An extraction attack on image recognition model using VAE-kdtree model

Tianqi Wen, Haibo Hu, Huadi Zheng

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

This paper proposes a black box extraction attack model on pre-trained image classifiers to rebuild a functionally equivalent model with high similarity. Common model extraction attacks use a large number of training samples to feed the target classifier which is time-consuming with redundancy. The attack results have a high dependency on the selected training samples and the target model. The extracted model may only get part of crucial features because of inappropriate sample selection. To eliminate these uncertainties, we proposed the VAE-kdtree attack model which eliminates the high dependency between selected training samples and the target model. It can not only save redundant computation, but also extract critical boundaries more accurately in image classification. This VAE-kdtree model has shown to achieve around 90% similarity on MNIST and around 80% similarity on MNIST-Fashion with a target Convolutional Network Model and a target Support Vector Machine Model. The performance of this VAE-kdtree model could be further improved by adopting higher dimension space of the kdtree.

Original languageEnglish
Title of host publicationInternational Workshop on Advanced Imaging Technology, IWAIT 2021
EditorsMasayuki Nakajima, Jae-Gon Kim, Wen-Nung Lie, Qian Kemao
PublisherSPIE
ISBN (Electronic)9781510643642
DOIs
Publication statusPublished - Mar 2021
Event2021 International Workshop on Advanced Imaging Technology, IWAIT 2021 - Kagoshima, Virtual, Japan
Duration: 5 Jan 20216 Jan 2021

Publication series

NameProceedings of SPIE - The International Society for Optical Engineering
Volume11766
ISSN (Print)0277-786X
ISSN (Electronic)1996-756X

Conference

Conference2021 International Workshop on Advanced Imaging Technology, IWAIT 2021
Country/TerritoryJapan
CityKagoshima, Virtual
Period5/01/216/01/21

ASJC Scopus subject areas

  • Electronic, Optical and Magnetic Materials
  • Condensed Matter Physics
  • Computer Science Applications
  • Applied Mathematics
  • Electrical and Electronic Engineering

Cite this