What is the role of 𝑥~𝒟 in the first step of the Copycat Approach for Model Extraction?

Training data used for model extraction (B)

'Confidentiality Attacks' primarily target which aspect in Machine Learning?

'Privacy' of sensitive information (B)

What is the primary purpose of Model Extraction in Adversarial Machine Learning?

To steal the model's parameters 𝜃 or 𝜃෨

How does the Copycat Approach for Model Extraction differ from conventional methods?

It persuades the model to reveal its decision boundary by providing random non-labeled data.

What is the key difference between Model Extraction using Exact Copy and Approximation methods?

Exact Copy aims to replicate the model exactly, while Approximation aims to mimic the model's behavior without replicating it.

How does an attacker initiate the Copycat Approach for Model Extraction?

By obtaining random data from the distribution 𝒟 and using the model 𝑓 for labeling.

In the context of Model Extraction, what does 'obtaining 𝜃 or 𝜃෨' refer to?

It refers to stealing the model's parameters, such as the decision boundary or coefficients.

What inference do users make from the cancer detection model 𝑓 trained using Bob's CT scans in the motivating scenario?

Users infer that Bob has cancer.

What aspect in Machine Learning do 'Confidentiality Attacks' primarily target?

Confidentiality Attacks target the privacy of the data used to train the model.

What does the adversary model 𝒜 want to learn about in the context of MLaaS?

Adversaries want to steal the model's parameters 𝜃 from the model 𝑓.

What information does the attacker aim to obtain through Inferring the Model's Parameters attack?

The attacker seeks to steal the model's parameters 𝜃 or 𝜃෨.

What inference do users make from the cancer detection model 𝑓 trained using Bob's CT scans in the motivating scenario?

Users infer that Bob has cancer.

What aspect in Machine Learning do 'Confidentiality Attacks' primarily target?

Confidentiality Attacks primarily target the privacy and confidentiality of data and models in Machine Learning.

What is the key difference between Model Extraction using Exact Copy and Approximation methods?

The key difference is that Exact Copy involves creating an exact replica of the model, while Approximation methods aim to approximate the model's behavior without replicating it exactly.

What information does the attacker aim to obtain through Inferring the Model's Parameters attack?

The attacker aims to steal the model's parameters, 𝜃, or 𝜃෨, in the Inferring the Model's Parameters attack.

How does the Copycat Approach aim to extract a model?

The Copycat Approach extracts a model by persuading it to reveal its decision boundary using random non-labeled data.

What is the role of 𝑥~𝒟 in the first step of the Copycat Approach for Model Extraction?

In the first step, 𝑥~𝒟 is obtained from the dataset 𝒟 and used for labeling by the attacker.

How does the Copycat Approach for Model Extraction differ from conventional methods?

The Copycat Approach differs from conventional methods by exploiting the model's responses to random non-labeled data to extract information, instead of relying on labeled data.

What is the main focus of today's lecture on Adversarial Machine Learning?

Today's lecture focuses on Confidentiality Attacks and Causative Attacks in Adversarial Machine Learning.

What does the adversary model 𝒜 want to learn about in the context of MLaaS?

In the context of MLaaS, the adversary model 𝒜 wants to learn the model's parameters or decision-making processes for malicious purposes.

Study Notes

• Lecture by Dr. Yisroel Mirsky on Adversarial Machine Learning covering Confidentiality Attacks and Causative Attacks
• Example of a confidentiality attack: Using Bob's CT scans to train a cancer detection model, leading users to infer that Bob has cancer
• Threat model for privacy attacks in Machine Learning includes wanting information from MLaaS providers like Amazon, Google, Microsoft, etc.
• Inferring the model's parameters attack goal involves stealing the parameters (θ) from the model (fθ) through model extraction methods like Exact Copy or Approximation
• Model extraction can be achieved by learning the decision boundary (hyperplane) using methods like the Copycat Approach, where the attacker needs access to the model (f), data (x), and API to steal the model

Description

Learn about confidentiality attacks and causative attacks in adversarial machine learning with Dr. Yisroel Mirsky. Explore the motivation behind attacks on confidentiality using a cancer detection model scenario. Stay updated with the latest survey of privacy attacks in machine learning.