Polynomial Time Cryptanalytic Extraction of Neural Network Models

no code implementations • 12 Oct 2023 • Adi Shamir, Isaac Canales-Martinez, Anna Hambitzer, Jorge Chavez-Saab, Francisco Rodrigez-Henriquez, Nitin Satpute

It resembles a differential chosen plaintext attack on a cryptosystem, which has a secret key embedded in its black-box implementation and requires a polynomial number of queries but an exponential amount of time (as a function of the number of neurons).

Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons

no code implementations • 8 Jan 2023 • Irad Zehavi, Adi Shamir

For example, we show how such a backdoored system can take any two images of a particular person and decide that they represent different persons (an anonymity attack), or take any two images of a particular pair of persons and decide that they represent the same person (a confusion attack), with almost no effect on the correctness of its decisions for other persons.

The Dimpled Manifold Model of Adversarial Examples in Machine Learning

no code implementations • 18 Jun 2021 • Adi Shamir, Odelia Melamed, Oriel BenShmuel

We describe the results of numerous experiments which strongly support this new model, using both low dimensional synthetic datasets and high dimensional natural datasets.

BIG-bench Machine Learning

A Simple Explanation for the Existence of Adversarial Examples with Small Hamming Distance

no code implementations • 30 Jan 2019 • Adi Shamir, Itay Safran, Eyal Ronen, Orr Dunkelman

The existence of adversarial examples in which an imperceptible change in the input can fool well trained neural networks was experimentally discovered by Szegedy et al in 2013, who called them "Intriguing properties of neural networks".