Paper
16 August 2023 An attack framework for stealing black-box based on active semi-supervised learning
Lijun Gao, Yuting Wang, Wenjun Liu, Kai Liu
Author Affiliations +
Proceedings Volume 12787, Sixth International Conference on Advanced Electronic Materials, Computers, and Software Engineering (AEMCSE 2023); 127870T (2023) https://doi.org/10.1117/12.3004553
Event: 6th International Conference on Advanced Electronic Materials, Computers and Software Engineering (AEMCSE 2023), 2023, Shenyang, China
Abstract
Neural network models are commonly used as black-box services, but they are vulnerable to model stealing attacks, where an attacker can train a substitute model with similar performance to the original model by exploiting limited information related to the target model. This can cause significant losses to the owner of the target model and pose a serious security risk. To advance our understanding of neural networks and promote the evolution of model protection mechanisms, we conducted in-depth research on neural network model stealing attacks. In this paper, we propose a black-box stealing attack framework that combines active and semi-supervised learning, even if the target black-box only provides hard-label output, an effective attack can be achieved, generating a substitute model with the same functionality as the black-box. The framework involves selectively querying the most informative samples for black-box labeling using active learning, which significantly reduces the workload of querying the black-box and enables to achieve better performance with fewer training samples. We also apply semi-supervised learning to leverage the abundance of unlabeled data and further improve model performance. We evaluated our method on various data sets and proved that the stealing ability of our method was significantly higher than 3.86%~26.64% other methods when faced with hardlabel black-box with the same number of queries, which can achieve effective black-box function stealing.
(2023) Published by SPIE. Downloading of the abstract is permitted for personal use only.
Lijun Gao, Yuting Wang, Wenjun Liu, and Kai Liu "An attack framework for stealing black-box based on active semi-supervised learning", Proc. SPIE 12787, Sixth International Conference on Advanced Electronic Materials, Computers, and Software Engineering (AEMCSE 2023), 127870T (16 August 2023); https://doi.org/10.1117/12.3004553
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Data modeling

Active learning

Machine learning

Statistical modeling

Performance modeling

Network architectures

Aerospace engineering

Back to Top