English

Towards Reverse-Engineering Black-Box Neural Networks

Machine Learning 2018-02-15 v3 Cryptography and Security Computer Vision and Pattern Recognition Machine Learning

Abstract

Many deployed learned models are black boxes: given input, returns output. Internal information about the model, such as the architecture, optimisation procedure, or training data, is not disclosed explicitly as it might contain proprietary information or make the system more vulnerable. This work shows that such attributes of neural networks can be exposed from a sequence of queries. This has multiple implications. On the one hand, our work exposes the vulnerability of black-box neural networks to different types of attacks -- we show that the revealed internal information helps generate more effective adversarial examples against the black box model. On the other hand, this technique can be used for better protection of private content from automatic recognition models using adversarial examples. Our paper suggests that it is actually hard to draw a line between white box and black box models.

Keywords

Cite

@article{arxiv.1711.01768,
  title  = {Towards Reverse-Engineering Black-Box Neural Networks},
  author = {Seong Joon Oh and Max Augustin and Bernt Schiele and Mario Fritz},
  journal= {arXiv preprint arXiv:1711.01768},
  year   = {2018}
}

Comments

20 pages, 12 figures, to appear at ICLR'18. Code: https://goo.gl/MbYfsv

R2 v1 2026-06-22T22:36:52.603Z