Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Defending against Model Stealing via Verifying Embedded External Features
Authors: Yiming Li, Linghui Zhu, Xiaojun Jia, Yong Jiang, Shu-Tao Xia, Xiaochun Cao1464-1472
AAAI 2022 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We examine our method on both CIFAR-10 and Image Net datasets. Experimental results demonstrate that our method is effective in detecting different types of model stealing simultaneously, even if the stolen model is obtained via a multi-stage stealing process. |
| Researcher Affiliation | Academia | 1Tsinghua Shenzhen International Graduate School, Tsinghua University, Shenzhen, China 2Research Center of Artificial Intelligence, Peng Cheng Laboratory, Shenzhen, China 3Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China |
| Pseudocode | No | The paper does not contain any structured pseudocode or algorithm blocks. |
| Open Source Code | Yes | The codes for reproducing main results are available at Github (https://github.com/zlh-thu/Stealing Verification). |
| Open Datasets | Yes | We evaluate our defense on CIFAR-10 (Krizhevsky, Hinton et al. 2009) and (a subset of) Image Net (Deng et al. 2009) dataset. |
| Dataset Splits | No | The paper does not explicitly provide information about validation dataset splits for reproducing the main experiments. |
| Hardware Specification | No | The paper does not provide any specific hardware specifications (e.g., GPU/CPU models, memory) used for running its experiments. |
| Software Dependencies | No | The paper does not provide specific software dependencies or library versions with numbers (e.g., Python 3.8, PyTorch 1.9) needed to replicate the experiment. |
| Experiment Setup | Yes | We poison 10% training samples for all defenses. Besides, we adopt a white-square as the trigger pattern for Bad Nets and adopt a oil paint as the style image for our defense. |