Copycat CNN: Are random non-Lab ele d data enough to steal knowledge from black -box models?

Correia-Silva Jacson Rodrigues; Berriel Rodrigo F.; Badue Claudine; De Souza Alberto F.; Oliveira-Santos Thiago

首页> 外文期刊>Pattern Recognition: The Journal of the Pattern Recognition Society >Copycat CNN: Are random non-Lab ele d data enough to steal knowledge from black -box models?

【24h】

Copycat CNN: Are random non-Lab ele d data enough to steal knowledge from black -box models?

机译：CopyCat CNN：是随机的非实验室ELE D数据，足以从黑色 - 箱模型窃取知识？

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Convolutional neural networks have been successful lately enabling companies to develop neural-based products, which demand an expensive process, involving data acquisition and annotation; and model generation, usually requiring experts. With all these costs, companies are concerned about the security of their models against copies and deliver them as black-boxes accessed by APIs. Nonetheless, we argue that even black-box models still have some vulnerabilities. In a preliminary work, we presented a simple, yet powerful, method to copy black-box models by querying them with natural random images. In this work, we consolidate and extend the copycat method: (i) some constraints are waived; (ii) an extensive evaluation with several problems is performed; (iii) models are copied between different architectures; and, (iv) a deeper analysis is performed by looking at the copycat behavior. Results show that natural random images are effective to generate copycats for several problems. (c) 2021 Elsevier Ltd. All rights reserved.

机译：卷积神经网络最近取得了成功，使公司能够开发基于神经的产品，这需要昂贵的过程，包括数据采集和注释；以及模型生成，通常需要专家。考虑到所有这些成本，公司担心其模型的副本安全性，并将其作为API访问的黑盒交付。尽管如此，我们认为即使是黑盒模型也存在一些漏洞。在前期工作中，我们提出了一种简单但功能强大的方法，通过查询自然随机图像来复制黑盒模型。在这项工作中，我们巩固和扩展了模仿方法：（i）放弃了一些限制；（ii）对几个问题进行了广泛的评估；（iii）在不同的架构之间复制模型；（iv）通过观察模仿行为进行更深入的分析。结果表明，自然随机图像可以有效地生成多个问题的模仿者。（c）2021爱思唯尔有限公司保留所有权利。

著录项

来源
《Pattern Recognition: The Journal of the Pattern Recognition Society》 |2021年第1期|共12页
作者
Correia-Silva Jacson Rodrigues; Berriel Rodrigo F.; Badue Claudine; De Souza Alberto F.; Oliveira-Santos Thiago;
展开▼
作者单位

Univ Fed Espirito Santo UFES Vitoria ES Brazil;

Univ Fed Espirito Santo UFES Vitoria ES Brazil;

Univ Fed Espirito Santo UFES Vitoria ES Brazil;

Univ Fed Espirito Santo UFES Vitoria ES Brazil;

Univ Fed Espirito Santo UFES Vitoria ES Brazil;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类计算技术、计算机技术;
关键词
Deep learning; Convolutional neural network; Neural network attack; Stealing network knowledge; Knowledge distillation;

机译：深度学习;卷积神经网络;神经网络攻击;窃取网络知识;知识蒸馏;

相似文献

外文文献
中文文献
专利

1. Analysis of Data on Xanthan Fermentation in Stationary Phase Using Black Box and Metabolic Network Models [J] . 马红武, 赵学明, 唐寅杰中国化学工程学报：英文版 . 1999,第004期
2. Black Box Modeling Method and Its Application in Refractories Techniques [J] . WANG Jiezeng, YUAN Lin, YE Yahong, 中国耐火材料：英文版 . 2012,第004期
3. Black Box Modeling Method and Its Application in Refractories Techniques [J] . WANG Jiezeng, YUAN Lin, YE Yahong, 中国耐火材料（英文版） . 2012,第004期
4. Optimal Model of Continuous Knowledge Transfer in the Big Data Environment [J] . Chuanrong Wu, Evgeniya Zapevalova, Yingwu Chen, 工程与科学中的计算机建模(英文) . 2018,第007期
5. Box Office Buzz: Does Social Media Data Steal the Show from Model Uncertainty When Forecasting for Hollywood? [J] . Lehrer Steven, Xie Tian Review of Economics and Statistics . 2017,第5期

机译：票房嗡嗡声：预测好莱坞时，社交媒体数据是否会从模型不确定性中窃取节目？
6. Black-box modeling of residential HVAC system and comparison of gray-box and black-box modeling methods [J] . Afram Abdul, Janabi-Sharifi Farrokh Energy and Buildings . 2015,第may期

机译：住宅HVAC系统的黑匣子建模以及灰匣子和黑匣子建模方法的比较
7. A black-box model for generation of site-specific WWTP influent quality data based on plant routine data [J] . Ahnert Markus, Marx Conrad, Krebs Peter, Water Science and Technology . 2016,第12期

机译：一个基于工厂常规数据生成特定地点污水处理厂进水质量数据的黑匣子模型
8. Copycat CNN: Stealing Knowledge by Persuading Confession with Random Non-Labeled Data [C] . Jacson Rodrigues Correia-Silva, Rodrigo F. Berriel, Claudine Badue, International Joint Conference on Neural Networks . 2018

机译：模仿者CNN：通过说服供认与随机非标签数据来窃取知识
9. Into the Black Box: Using Data Mining of In-Game Actions to Draw Inferences from Educational Technology about Students' Math Knowledge. [D] . Kerr, Deirdre Song. 2014

机译：进入黑匣子：使用游戏中动作的数据挖掘来从教育技术中得出有关学生数学知识的推论。
10. Session 6: Do Black-Box Models of Thermoregulation Still Have Research Value?: Discussion Arising from Session on Black-Box Models [O] . 1986

机译：第六场：温度调节的黑匣子模型仍然具有研究价值吗？：关于黑匣子模型的讨论引起的讨论
11. Copycat CNN: Stealing Knowledge by Persuading Confession with Random Non-Labeled Data [O] . Jacson Rodrigues Correia-Silva, Rodrigo F. Berriel, Claudine Badue, 2018

机译：CopyCat CNN：通过用随机非标记数据说服忏悔来窃取知识
12. Opening the Analytical Black Box: Insights into Interferences, Corrections, and Data Quality. [R] . Bednar, A. J., Sirkis, D. M., Harris, W. E., 2012

机译：打开分析黑盒：深入了解干扰，更正和数据质量。

Copycat CNN: Are random non-Lab ele d data enough to steal knowledge from black -box models?

摘要

著录项

相似文献

相关主题

期刊订阅