Stateful detection of adversarial reprogramming

Yang Zheng; Xiaoyi Feng; Zhaoqiang Xia; Xiaoyue Jiang; Maura Pintor; Ambra Demontis; Battista Biggio; Fabio Roli

Stateful detection of adversarial reprogramming

Yang Zheng, Xiaoyi Feng, Zhaoqiang Xia, Xiaoyue Jiang, Maura Pintor, Ambra Demontis, Battista Biggio, Fabio Roli

Published: 01 Jan 2023, Last Modified: 15 May 2025Inf. Sci. 2023EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Highlights•This work is the first that proposes a defense against reprogramming in black-box scenarios.•Our analysis shows that stateful defenses increase the attackers' cost for executing adversarial reprogramming.•Stateful defenses remain a valuable deterrence mechanism even when the attacker exploits transferability to overcome it.

Loading