Protecting Object Detection Models from Model Extraction Attack via Feature Space Coverage
Authors: Zeyu Li, Yuwen Pu, Xuhong Zhang, Yu Li, Jinbao Li, Shouling Ji
IJCAI 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Through experiments conducted in multiple task scenarios, we validate the effectiveness and detection efficiency of the proposed method. |
| Researcher Affiliation | Academia | 1College of Computer Science and Technology, Zhejiang University 2School of Software Technology, Zhejiang University 3School of Computer Science and Technology, Harbin Institute of Technology, Shen Zhen 4School of Mathematics and Statistics, Qilu University of Technology {zju lzy, yw.pu,zhangxuhong}@zju.edu.cn, li.yu@hit.edu.cn, lijinb@sdas.org, sji@zju.edu.cn |
| Pseudocode | Yes | Algorithm 1 Feature space anchor A selection |
| Open Source Code | No | The paper does not provide explicit statements or links for open-source code for the described methodology. |
| Open Datasets | Yes | For dataset selection, we aim to evaluate the generalizability of OSD across three distinct object detection tasks: general object detection, self-driving, and aerial image detection. For each scenario, several datasets are chosen, with one dataset designated as the training dataset for the victim model, another serving as the initial sample set for the attacker, and the remaining datasets utilized to simulate queries from benign users. In the three scenarios, we employ the COCO [Lin et al., 2014], nu Images [Motional, 2020], and AI-TOD [Wang et al., 2021] datasets as the training datasets for the victim models. The VOC [Everingham et al., 2015], BDD100K [Yu et al., 2020a], and DOTA [Xia et al., 2018] datasets are chosen to simulate the data available to the attacker. Additionally, the Caltech-101 [Li et al., 2022] and LVIS [Gupta et al., 2019] datasets, the KITTI [Geiger et al., 2013] and Tu Simple [Tusimple, 2022] datasets, the vhr-10 [Cheng et al., 2016] and RSOD [Long et al., 2017] datasets are used to simulate query data from benign users for the three tasks. |
| Dataset Splits | No | The paper describes dataset usage for training victim models and simulating queries but does not provide specific training/validation/test split percentages or sample counts for dataset partitioning needed for reproduction. |
| Hardware Specification | Yes | Throughout the experiments, we utilize an experiment platform equipped with two Nvidia Ge Force RTX 3090Ti GPUs for the inference of the victim model and OSD deployment. |
| Software Dependencies | No | The paper mentions machine learning models and techniques but does not specify software dependencies like libraries or frameworks with version numbers. |
| Experiment Setup | Yes | For the i-th large object bounding box o L,i for sample x, the specific perturbation is applied as follows: ol,i,x = ol,i,x + rand( α, α) ol,i,w ol,i,y = ol,i,y + rand( α, α) ol,i,h (4) Where ol,i,x and ol,i,y represent the x,y coordinates of ol,i s top-left and bottom-right point. ol,i,w and ol,i,h denotes the width and height of ol,i. α is the perturbation magnitude, and rand() is a random function within the specified range... Np = η Nf (5) ...When v exceeds a certain threshold θv, the current user is classified as a suspicious user. |