Explanation-based data-free model extraction attacks
Deep learning (DL) has dramatically pushed the previous limits of various tasks, ranging from computer vision to natural language processing. Despite its success, the lack of model explanations thwarts the usage of these techniques in life-critical domains, e.g., medical diagnosis and self-driving s...
Gespeichert in:
| Veröffentlicht in: | World wide web (Bussum) 2023-09, Vol.26 (5), p.3081-3092 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 3092 |
|---|---|
| container_issue | 5 |
| container_start_page | 3081 |
| container_title | World wide web (Bussum) |
| container_volume | 26 |
| creator | Yan, Anli Hou, Ruitao Yan, Hongyang Liu, Xiaozhang |
| description | Deep learning (DL) has dramatically pushed the previous limits of various tasks, ranging from computer vision to natural language processing. Despite its success, the lack of model explanations thwarts the usage of these techniques in life-critical domains, e.g., medical diagnosis and self-driving systems. To date, the core technology to solve the explainable issue is explainable artificial intelligence (XAI). XAI methods have been developed to produce human-understandable explanations by leveraging intermediate results of the DL models, e.g., gradients and model parameters. While the effectiveness of XAI methods has been demonstrated in benign environments, their privacy against model extraction attacks (i.e., attacks at the model confidentially) requires to be studied. To this end, this paper proposes DMEAE, a
d
ata-free
m
odel
e
xtraction
a
ttack using
e
xplanation-guided, to explore XAI privacy threats. Compared with previous works, DMEAE does not require collecting any data and utilizes model explanation loss. Specifically, DMEAE creates synthetic data using a generative model with model explanation loss items. Extensive evaluations verify the effectiveness and efficiency of the proposed attack strategy on SVHN and CIFAR-10 datasets. We hope that our research can provide insights for the development of practical tools to trade off the relationship between privacy and model explanations. |
| doi_str_mv | 10.1007/s11280-023-01150-6 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2875642294</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2875642294</sourcerecordid><originalsourceid>FETCH-LOGICAL-c319t-d0dbcf436a3a1b919f7a99df990723235f76dcc98da0475f9a3364d68b2fbea33</originalsourceid><addsrcrecordid>eNp9kE1LAzEQhoMoWKt_wNOC5-jkY5PNUUq1QsGLgrcwu0mktd2tSQr135u6gjdP8w487ww8hFwzuGUA-i4xxhugwAUFxmqg6oRMWK0FZZKJ05JFo0qu387JRUprAFDCsAmR88Nugz3m1dDTFpN3lcOMNETvq-3g_KbyhxyxOwIV5ozdR7okZwE3yV_9zil5fZi_zBZ0-fz4NLtf0k4wk6kD13ZBCoUCWWuYCRqNccEY0FxwUQetXNeZxiFIXQeDQijpVNPy0PqyTMnNeHcXh8-9T9muh33sy0vLG10rybmRheIj1cUhpeiD3cXVFuOXZWCPduxoxxY79seOVaUkxlIqcP_u49_pf1rfZgVnEg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2875642294</pqid></control><display><type>article</type><title>Explanation-based data-free model extraction attacks</title><source>SpringerLink Journals</source><creator>Yan, Anli ; Hou, Ruitao ; Yan, Hongyang ; Liu, Xiaozhang</creator><creatorcontrib>Yan, Anli ; Hou, Ruitao ; Yan, Hongyang ; Liu, Xiaozhang</creatorcontrib><description>Deep learning (DL) has dramatically pushed the previous limits of various tasks, ranging from computer vision to natural language processing. Despite its success, the lack of model explanations thwarts the usage of these techniques in life-critical domains, e.g., medical diagnosis and self-driving systems. To date, the core technology to solve the explainable issue is explainable artificial intelligence (XAI). XAI methods have been developed to produce human-understandable explanations by leveraging intermediate results of the DL models, e.g., gradients and model parameters. While the effectiveness of XAI methods has been demonstrated in benign environments, their privacy against model extraction attacks (i.e., attacks at the model confidentially) requires to be studied. To this end, this paper proposes DMEAE, a
d
ata-free
m
odel
e
xtraction
a
ttack using
e
