Visible to the public Black Box to White Box: Discover Model Characteristics Based on Strategic Probing

TitleBlack Box to White Box: Discover Model Characteristics Based on Strategic Probing
Publication TypeConference Paper
Year of Publication2020
AuthorsKalin, J., Ciolino, M., Noever, D., Dozier, G.
Conference Name2020 Third International Conference on Artificial Intelligence for Industries (AI4I)
Keywordsadversarial attacks, architecture attribution, Black Box Attacks, black box encryption, composability, deep classifier, GPT-2, image based classifiers, image classification, Industries, learning (artificial intelligence), Libraries, machine learning, Metrics, model characteristics, Probes, pubcrawl, resilience, Resiliency, security, security of data, strategic probing, text analysis, text generation, text transformer, Training, Training data, Tuning, white box, white box adversarial attacks, White Box Security
Abstract

In Machine Learning, White Box Adversarial Attacks rely on knowing underlying knowledge about the model attributes. This works focuses on discovering to distrinct pieces of model information: the underlying architecture and primary training dataset. With the process in this paper, a structured set of input probes and the output of the model become the training data for a deep classifier. Two subdomains in Machine Learning are explored - image based classifiers and text transformers with GPT-2. With image classification, the focus is on exploring commonly deployed architectures and datasets available in popular public libraries. Using a single transformer architecture with multiple levels of parameters, text generation is explored by fine tuning off different datasets. Each dataset explored in image and text are distinguishable from one another. Diversity in text transformer outputs implies further research is needed to successfully classify architecture attribution in text domain.

DOI10.1109/AI4I49448.2020.00020
Citation Keykalin_black_2020