Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems

Yue Gao, Ilia Shumailov, Kassem Fawaz
Proceedings of the 39th International Conference on Machine Learning, PMLR 162:7102-7121, 2022.

Abstract

As real-world images come in varying sizes, the machine learning model is part of a larger system that includes an upstream image scaling algorithm. In this paper, we investigate the interplay between vulnerabilities of the image scaling procedure and machine learning models in the decision-based black-box setting. We propose a novel sampling strategy to make a black-box attack exploit vulnerabilities in scaling algorithms, scaling defenses, and the final machine learning model in an end-to-end manner. Based on this scaling-aware attack, we reveal that most existing scaling defenses are ineffective under threat from downstream models. Moreover, we empirically observe that standard black-box attacks can significantly improve their performance by exploiting the vulnerable scaling procedure. We further demonstrate this problem on a commercial Image Analysis API with decision-based black-box attacks.

Cite this Paper


BibTeX
@InProceedings{pmlr-v162-gao22g, title = {Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems}, author = {Gao, Yue and Shumailov, Ilia and Fawaz, Kassem}, booktitle = {Proceedings of the 39th International Conference on Machine Learning}, pages = {7102--7121}, year = {2022}, editor = {Chaudhuri, Kamalika and Jegelka, Stefanie and Song, Le and Szepesvari, Csaba and Niu, Gang and Sabato, Sivan}, volume = {162}, series = {Proceedings of Machine Learning Research}, month = {17--23 Jul}, publisher = {PMLR}, pdf = {https://proceedings.mlr.press/v162/gao22g/gao22g.pdf}, url = {https://proceedings.mlr.press/v162/gao22g.html}, abstract = {As real-world images come in varying sizes, the machine learning model is part of a larger system that includes an upstream image scaling algorithm. In this paper, we investigate the interplay between vulnerabilities of the image scaling procedure and machine learning models in the decision-based black-box setting. We propose a novel sampling strategy to make a black-box attack exploit vulnerabilities in scaling algorithms, scaling defenses, and the final machine learning model in an end-to-end manner. Based on this scaling-aware attack, we reveal that most existing scaling defenses are ineffective under threat from downstream models. Moreover, we empirically observe that standard black-box attacks can significantly improve their performance by exploiting the vulnerable scaling procedure. We further demonstrate this problem on a commercial Image Analysis API with decision-based black-box attacks.} }
Endnote
%0 Conference Paper %T Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems %A Yue Gao %A Ilia Shumailov %A Kassem Fawaz %B Proceedings of the 39th International Conference on Machine Learning %C Proceedings of Machine Learning Research %D 2022 %E Kamalika Chaudhuri %E Stefanie Jegelka %E Le Song %E Csaba Szepesvari %E Gang Niu %E Sivan Sabato %F pmlr-v162-gao22g %I PMLR %P 7102--7121 %U https://proceedings.mlr.press/v162/gao22g.html %V 162 %X As real-world images come in varying sizes, the machine learning model is part of a larger system that includes an upstream image scaling algorithm. In this paper, we investigate the interplay between vulnerabilities of the image scaling procedure and machine learning models in the decision-based black-box setting. We propose a novel sampling strategy to make a black-box attack exploit vulnerabilities in scaling algorithms, scaling defenses, and the final machine learning model in an end-to-end manner. Based on this scaling-aware attack, we reveal that most existing scaling defenses are ineffective under threat from downstream models. Moreover, we empirically observe that standard black-box attacks can significantly improve their performance by exploiting the vulnerable scaling procedure. We further demonstrate this problem on a commercial Image Analysis API with decision-based black-box attacks.
APA
Gao, Y., Shumailov, I. & Fawaz, K.. (2022). Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems. Proceedings of the 39th International Conference on Machine Learning, in Proceedings of Machine Learning Research 162:7102-7121 Available from https://proceedings.mlr.press/v162/gao22g.html.

Related Material