Open AccessModel Extraction Attack and Defense on Deep Generative Models
Author(s) -
Liu S
Publication year - 2022
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/2189/1/012024
Subject(s) - adversary , computer science , discriminative model , generative grammar , attack model , generative model , fidelity , artificial intelligence , machine learning , computer security , telecommunications
The security issues of machine learning have aroused much attention and model extraction attack is one of them. The definition of model extraction attack is that an adversary can collect data through query access to a victim model and train a substitute model with it in order to steal the functionality of the target model. At present, most of the related work has focused on the research of model extraction attack against discriminative models while this paper pays attention to deep generative models. First, considering the difference of an adversary` goals, the attacks are taxonomized into two different types: accuracy extraction attack and fidelity extraction attack and the effect is evaluated by 1-NN accuracy. Attacks among three main types of deep generative models and the influence of the number of queries are also researched. Finally, this paper studies different defensive techniques to safeguard the models according to their architectures.