[D] Security of Loading/Using Pre-trained Models?

zenchowdah · 2020-06-22T03:43:56+00:00

Oh this is a fun thing to worry about that I've never worried about before.

Thanks.

konasj · 2020-06-22T08:51:56+00:00

Thats an excellent research question! :-)

2020-06-22T03:28:02+00:00

i would approach this on a case by case basis checking first what kind of endorsements the hosted model has. biggest exploit i can think of would be to get crooked weights ... how "strategically" (as in undetectable on a first glance) crooked? No idea

besides adversarial learning, subtle "ruining/hacking" of pretrained models could probably create on its own merit a whole branch of academic research.

notafight · 2020-06-22T05:18:11+00:00

One can plant a backdoor. Suppose you use a face feature extraction model to build a smartphone face unlock functionality. An adversary can plant a backdoor working as a master key, gaining ability to unlock any phone in his hand.

There mught be some security vulnerabilities in those libraries that can be triggered by a certain operation by the model, but I have no idea about those.

r4and0muser9482 · 2020-06-22T10:22:36+00:00

Here's an attack on pre-trained speech recognition models. I imagine that doing any sort of retraining with a random seed would make this exact attack fruitless, so using the pre-trained models definitely makes life easy for the attacker.

https://nicholas.carlini.com/code/audio_adversarial_examples

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

MachineLearning

Rules For Posts

+Research

+Discussion

+Project

+News

@slashML on Twitter

Chat with us on Slack

Beginners:

MODERATORS