Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/106879
PIRA download icon_1.1View/Download Full Text
DC FieldValueLanguage
dc.contributorDepartment of Electrical and Electronic Engineering-
dc.creatorWen, Ten_US
dc.creatorHu, Hen_US
dc.creatorZheng, Hen_US
dc.date.accessioned2024-06-07T00:58:35Z-
dc.date.available2024-06-07T00:58:35Z-
dc.identifier.isbn978-1-5106-4364-2en_US
dc.identifier.isbn978-1-5106-4365-9 (electronic)en_US
dc.identifier.issn0277-786Xen_US
dc.identifier.urihttp://hdl.handle.net/10397/106879-
dc.descriptionInternational Workshop on Advanced Imaging Technology 2021 (IWAIT 2021), 2021, Online Onlyen_US
dc.language.isoenen_US
dc.publisherSPIE - International Society for Optical Engineeringen_US
dc.rights© (2021) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). One print or electronic copy may be made for personal use only. Systematic reproduction and distribution, duplication of any material in this publication for a fee or for commercial purposes, and modification of the contents of the publication are prohibited.en_US
dc.rightsThe following publication Tianqi Wen, Haibo Hu, and Huadi Zheng "An extraction attack on image recognition model using VAE-kdtree model", Proc. SPIE 11766, International Workshop on Advanced Imaging Technology (IWAIT) 2021, 117660N (13 March 2021) is available at https://doi.org/10.1117/12.2590844.en_US
dc.titleAn extraction attack on image recognition model using VAE-kdtree modelen_US
dc.typeConference Paperen_US
dc.identifier.volume11766en_US
dc.identifier.doi10.1117/12.2590844en_US
dcterms.abstractThis paper proposes a black box extraction attack model on pre-trained image classifiers to rebuild a functionally equivalent model with high similarity. Common model extraction attacks use a large number of training samples to feed the target classifier which is time-consuming with redundancy. The attack results have a high dependency on the selected training samples and the target model. The extracted model may only get part of crucial features because of inappropriate sample selection. To eliminate these uncertainties, we proposed the VAE-kdtree attack model which eliminates the high dependency between selected training samples and the target model. It can not only save redundant computation, but also extract critical boundaries more accurately in image classification. This VAE-kdtree model has shown to achieve around 90% similarity on MNIST and around 80% similarity on MNIST-Fashion with a target Convolutional Network Model and a target Support Vector Machine Model. The performance of this VAE-kdtree model could be further improved by adopting higher dimension space of the kdtree.-
dcterms.accessRightsopen accessen_US
dcterms.bibliographicCitationProceedings of SPIE : the International Society for Optical Engineering, 2021, v. 11766, 117660Nen_US
dcterms.isPartOfProceedings of SPIE : the International Society for Optical Engineeringen_US
dcterms.issued2021-
dc.identifier.scopus2-s2.0-85103246391-
dc.relation.conferenceInternational Workshop on Advanced Imaging Technology [IWAIT]-
dc.identifier.eissn1996-756Xen_US
dc.identifier.artn117660Nen_US
dc.description.validate202405 bcch-
dc.description.oaAccepted Manuscripten_US
dc.identifier.FolderNumberEIE-0075-
dc.description.fundingSourceRGCen_US
dc.description.pubStatusPublisheden_US
dc.identifier.OPUS55038284-
dc.description.oaCategoryGreen (AAM)en_US
Appears in Collections:Conference Paper
Files in This Item:
File Description SizeFormat 
Hu_Extraction_Attack_Image.pdfPre-Published version373.72 kBAdobe PDFView/Open
Open Access Information
Status open access
File Version Final Accepted Manuscript
Access
View full-text via PolyU eLinks SFX Query
Show simple item record

Page views

82
Last Week
3
Last month
Citations as of Nov 9, 2025

Downloads

31
Citations as of Nov 9, 2025

SCOPUSTM   
Citations

1
Citations as of Dec 19, 2025

Google ScholarTM

Check

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.