Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/101448
PIRA download icon_1.1View/Download Full Text
DC FieldValueLanguage
dc.contributorDepartment of Electrical and Electronic Engineeringen_US
dc.creatorXiao, Yen_US
dc.creatorYe, Qen_US
dc.creatorHu, Hen_US
dc.creatorZheng, Hen_US
dc.creatorFang, Cen_US
dc.creatorShi, Jen_US
dc.date.accessioned2023-09-18T02:26:31Z-
dc.date.available2023-09-18T02:26:31Z-
dc.identifier.isbn978-1-713871-08-8 (print)en_US
dc.identifier.urihttp://hdl.handle.net/10397/101448-
dc.description36th Conference on Neural Information Processing Systems (NeurIPS 2022), New Orleans, Louisiana, Nov 28-Dec 9 2022en_US
dc.language.isoenen_US
dc.publisherNeurIPSen_US
dc.rights© The Authorsen_US
dc.rightsPosted with permission of the author.en_US
dc.rightsThe following publication Xiao, Y., Ye, Q., Hu, H., Zheng, H., Fang, C., & Shi, J. (2022). MExMI: Pool-based Active Model Extraction Crossover Membership Inference. In S Koyejo, S Mohamed, A Agarwal, D Belgrave, K Cho & A Oh (Eds.), Advances in Neural Information Processing Systems 35, p. 1-14. NeurIPS, 2022 is available at https://papers.nips.cc/paper_files/paper/2022/hash/4241c27d3161c7a7064bfc1a6e539563-Abstract-Conference.html.en_US
dc.titleMExMI : pool-based active model extraction crossover membership inferenceen_US
dc.typeConference Paperen_US
dcterms.abstractWith increasing popularity of Machine Learning as a Service (MLaaS), ML models trained from public and proprietary data are deployed in the cloud and deliver prediction services to users. However, as the prediction API becomes a new attack surface, growing concerns have arisen on the confidentiality of ML models. Existing literatures show their vulnerability under model extraction (ME) attacks, while their private training data is vulnerable to another type of attacks, namely, membership inference (MI). In this paper, we show that ME and MI can reinforce each other through a chained and iterative reaction, which can significantly boost ME attack accuracy and improve MI by saving the query cost. As such, we build a framework MExMI for pool-based active model extraction (PAME) to exploit MI through three modules: “MI Pre-Filter”, “MI Post-Filter”, and “semi-supervised boosting”. Experimental results show that MExMI can improve up to 11.14% from the best known PAME attack and reach 94.07% fidelity with only 16k queries. Furthermore, the precision and recall of the MI attack in MExMI are on par with state-of-the-art MI attack which needs 150k queries.en_US
dcterms.accessRightsopen accessen_US
dcterms.bibliographicCitationAdvances in Neural Information Processing Systems 35 (NeurIPS 2022), p. 1-14en_US
dcterms.issued2022-
dc.identifier.ros2022006158-
dc.relation.ispartofbookAdvances in Neural Information Processing Systems 35 (NeurIPS 2022)en_US
dc.relation.conferenceConference on Neural Information Processing Systems [NeurIPS]en_US
dc.description.validate202309 bcwwen_US
dc.description.oaVersion of Recorden_US
dc.identifier.FolderNumberCDCF_2022-2023-
dc.description.fundingSourceRGCen_US
dc.description.fundingSourceOthersen_US
dc.description.fundingTextNational Natural Science Foundation of China (Grant No: 62072390, 62102334); Huawei research grant (TC20200831001)en_US
dc.description.pubStatusPublisheden_US
dc.description.oaCategoryCopyright retained by authoren_US
Appears in Collections:Conference Paper
Files in This Item:
File Description SizeFormat 
Xiao_MExMI_Pool-based_Active.pdf580.95 kBAdobe PDFView/Open
Open Access Information
Status open access
File Version Version of Record
Access
View full-text via PolyU eLinks SFX Query
Show simple item record

Page views

142
Last Week
11
Last month
Citations as of Nov 10, 2025

Downloads

40
Citations as of Nov 10, 2025

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.