xplanation-guided, to explore XAI privacy threats. Compared with previous works, DMEAE does not require collecting any data and utilizes model explanation loss. Specifically, DMEAE creates synthetic data using a generative model with model explanation loss items. Extensive evaluations verify the effectiveness and efficiency of the proposed attack strategy on SVHN and CIFAR-10 datasets. We hope that our research can provide insights for the development of practical tools to trade off the relationship between privacy and model explanations.</description><identifier>ISSN: 1386-145X</identifier><identifier>EISSN: 1573-1413</identifier><identifier>DOI: 10.1007/s11280-023-01150-6</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Computer Science ; Computer vision ; Database Management ; Effectiveness ; Explainable artificial intelligence ; Information Systems Applications (incl.Internet) ; Natural language processing ; Operating Systems ; Privacy ; Special Issue on Privacy and Security in Machine Learning ; Synthetic data</subject><ispartof>World wide web (Bussum), 2023-09, Vol.26 (5), p.3081-3092</ispartof><rights>The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c319t-d0dbcf436a3a1b919f7a99df990723235f76dcc98da0475f9a3364d68b2fbea33</citedby><cites>FETCH-LOGICAL-c319t-d0dbcf436a3a1b919f7a99df990723235f76dcc98da0475f9a3364d68b2fbea33</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11280-023-01150-6$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s11280-023-01150-6$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,41488,42557,51319</link.rule.ids></links><search><creatorcontrib>Yan, Anli</creatorcontrib><creatorcontrib>Hou, Ruitao</creatorcontrib><creatorcontrib>Yan, Hongyang</creatorcontrib><creatorcontrib>Liu, Xiaozhang</creatorcontrib><title>Explanation-based data-free model extraction attacks</title><title>World wide web (Bussum)</title><addtitle>World Wide Web</addtitle><description>Deep learning (DL) has dramatically pushed the previous limits of various tasks, ranging from computer vision to natural language processing. Despite its success, the lack of model explanations thwarts the usage of these techniques in life-critical domains, e.g., medical diagnosis and self-driving systems. To date, the core technology to solve the explainable issue is explainable artificial intelligence (XAI). XAI methods have been developed to produce human-understandable explanations by leveraging intermediate results of the DL models, e.g., gradients and model parameters. While the effectiveness of XAI methods has been demonstrated in benign environments, their privacy against model extraction attacks (i.e., attacks at the model confidentially) requires to be studied. To this end, this paper proposes DMEAE, a
d
ata-free
m
odel
e
xtraction
a
ttack using
e
xplanation-guided, to explore XAI privacy threats. Compared with previous works, DMEAE does not require collecting any data and utilizes model explanation loss. Specifically, DMEAE creates synthetic data using a generative model with model explanation loss items. Extensive evaluations verify the effectiveness and efficiency of the proposed attack strategy on SVHN and CIFAR-10 datasets. We hope that our research can provide insights for the development of practical tools to trade off the relationship between privacy and model explanations.</description><subject>Computer Science</subject><subject>Computer vision</subject><subject>Database Management</subject><subject>Effectiveness</subject><subject>Explainable artificial intelligence</subject><subject>Information Systems Applications (incl.Internet)</subject><subject>Natural language processing</subject><subject>Operating Systems</subject><subject>Privacy</subject><subject>Special Issue on Privacy and Security in Machine Learning</subject><subject>Synthetic data</subject><issn>1386-145X</issn><issn>1573-1413</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp9kE1LAzEQhoMoWKt_wNOC5-jkY5PNUUq1QsGLgrcwu0mktd2tSQr135u6gjdP8w487ww8hFwzuGUA-i4xxhugwAUFxmqg6oRMWK0FZZKJ05JFo0qu387JRUprAFDCsAmR88Nugz3m1dDTFpN3lcOMNETvq-3g_KbyhxyxOwIV5ozdR7okZwE3yV_9zil5fZi_zBZ0-fz4NLtf0k4wk6kD13ZBCoUCWWuYCRqNccEY0FxwUQetXNeZxiFIXQeDQijpVNPy0PqyTMnNeHcXh8-9T9muh33sy0vLG10rybmRheIj1cUhpeiD3cXVFuOXZWCPduxoxxY79seOVaUkxlIqcP_u49_pf1rfZgVnEg</recordid><startdate>20230901</startdate><enddate>20230901</enddate><creator>Yan, Anli</creator><creator>Hou, Ruitao</creator><creator>Yan, Hongyang</creator><creator>Liu, Xiaozhang</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7SC</scope><scope>7XB</scope><scope>8AL</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0N</scope><scope>P5Z</scope><scope>P62</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20230901</creationdate><title>Explanation-based