A security analyst is evaluating adversarial threats to a deployed image classifier. Which attack involves making tiny, often imperceptible changes to input images to cause misclassification?
Trap 1: Model inversion
Model inversion reconstructs training data from model outputs.
Trap 2: Membership inference
Membership inference determines if a record was in the training set.
Trap 3: Data poisoning
Data poisons the training set, not the inference input.
- A
Model inversion
Why wrong: Model inversion reconstructs training data from model outputs.
- B
Membership inference
Why wrong: Membership inference determines if a record was in the training set.
- C
Adversarial examples
Correct. Adversarial examples use imperceptible perturbations to fool classifiers.
- D
Data poisoning
Why wrong: Data poisons the training set, not the inference input.