Hiding Behind Backdoors: Self-Obfuscation Against Generative Models
This addresses security risks in machine learning systems for practitioners, though it is incremental as it builds on prior work on physical-world attacks.
The paper tackles the problem of attackers compromising machine learning pipelines by poisoning training sets of generative models to obfuscate specific classes during inference, resulting in a generalized self-obfuscation attack that highlights vulnerabilities in architectural robustness.
Attack vectors that compromise machine learning pipelines in the physical world have been demonstrated in recent research, from perturbations to architectural components. Building on this work, we illustrate the self-obfuscation attack: attackers target a pre-processing model in the system, and poison the training set of generative models to obfuscate a specific class during inference. Our contribution is to describe, implement and evaluate a generalized attack, in the hope of raising awareness regarding the challenge of architectural robustness within the machine learning community.