data-free model extraction attacks</title><author>Yan, Anli ; Hou, Ruitao ; Yan, Hongyang ; Liu, Xiaozhang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c319t-d0dbcf436a3a1b919f7a99df990723235f76dcc98da0475f9a3364d68b2fbea33</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science</topic><topic>Computer vision</topic><topic>Database Management</topic><topic>Effectiveness</topic><topic>Explainable artificial intelligence</topic><topic>Information Systems Applications (incl.Internet)</topic><topic>Natural language processing</topic><topic>Operating Systems</topic><topic>Privacy</topic><topic>Special Issue on Privacy and Security in Machine Learning</topic><topic>Synthetic data</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Yan, Anli</creatorcontrib><creatorcontrib>Hou, Ruitao</creatorcontrib><creatorcontrib>Yan, Hongyang</creatorcontrib><creatorcontrib>Liu, Xiaozhang</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Computing Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>World wide web (Bussum)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Yan, Anli</au><au>Hou, Ruitao</au><au>Yan, Hongyang</au><au>Liu, Xiaozhang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Explanation-based data-free model extraction attacks</atitle><jtitle>World wide web (Bussum)</jtitle><stitle>World Wide Web</stitle><date>2023-09-01</date><risdate>2023</risdate><volume>26</volume><issue>5</issue><spage>3081</spage><epage>3092</epage><pages>3081-3092</pages><issn>1386-145X</issn><eissn>1573-1413</eissn><abstract>Deep learning (DL) has dramatically pushed the previous limits of various tasks, ranging from computer vision to natural language processing. Despite its success, the lack of model explanations thwarts the usage of these techniques in life-critical domains, e.g., medical diagnosis and self-driving systems. To date, the core technology to solve the explainable issue is explainable artificial intelligence (XAI). XAI methods have been developed to produce human-understandable explanations by leveraging intermediate results of the DL models, e.g., gradients and model parameters. While the effectiveness of XAI methods has been demonstrated in benign environments, their privacy against model extraction attacks (i.e., attacks at the model confidentially) requires to be studied. To this end, this paper proposes DMEAE, a
d
ata-free
m
odel
e
xtraction
a
ttack using
e
xplanation-guided, to explore XAI privacy threats. Compared with previous works, DMEAE does not require collecting any data and utilizes model explanation loss. Specifically, DMEAE creates synthetic data using a generative model with model explanation loss items. Extensive evaluations verify the effectiveness and efficiency of the proposed attack strategy on SVHN and CIFAR-10 datasets. We hope that our research can provide insights for the development of practical tools to trade off the relationship between privacy and model explanations.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s11280-023-01150-6</doi><tpages>12</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1386-145X |
| ispartof | World wide web (Bussum), 2023-09, Vol.26 (5), p.3081-3092 |
| issn | 1386-145X 1573-1413 |
| language | eng |
| recordid | cdi_proquest_journals_2875642294 |
| source | SpringerLink Journals |
| subjects | Computer Science Computer vision Database Management Effectiveness Explainable artificial intelligence Information Systems Applications (incl.Internet) Natural language processing Operating Systems Privacy Special Issue on Privacy and Security in Machine Learning Synthetic data |
| title | Explanation-based data-free model extraction attacks |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T12%3A19%3A44IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Explanation-based%20data-free%20model%20extraction%20attacks&rft.jtitle=World%20wide%20web%20(Bussum)&rft.au=Yan,%20Anli&rft.date=2023-09-01&rft.volume=26&rft.issue=5&rft.spage=3081&rft.epage=3092&rft.pages=3081-3092&rft.issn=1386-145X&rft.eissn=1573-1413&rft_id=info:doi/10.1007/s11280-023-01150-6&rft_dat=%3Cproquest_cross%3E2875642294%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2875642294&rft_id=info:pmid/&rfr_iscdi=true |