Machine Learning (ML) algorithms are used to train computers to perform avariety of complex tasks and improve with experience. Computers learn how torecognize patterns, make unintended decisions, or react to a dynamicenvironment. Certain trained machines may be more effective than others becausethey are based on more suitable ML algorithms or because they were trainedthrough superior training sets. Although ML algorithms are known and publiclyreleased, training sets may not be reasonably ascertainable and, indeed, may beguarded as trade secrets. While much research has been performed about theprivacy of the elements of training sets, in this paper we focus our attentionon ML classifiers and on the statistical information that can be unconsciouslyor maliciously revealed from them. We show that it is possible to inferunexpected but useful information from ML classifiers. In particular, we builda novel meta-classifier and train it to hack other classifiers, obtainingmeaningful information about their training sets. This kind of informationleakage can be exploited, for example, by a vendor to build more effectiveclassifiers or to simply acquire trade secrets from a competitor's apparatus,potentially violating its intellectual property rights.
translated by 谷歌翻译