Copycat CNN: Are random non-Labeled data enough to steal knowledge from black-box models?. (May 2021)
- Record Type:
- Journal Article
- Title:
- Copycat CNN: Are random non-Labeled data enough to steal knowledge from black-box models?. (May 2021)
- Main Title:
- Copycat CNN: Are random non-Labeled data enough to steal knowledge from black-box models?
- Authors:
- Correia-Silva, Jacson Rodrigues
Berriel, Rodrigo F.
Badue, Claudine
De Souza, Alberto F.
Oliveira-Santos, Thiago - Abstract:
- Highlights: Simple, yet powerful, method to copy a black-box CNN model with random natural images. Some constraints are waived and copy attacks are performed with less information. Understanding copy attacks with random natural images. Throughout evaluation of copycat models created with random natural images. Abstract: Convolutional neural networks have been successful lately enabling companies to develop neural-based products, which demand an expensive process, involving data acquisition and annotation; and model generation, usually requiring experts. With all these costs, companies are concerned about the security of their models against copies and deliver them as black-boxes accessed by APIs. Nonetheless, we argue that even black-box models still have some vulnerabilities. In a preliminary work, we presented a simple, yet powerful, method to copy black-box models by querying them with natural random images. In this work, we consolidate and extend the copycat method: (i) some constraints are waived; (ii) an extensive evaluation with several problems is performed; (iii) models are copied between different architectures; and, (iv) a deeper analysis is performed by looking at the copycat behavior. Results show that natural random images are effective to generate copycats for several problems.
- Is Part Of:
- Pattern recognition. Volume 113(2021)
- Journal:
- Pattern recognition
- Issue:
- Volume 113(2021)
- Issue Display:
- Volume 113, Issue 2021 (2021)
- Year:
- 2021
- Volume:
- 113
- Issue:
- 2021
- Issue Sort Value:
- 2021-0113-2021-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-05
- Subjects:
- Deep learning -- Convolutional neural network -- Neural network attack -- Stealing network knowledge -- Knowledge distillation
Pattern perception -- Periodicals
Perception des structures -- Périodiques
Patroonherkenning
006.4 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00313203 ↗
http://www.sciencedirect.com/ ↗ - DOI:
- 10.1016/j.patcog.2021.107830 ↗
- Languages:
- English
- ISSNs:
- 0031-3203
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 15786.xml