Please use this identifier to cite or link to this item:
http://hdl.handle.net/10397/115758
| DC Field | Value | Language |
|---|---|---|
| dc.contributor | Department of Electrical and Electronic Engineering | - |
| dc.creator | Xiao, Y | - |
| dc.creator | Hu, H | - |
| dc.creator | Ye, Q | - |
| dc.creator | Tang, L | - |
| dc.creator | Liang, Z | - |
| dc.creator | Zheng, H | - |
| dc.date.accessioned | 2025-10-28T02:00:41Z | - |
| dc.date.available | 2025-10-28T02:00:41Z | - |
| dc.identifier.issn | 1545-5971 | - |
| dc.identifier.uri | http://hdl.handle.net/10397/115758 | - |
| dc.language.iso | en | en_US |
| dc.publisher | Institute of Electrical and Electronics Engineers | en_US |
| dc.subject | Defense against model extraction | en_US |
| dc.subject | Machine learning privacy | en_US |
| dc.subject | Model extraction attack | en_US |
| dc.title | Unlocking high-fidelity learning : towards neuron-grained model extraction | en_US |
| dc.type | Journal/Magazine Article | en_US |
| dc.identifier.doi | 10.1109/TDSC.2025.3588857 | - |
| dcterms.abstract | Model extraction (ME) attacks replicate valuable black-box machine learning (ML) models via malicious query interactions. Cutting-edge attacks focus on actively designing query samples to enhance model fidelity and imprudently adhere to the standard ML training approach. This causes a deviation from the true objective of learning a model over a task. In this paper, we innovatively shift our focus from query selection to training process optimization, aiming to boost the similarity of the copy model with the victim model from neuron to model level. We leverage neuron matching theory to attain this objective and develop a general training booster framework, MEBooster, to fully exploit this theory. MEBooster comprises an initial bootstrapping phase that furnishes initial parameters and an optimal model architecture, followed by a post-processing phase that employs fine-tuning for enhanced neuron matching. Notably, MEBooster can seamlessly integrate with all existing model extraction attacks, enhancing their overall performance. Performance evaluation shows up to 58.10% fidelity gain in image classification. From a defender's perspective, we introduce a novel defensive strategy called Stochastic Norm Enlargement (SNE) to mitigate the risk of such attacks by enlarging the model parameters' norm property in training. Performance evaluation shows up to 58.81% extractability (i.e., fidelity) reduction. | - |
| dcterms.accessRights | embargoed access | en_US |
| dcterms.bibliographicCitation | IEEE transactions on dependable and secure computing, Date of Publication: 15 July 2025, Early Access, https://doi.org/10.1109/TDSC.2025.3588857 | - |
| dcterms.isPartOf | IEEE transactions on dependable and secure computing | - |
| dcterms.issued | 2025 | - |
| dc.identifier.scopus | 2-s2.0-105010973289 | - |
| dc.identifier.eissn | 1941-0018 | - |
| dc.description.validate | 202510 bcch | - |
| dc.description.oa | Not applicable | en_US |
| dc.identifier.SubFormID | G000302/2025-08 | en_US |
| dc.description.fundingSource | RGC | en_US |
| dc.description.fundingSource | Others | en_US |
| dc.description.fundingText | This work was supported by the National Natural Science Foundation of China (Grant No: 92270123 and 62372122), the Research Grants Council, Hong Kong SAR, China (Grant No: 15226221, 15225921, and 15208923), and the Innovation and Technology Fund (Grant No: ITS-140-23FP). | en_US |
| dc.description.pubStatus | Early release | en_US |
| dc.date.embargo | 0000-00-00 (to be updated) | en_US |
| dc.description.oaCategory | Green (AAM) | en_US |
| Appears in Collections: | Journal/Magazine Article | |
Access
View full-text via PolyU eLinks 
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.