Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/106879
PIRA download icon_1.1View/Download Full Text
Title: An extraction attack on image recognition model using VAE-kdtree model
Authors: Wen, T 
Hu, H 
Zheng, H 
Issue Date: 2021
Source: Proceedings of SPIE : the International Society for Optical Engineering, 2021, v. 11766, 117660N
Abstract: This paper proposes a black box extraction attack model on pre-trained image classifiers to rebuild a functionally equivalent model with high similarity. Common model extraction attacks use a large number of training samples to feed the target classifier which is time-consuming with redundancy. The attack results have a high dependency on the selected training samples and the target model. The extracted model may only get part of crucial features because of inappropriate sample selection. To eliminate these uncertainties, we proposed the VAE-kdtree attack model which eliminates the high dependency between selected training samples and the target model. It can not only save redundant computation, but also extract critical boundaries more accurately in image classification. This VAE-kdtree model has shown to achieve around 90% similarity on MNIST and around 80% similarity on MNIST-Fashion with a target Convolutional Network Model and a target Support Vector Machine Model. The performance of this VAE-kdtree model could be further improved by adopting higher dimension space of the kdtree.
Publisher: SPIE - International Society for Optical Engineering
Journal: Proceedings of SPIE : the International Society for Optical Engineering 
ISBN: 978-1-5106-4364-2
978-1-5106-4365-9 (electronic)
ISSN: 0277-786X
EISSN: 1996-756X
DOI: 10.1117/12.2590844
Description: International Workshop on Advanced Imaging Technology 2021 (IWAIT 2021), 2021, Online Only
Rights: © (2021) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). One print or electronic copy may be made for personal use only. Systematic reproduction and distribution, duplication of any material in this publication for a fee or for commercial purposes, and modification of the contents of the publication are prohibited.
The following publication Tianqi Wen, Haibo Hu, and Huadi Zheng "An extraction attack on image recognition model using VAE-kdtree model", Proc. SPIE 11766, International Workshop on Advanced Imaging Technology (IWAIT) 2021, 117660N (13 March 2021) is available at https://doi.org/10.1117/12.2590844.
Appears in Collections:Conference Paper

Files in This Item:
File Description SizeFormat 
Hu_Extraction_Attack_Image.pdfPre-Published version373.72 kBAdobe PDFView/Open
Open Access Information
Status open access
File Version Final Accepted Manuscript
Access
View full-text via PolyU eLinks SFX Query
Show full item record

Page views

82
Last Week
3
Last month
Citations as of Nov 9, 2025

Downloads

31
Citations as of Nov 9, 2025

SCOPUSTM   
Citations

1
Citations as of Dec 19, 2025

Google ScholarTM

Check

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.