Defending against Model Stealing via Verifying Embedded External Features
Authors: Yiming Li, Linghui Zhu, Xiaojun Jia, Yong Jiang, Shu-Tao Xia, Xiaochun Cao1464-1472
AAAI 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We examine our method on both CIFAR-10 and Image Net datasets. Experimental results demonstrate that our method is effective in detecting different types of model stealing simultaneously, even if the stolen model is obtained via a multi-stage stealing process. |
| Researcher Affiliation | Academia | 1Tsinghua Shenzhen International Graduate School, Tsinghua University, Shenzhen, China 2Research Center of Artificial Intelligence, Peng Cheng Laboratory, Shenzhen, China 3Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China |
| Pseudocode | No | The paper does not contain any structured pseudocode or algorithm blocks. |
| Open Source Code | Yes | The codes for reproducing main results are available at Github (https://github.com/zlh-thu/Stealing Verification). |
| Open Datasets | Yes | We evaluate our defense on CIFAR-10 (Krizhevsky, Hinton et al. 2009) and (a subset of) Image Net (Deng et al. 2009) dataset. |
| Dataset Splits | No | The paper does not explicitly provide information about validation dataset splits for reproducing the main experiments. |
| Hardware Specification | No | The paper does not provide any specific hardware specifications (e.g., GPU/CPU models, memory) used for running its experiments. |
| Software Dependencies | No | The paper does not provide specific software dependencies or library versions with numbers (e.g., Python 3.8, PyTorch 1.9) needed to replicate the experiment. |
| Experiment Setup | Yes | We poison 10% training samples for all defenses. Besides, we adopt a white-square as the trigger pattern for Bad Nets and adopt a oil paint as the style image for our defense. |