I know what you trained last summer: A survey on stealing machine learning models and defences
Machine-Learning-as-a-Service (MLaaS) has become a widespread paradigm, making
even the most complex Machine Learning models available for clients via, eg, a pay-per …
even the most complex Machine Learning models available for clients via, eg, a pay-per …
A survey on privacy inference attacks and defenses in cloud-based deep neural network
Abstract Deep Neural Network (DNN), one of the most powerful machine learning
algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and …
algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and …
APMSA: Adversarial perturbation against model stealing attacks
Training a Deep Learning (DL) model requires proprietary data and computing-intensive
resources. To recoup their training costs, a model provider can monetize DL models through …
resources. To recoup their training costs, a model provider can monetize DL models through …
Sok: How robust is image classification deep neural network watermarking?
Deep Neural Network (DNN) watermarking is a method for provenance verification of DNN
models. Watermarking should be robust against watermark removal attacks that derive a …
models. Watermarking should be robust against watermark removal attacks that derive a …
WAFFLE: Watermarking in federated learning
Federated learning is a distributed learning technique where machine learning models are
trained on client devices in which the local training data resides. The training is coordinated …
trained on client devices in which the local training data resides. The training is coordinated …
Defending against data-free model extraction by distributionally robust defensive training
Abstract Data-Free Model Extraction (DFME) aims to clone a black-box model without
knowing its original training data distribution, making it much easier for attackers to steal …
knowing its original training data distribution, making it much easier for attackers to steal …
Model extraction from counterfactual explanations
Post-hoc explanation techniques refer to a posteriori methods that can be used to explain
how black-box machine learning models produce their outcomes. Among post-hoc …
how black-box machine learning models produce their outcomes. Among post-hoc …
Neural network laundering: Removing black-box backdoor watermarks from deep neural networks
Creating a state-of-the-art deep-learning system requires vast amounts of data, expertise,
and hardware, yet research into copyright protection for neural networks has been limited …
and hardware, yet research into copyright protection for neural networks has been limited …
SEAT: Similarity encoder by adversarial training for detecting model extraction attack queries
Given black-box access to the prediction API, model extraction attacks can steal the
functionality of models deployed in the cloud. In this paper, we introduce the SEAT detector …
functionality of models deployed in the cloud. In this paper, we introduce the SEAT detector …
{SOTER}: Guarding Black-box Inference for General Neural Networks at the Edge
The prosperity of AI and edge computing has pushed more and more well-trained DNN
models to be deployed on third-party edge devices to compose mission-critical applications …
models to be deployed on third-party edge devices to compose mission-critical applications …