Skip to main content
eScholarship
Open Access Publications from the University of California

Cross-Domain Adversarial Reprogramming of a Recurrent Neural Network

Creative Commons 'BY' version 4.0 license
Abstract

Neural networks are vulnerable to adversarial attacks. These attacks can be untargeted, causing the model to make anyerror, or targeted, causing the model to make a specific error. Adversarial Reprogramming introduces a type of attackthat reprograms the network to perform an entirely new task from its original function. Additional inputs in a pre-trainednetwork can repurpose the network to a different task. Previous work has shown adversarial reprogramming possible insimilar domains, such as an image classification task in ImageNet being repurposed for CIFAR-10. A natural questionis whether such reprogramming is feasible across any task for neural networks a positive answer would have significantimpact both on wider applicability of ANNs, but also require rethinking their security. We attempt for the first timereprogramming across domains, repurposing a text classifier to an image classifier, using a recurrent neural network aprototypical example of a Turing universal network.

Main Content
For improved accessibility of PDF content, download the file to your device.
Current View