- 1后端开发者的华丽转身:如何成功转行大模型算法岗
- 2Eureka的配置和使用_eruka
- 3MySQL锁篇_mysql中的锁
- 4微服务架构整合Sa-Token实现网关鉴权及鉴权服务_sareactorfilter
- 5鸿蒙——获取系统相册 并进行图片上传_camerapicker.pick
- 6三 Python 注释与运算符_单行注释以 开头,多行注释以‘’‘(三个单引号)开头和结尾
- 7电动汽车和混动汽车DC-DC转换器的创新设计与测试方法
- 8Elasticsearch:如何使用 Elasticsearch 和 Python 构建面部识别系统_elasticsearch 可以搜索人脸特征
- 9读透《阿里巴巴数据中台实践》_阿里巴巴 数据中台实践
- 10Tomcat9 配置SSL证书(.pfx)支持HTTPS_tomcat9.0 ssl 只启用tls1.2 配置
【论文阅读】Knockoff Nets: Stealing Functionality of Black-Box Models(2019)
赞
踩
摘要
Machine Learning (ML) models(机器学习模型) are increasingly(越来越多) deployed(部署) in the wild to perform(执行) a wide range of tasks(广泛的任务).
In this work, we ask to what extent(多大程度) can an adversary(对手) steal functionality(窃取功能) of such "victim’’ models based solely(仅基于) on blackbox interactions(黑箱交互): image in(图像输入), predictions out(预测输出).
In contrast to prior work(与之前的工作相反), we study complex victim blackbox models(复杂的受害者黑箱模型), and an adversary lacking knowledge of train/test data used by the model(缺乏模型使用的训练/测试数据), its internals(其内部), and semantics(语义) over model outputs(模型输出).
We formulate(表述) model functionality stealing(模型功能窃取) as a two-step approach(两步方法): (i) querying(查询) a set of(一组) input images(输入图像) to the blackbox model(黑盒模型) to obtain predictions(获得预测); and (ii) training a "knockoff’’ with queried image-prediction pairs(查询图像预测对).
We make multiple remarkable observations(多个显著的观察): (a) querying random images(查询随机图像) from a different distribution(从不同的分布中) than that of the blackbox training data(黑箱训练数
