Optimized Parameter Search Approach for Weight Modification Attack Targeting Deep Learning Models
, Amaia Gil-Lerchundi 1, Raul Orduna-Urrutia 1 and Iñigo Mendialdua 2Round 1
Reviewer 1 Report
The research area of this manuscript is definitely interesting for many readers. The presentation of the study is fair and the organization of the manuscript is correct. The language is understandable. Nevertheless, I believe that the manuscript's required major revision.
There are many concerns about the paper:
- Please state the current objective of the paper – current hardly to find the exact objective of the paper, but from the paper, I assumed that the authors planned to identify weight modification attack. However, there is no evident to demonstrate or explain what kind of main problem. Consider defining clear problem and objective of paper.
- The problem statement is not clear. The author failed to consider the current the state of the art in their studies. Consider identifying the main problem of the proposed studies.
- Not provide state of the art analysis from previous research. Some part of introduction can move to literature review.
- Suggest including some statistic is possible to show real problem in introduction.
- Please include aims of the paper, significant of result and conclusion from the experiment on the abstract.
- Figure is not clear. Figure name must be similar in paragraph. Not just put Fig.1. Please follow journal standard formatting.
- Please state contribution of the paper. The authors can insert contribution of paper in Introduction.
- Explain clearly why dataset split in to 70:30.
- No explanation / conclusion of every result. The reader want to the your opinion from your result.
- Include detail for future work.
Author Response
Please see the attachment.
Author Response File: 
Author Response.docx
Reviewer 2 Report
In this work authors propose a weight modification attack to a supervised machine learning model. They check the algorithm's success by modifying the weights. They perform their experiments on a public dataset of breast cancer images.
In my opinion, the attack and the results are not surprising. And having an experiment on a single dataset does not mean much about the methodology. Moreover, the methodology is not compared with the previous methods in the literature.
I strongly suggest the authors to proofread the paper and then get help from a native speaker or from the academic writing center of their universities. Because a lot of the sentences requires revision. For example, the definition of the parameters provided between the lines 190-198 are very hard to understand. Which makes it very hard to follow the rest of the paper. For instance, why k^2 is the number of modified parameters? That is, why the number of modified parameters must be a square?
Apparently even the authors themselves did not read the paper because many Table captions are provided as "This is a table caption. Tables should be placed in the main text near to the first time they are cited."
Some of the figures are not cited inside the text.
I recommend the authors to consider submitting this paper to a conference.
Author Response
Please see the attachment.
Author Response File: Author Response.docx
Reviewer 3 Report
Table 2 and 3 headings are not given
A detailed literature review can be done for discussing the challenges addressed in the literature, motivation for this proposed work and why this work is significant in this domain? Accordingly, a few more recent references can be added and cited.
As in many places, it is mentioned that this proposed work is a new version of weight modification attack, what were the earlier models built for the same and how it is different from the newer version can be discussed.
The computational complexity of the approach is not analyzed. It can be detailed in a discussion section.
What is the setup/environment used to perform the experiments?
Pseudocode integrating all subsections of 2 can be written for better understandability.
The approach can be compared with other state-of-the-art techniques for exhibiting the superiority of the proposed approach wrt few performance metrics.
A thorough English proof check is required as there are a few spelling/grammar mistakes in the paper. Ex: "implementes"
Author Response
Please see the attachment.
Author Response File: Author Response.docx
Reviewer 4 Report
The paper proposes a weight modification attack based on the clustering of similar input data.
The manuscript is well organized and is relevant for the field, the authors present a comprehensive background in the domain, then highlight very well the novelty of the paper as well as the methods used. The references used are current. The tests and experiments are well presented and relevant, and these can be reproduced as authors present the tools used. The results of the experiments can be analyzed through the figures and tables included in the manuscript. However, Tables 2 and 3 need captions. There is an extra dot on line 199. The conclusions are consistent and in accordance with the rest of the paper. Although generally, the paper is good, a comparison with similar works is missing. I suggest adding a section in which the authors compare their work with similar studies.
Author Response
Please see the attachment.
Author Response File: Author Response.docx
Round 2
Reviewer 4 Report
I checked the new version of the paper and I agree with the changes.
