CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 11766 > Article
Paper
13 March 2021 An extraction attack on image recognition model using VAE-kdtree model
Tianqi Wen, Haibo Hu, Huadi Zheng
Author Affiliations +
Proceedings Volume 11766, International Workshop on Advanced Imaging Technology (IWAIT) 2021; 117660N (2021) https://doi.org/10.1117/12.2590844
Event: International Workshop on Advanced Imaging Technology 2021 (IWAIT 2021), 2021, Online Only
Abstract
This paper proposes a black box extraction attack model on pre-trained image classifiers to rebuild a functionally equivalent model with high similarity. Common model extraction attacks use a large number of training samples to feed the target classifier which is time-consuming with redundancy. The attack results have a high dependency on the selected training samples and the target model. The extracted model may only get part of crucial features because of inappropriate sample selection. To eliminate these uncertainties, we proposed the VAE-kdtree attack model which eliminates the high dependency between selected training samples and the target model. It can not only save redundant computation, but also extract critical boundaries more accurately in image classification. This VAE-kdtree model has shown to achieve around 90% similarity on MNIST and around 80% similarity on MNIST-Fashion with a target Convolutional Network Model and a target Support Vector Machine Model. The performance of this VAE-kdtree model could be further improved by adopting higher dimension space of the kdtree.
© (2021) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Tianqi Wen, Haibo Hu, and Huadi Zheng "An extraction attack on image recognition model using VAE-kdtree model", Proc. SPIE 11766, International Workshop on Advanced Imaging Technology (IWAIT) 2021, 117660N (13 March 2021); https://doi.org/10.1117/12.2590844
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 4 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top