Abstract
As deep neural networks constantly improve and provide state-of-the-art solutions to various problems, deployment of these models becomes more common, and so does the importance of protecting these models against malicious attacks attempting to replicate these models. In this paper, we present a novel zero-knowledge method for attacking and stealing knowledge from deep neural networks. Our method utilizes unlabeled data and the predictions of the mentor model we would like to steal. The presented method targets the most protected models which reveal only the minimal amount of information, i.e., the predicted label. We assume no access to any internal information about the model, and no access to the training data. The presented method improves the SOTA performance of attacking protected neural network models. The results show that all classification neural networks are vulnerable to the presented attack method, and any attacker can effectively replicate these models without having access to their architecture, parameters, training data, or softmax outputs.
Original language | English |
---|---|
Title of host publication | IJCNN 2023 - International Joint Conference on Neural Networks, Proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
ISBN (Electronic) | 9781665488679 |
DOIs | |
State | Published - 2023 |
Event | 2023 International Joint Conference on Neural Networks, IJCNN 2023 - Gold Coast, Australia Duration: 18 Jun 2023 → 23 Jun 2023 |
Publication series
Name | Proceedings of the International Joint Conference on Neural Networks |
---|---|
Volume | 2023-June |
Conference
Conference | 2023 International Joint Conference on Neural Networks, IJCNN 2023 |
---|---|
Country/Territory | Australia |
City | Gold Coast |
Period | 18/06/23 → 23/06/23 |
Bibliographical note
Publisher Copyright:© 2023 IEEE.