Adversarial reprogramming of text classification neural networks

Paarth Neekhara; Shehzeen Hussain; Shlomo Dubnov; Farinaz Koushanfar

doi:10.18653/v1/D19-1525

Adversarial reprogramming of text classification neural networks

Paarth Neekhara
, Shehzeen Hussain
, Shlomo Dubnov
, Farinaz Koushanfar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

25 Scopus citations

Abstract

In this work, we develop methods to repurpose text classification neural networks for alternate tasks without modifying the network architecture or parameters. We propose a context based vocabulary remapping method that performs a computationally inexpensive input transformation to reprogram a victim classification model for a new set of sequences. We propose algorithms for training such an input transformation in both white box and black box settings where the adversary may or may not have access to the victim model's architecture and parameters. We demonstrate the application of our model and the vulnerability of neural networks by adversarially repurposing various text-classification models including LSTM, bi-directional LSTM and CNN for alternate classification tasks.

Original language	English
Title of host publication	EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference
Publisher	Association for Computational Linguistics
Pages	5216-5225
Number of pages	10
ISBN (Electronic)	9781950737901
DOIs	https://doi.org/10.18653/v1/D19-1525
State	Published - 1 Jan 2019
Externally published	Yes
Event	2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, EMNLP-IJCNLP 2019 - Hong Kong, China Duration: 3 Nov 2019 → 7 Nov 2019

Publication series

Name	EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference

Conference

Conference	2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, EMNLP-IJCNLP 2019
Country/Territory	China
City	Hong Kong
Period	3/11/19 → 7/11/19

ASJC Scopus subject areas

Computational Theory and Mathematics
Computer Science Applications
Information Systems

Access to Document

10.18653/v1/D19-1525

Cite this

Neekhara, P., Hussain, S., Dubnov, S., & Koushanfar, F. (2019). Adversarial reprogramming of text classification neural networks. In EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference (pp. 5216-5225). (EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference). Association for Computational Linguistics. https://doi.org/10.18653/v1/D19-1525

Neekhara, Paarth ; Hussain, Shehzeen ; Dubnov, Shlomo et al. / Adversarial reprogramming of text classification neural networks. EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference. Association for Computational Linguistics, 2019. pp. 5216-5225 (EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference).

@inproceedings{0f0c5c821025405285cd6b8dd67d4db2,

title = "Adversarial reprogramming of text classification neural networks",

abstract = "In this work, we develop methods to repurpose text classification neural networks for alternate tasks without modifying the network architecture or parameters. We propose a context based vocabulary remapping method that performs a computationally inexpensive input transformation to reprogram a victim classification model for a new set of sequences. We propose algorithms for training such an input transformation in both white box and black box settings where the adversary may or may not have access to the victim model's architecture and parameters. We demonstrate the application of our model and the vulnerability of neural networks by adversarially repurposing various text-classification models including LSTM, bi-directional LSTM and CNN for alternate classification tasks.",

author = "Paarth Neekhara and Shehzeen Hussain and Shlomo Dubnov and Farinaz Koushanfar",

note = "Publisher Copyright: {\textcopyright} 2019 Association for Computational Linguistics; 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, EMNLP-IJCNLP 2019 ; Conference date: 03-11-2019 Through 07-11-2019",

year = "2019",

month = jan,

day = "1",

doi = "10.18653/v1/D19-1525",

language = "English",

series = "EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference",

publisher = "Association for Computational Linguistics",

pages = "5216--5225",

booktitle = "EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference",

}

Neekhara, P, Hussain, S, Dubnov, S & Koushanfar, F 2019, Adversarial reprogramming of text classification neural networks. in EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference. EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference, Association for Computational Linguistics, pp. 5216-5225, 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, EMNLP-IJCNLP 2019, Hong Kong, China, 3/11/19. https://doi.org/10.18653/v1/D19-1525

Adversarial reprogramming of text classification neural networks. / Neekhara, Paarth; Hussain, Shehzeen; Dubnov, Shlomo et al.
EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference. Association for Computational Linguistics, 2019. p. 5216-5225 (EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Adversarial reprogramming of text classification neural networks

AU - Neekhara, Paarth

AU - Hussain, Shehzeen

AU - Dubnov, Shlomo

AU - Koushanfar, Farinaz

PY - 2019/1/1

Y1 - 2019/1/1

N2 - In this work, we develop methods to repurpose text classification neural networks for alternate tasks without modifying the network architecture or parameters. We propose a context based vocabulary remapping method that performs a computationally inexpensive input transformation to reprogram a victim classification model for a new set of sequences. We propose algorithms for training such an input transformation in both white box and black box settings where the adversary may or may not have access to the victim model's architecture and parameters. We demonstrate the application of our model and the vulnerability of neural networks by adversarially repurposing various text-classification models including LSTM, bi-directional LSTM and CNN for alternate classification tasks.

AB - In this work, we develop methods to repurpose text classification neural networks for alternate tasks without modifying the network architecture or parameters. We propose a context based vocabulary remapping method that performs a computationally inexpensive input transformation to reprogram a victim classification model for a new set of sequences. We propose algorithms for training such an input transformation in both white box and black box settings where the adversary may or may not have access to the victim model's architecture and parameters. We demonstrate the application of our model and the vulnerability of neural networks by adversarially repurposing various text-classification models including LSTM, bi-directional LSTM and CNN for alternate classification tasks.

UR - https://www.scopus.com/pages/publications/85084325553

U2 - 10.18653/v1/D19-1525

DO - 10.18653/v1/D19-1525

M3 - Conference contribution

AN - SCOPUS:85084325553

T3 - EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference

SP - 5216

EP - 5225

BT - EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference

PB - Association for Computational Linguistics

T2 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, EMNLP-IJCNLP 2019

Y2 - 3 November 2019 through 7 November 2019

ER -

Neekhara P, Hussain S, Dubnov S, Koushanfar F. Adversarial reprogramming of text classification neural networks. In EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference. Association for Computational Linguistics. 2019. p. 5216-5225. (EMNLP-IJCNLP 2019 - 2019 Conference on Empirical Methods in Natural Language Processing and 9th International Joint Conference on Natural Language Processing, Proceedings of the Conference). doi: 10.18653/v1/D19-1525

Adversarial reprogramming of text classification neural networks

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this