Loading [MathJax]/extensions/MathZoom.js
STDatav2: Accessing Efficient Black-Box Stealing for Adversarial Attacks | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Pattern ... >Volume: 47 Issue: 4

STDatav2: Accessing Efficient Black-Box Stealing for Adversarial Attacks

PDF
 << Results  
Xuxiang Sun; Gong Cheng; Hongda Li; Chunbo Lang; Junwei Han
All Authors

Abstract:

On account of the extreme settings, stealing the black-box model without its training data is difficult in practice. On this topic, along the lines of data diversity, thi...Show More

Metadata

Abstract:

On account of the extreme settings, stealing the black-box model without its training data is difficult in practice. On this topic, along the lines of data diversity, this paper substantially makes the following improvements based on our conference version (dubbed STDatav1, short for Surrogate Training Data). First, to mitigate the undesirable impacts of the potential mode collapse while training the generator, we propose the joint-data optimization scheme, which utilizes both the synthesized data and the proxy data to optimize the surrogate model. Second, we propose the self-conditional data synthesis framework, an interesting effort that builds the pseudo-class mapping framework via grouping class information extraction to hold the class-specific constraints while holding the diversity. Within this new framework, we inherit and integrate the class-specific constraints of STDatav1 and design a dual cross-entropy loss to fit this new framework. Finally, to facilitate comprehensive evaluations, we perform experiments on four commonly adopted datasets, and a total of eight kinds of models are employed. These assessments witness the considerable performance gains compared to our early work and demonstrate the competitive ability and promising potential of our approach.
Published in: IEEE Transactions on Pattern Analysis and Machine Intelligence ( Volume: 47, Issue: 4, April 2025)
Page(s): 2429 - 2445
Date of Publication: 18 December 2024

ISSN Information:

PubMed ID: 40030722
DOI: 10.1109/TPAMI.2024.3519803

Funding Agency:

Contents

I. Introduction

Benefiting from the large-scale labeled data, revolutionary breakthroughs have been achieved by Deep Neural Networks (DNNs) in various computer vision tasks [1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11]. These advanced researches have injected vitality into the study of pattern recognition technology, and set off a research upsurge that last for more than ten years. However, there also exists a non-negligible safety concern in DNNs, i.e., the adversarial vulnerability of DNNs-based methods [12], [13], which means that adding human-imperceptible perturbations to clean images can mislead the excellent trained models to a large extent. Given this great security concern, more attention across different fields has been paid to the community of adversarial learning to disclose the principle behind this issue [14], [15], [16], [17], [18], [19], [20], [21], [22], where one of the important topics is to study how to attack the DNN-based models.

  Back to Results  
Contact IEEE to Subscribe
More Like This
Generalizing AUC Optimization to Multiclass Classification for Audio Segmentation With Limited Training Data

IEEE Signal Processing Letters

Published: 2021

Optimization System of University Public Sports Training Data Management Based on Intelligent Optimization Algorithm

2022 International Symposium on Advances in Informatics, Electronics and Education (ISAIEE)

Published: 2022

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.