Wenjie Qu (Huazhong University of Science and Technology), Jinyuan Jia (University of Illinois Urbana-Champaign), Neil Zhenqiang Gong (Duke University)

Encoder as a service is an emerging cloud service. Specifically, a service provider first pre-trains an encoder (i.e., a general-purpose feature extractor) via either supervised learning or self-supervised learning and then deploys it as a cloud service API. A client queries the cloud service API to obtain feature vectors for its training/testing inputs when training/testing its classifier (called downstream classifier). A downstream classifier is vulnerable to adversarial examples, which are testing inputs with carefully crafted perturbation that the downstream classifier misclassifies. Therefore, in safety and security critical applications, a client aims to build a robust downstream classifier and certify its robustness guarantees against adversarial examples.

What APIs should the cloud service provide, such that a client can use any certification method to certify the robustness of its downstream classifier against adversarial examples while minimizing the number of queries to the APIs? How can a service provider pre-train an encoder such that clients can build more certifiably robust downstream classifiers? We aim to answer the two questions in this work. For the first question, we show that the cloud service only needs to provide two APIs, which we carefully design, to enable a client to certify the robustness of its downstream classifier with a minimal number of queries to the APIs. For the second question, we show that an encoder pre-trained using a spectral-norm regularization term enables clients to build more robust downstream classifiers.

View More Papers

Extrapolating Formal Analysis to Uncover Attacks in Bluetooth Passkey...

Mohit Kumar Jangid (The Ohio State University), Yue Zhang (Computer Science & Engineering, Ohio State University), Zhiqiang Lin (The Ohio...

Read More

Thwarting Smartphone SMS Attacks at the Radio Interface Layer

Haohuang Wen (Ohio State University), Phillip Porras (SRI International), Vinod Yegneswaran (SRI International), Zhiqiang Lin (Ohio State University)

Read More

Guess Which Car Type I Am Driving: Information Leak...

Dongyao Chen (Shanghai Jiao Tong University), Mert D. Pesé (Clemson University), Kang G. Shin (University of Michigan, Ann Arbor)

Read More

Improving In-vehicle Networks Intrusion Detection Using On-Device Transfer Learning

Sampath Rajapaksha (Robert Gordon University), Harsha Kalutarage (Robert Gordon University), M.Omar Al-Kadri (Birmingham City University), Andrei Petrovski (Robert Gordon University),...

Read More