TY - JOUR
AU - 
AB - Adversarial Reprogramming of Text Classification Neural Networks 1 2 1;3 2 Paarth Neekhara , Shehzeen Hussain , Shlomo Dubnov , Farinaz Koushanfar Department of Computer Science Department of Electrical and Computer Engineering Department of Music University of California San Diego fpneekhar,ssh028g@ucsd.edu Abstract machine learning model is repurposed to perform a new task chosen by the attacker. The proposed In this work, we develop methods to repur- attack is interesting because it allows an adversary pose text classification neural networks for al- to move a step beyond mere mis-classification of ternate tasks without modifying the network a victim network’s output onto having the con- architecture or parameters. We propose a con- trol to repurpose the network fully. The authors text based vocabulary remapping method that demonstrated how an adversary may repurpose a performs a computationally inexpensive input transformation to reprogram a victim classifi- pre-trained ImageNet (Deng et al., 2009) model cation model for a new set of sequences. We for an alternate classification task like classifica- propose algorithms for training such an input tion of MNIST digits or CIFAR-10 images with- transformation in both white box and black out modifying the network parameters. Since ma- box settings where the adversary 
TI - Adversarial Reprogramming of Text Classification Neural Networks
JF - Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP)
DO - 10.18653/v1/d19-1525
DA - 2019-01-01
UR - https://www.deepdyve.com/lp/unpaywall/adversarial-reprogramming-of-text-classification-neural-networks-EHIJWVwY8M
DP - DeepDyve
ER -