SwiftThief: Enhancing Query Efficiency of Model Stealing by Contrastive Learning
Authors: Jeonghyun Lee, Sungmin Han, Sangkyun Lee
IJCAI 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our experiments proved that Swift Thief could significantly enhance the efficiency of model-stealing attacks compared to the existing methods, achieving similar attack performance using only half of the query budgets of the competing approaches. |
| Researcher Affiliation | Academia | Jeonghyun Lee , Sungmin Han , Sangkyun Lee School of Cybersecurity, Korea University {nomar0107, sungmin_15, sangkyun}@korea.ac.kr |
| Pseudocode | Yes | Algorithm 1 The Swift Thief Algorithm |
| Open Source Code | No | The paper does not contain any explicit statement about releasing the source code or provide a link to a code repository. |
| Open Datasets | Yes | We used Res Net-18 [He et al., 2016] as the victim model, which was trained with five task-specific image datasets: MNIST [Lecun et al., 1998], SVHN [Netzer et al., 2011], GTSRB [Stallkamp et al., 2011], CIFAR10 [Krizhevsky, 2009], and Euro SAT [Helber et al., 2018]. For the surrogate dataset S to choose attack queries from, we used the trainset of ILSVRC-2012 [Russakovsky et al., 2015]. |
| Dataset Splits | No | The paper mentions using 'the trainset of ILSVRC-2012' for the surrogate dataset and evaluating on 'victims test sets' but does not provide explicit details on the training, validation, or test splits (e.g., percentages, sample counts, or specific citations to predefined splits) for the datasets used in their experiments. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU/CPU models, memory, or cloud instance types) used for running the experiments. |
| Software Dependencies | No | The paper mentions various models and techniques (e.g., 'Res Net-18', 'Sim Siam', 'FGSM') but does not specify the versions of any software libraries, frameworks, or programming languages used (e.g., PyTorch, TensorFlow, Python versions). |
| Experiment Setup | Yes | We set the query budget B to 30, 000 unless otherwise stated. For the contrastive representation learning in Swift Thief (denoted by ST), we set the dimensions a and a as 512 and 2, 048 respectively as in the original Sim Siam [Chen and He, 2021]. For solving the inner-maximization problem in (4), we adopted FGSM [Goodfellow et al., 2015] with ϵ of 0.01. For the alternating optimization in ST, we set the number of outer iterations I to 10 and the number of epochs for each sub-problem to 40 while increasing the epochs for contrastive representation learning to 100 in the last outer iteration to ensure sufficient convergence. We set λ1 and λ2 in the loss of ST (5) to 1.0 and 0.01, resp. |