Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/115758
PIRA download icon_1.1View/Download Full Text
DC FieldValueLanguage
dc.contributorDepartment of Electrical and Electronic Engineeringen_US
dc.contributorResearch Centre for Privacy and Security Technologies in Future Smart Systemsen_US
dc.creatorXiao, Yen_US
dc.creatorHu, Hen_US
dc.creatorYe, Qen_US
dc.creatorTang, Len_US
dc.creatorLiang, Zen_US
dc.creatorZheng, Hen_US
dc.date.accessioned2025-10-28T02:00:41Z-
dc.date.available2025-10-28T02:00:41Z-
dc.identifier.issn1545-5971en_US
dc.identifier.urihttp://hdl.handle.net/10397/115758-
dc.language.isoenen_US
dc.publisherInstitute of Electrical and Electronics Engineersen_US
dc.rights© 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.en_US
dc.rightsThe following publication Y. Xiao, H. Hu, Q. Ye, L. Tang, Z. Liang and H. Zheng, "Unlocking High-Fidelity Learning: Towards Neuron-Grained Model Extraction," in IEEE Transactions on Dependable and Secure Computing, vol. 22, no. 6, pp. 6622-6635, Nov.-Dec. 2025 is available at https://doi.org/10.1109/TDSC.2025.3588857.en_US
dc.subjectDefense against model extractionen_US
dc.subjectMachine learning privacyen_US
dc.subjectModel extraction attacken_US
dc.titleUnlocking high-fidelity learning : towards neuron-grained model extractionen_US
dc.typeJournal/Magazine Articleen_US
dc.identifier.spage6622en_US
dc.identifier.epage6635en_US
dc.identifier.volume22en_US
dc.identifier.issue6en_US
dc.identifier.doi10.1109/TDSC.2025.3588857en_US
dcterms.abstractModel extraction (ME) attacks replicate valuable black-box machine learning (ML) models via malicious query interactions. Cutting-edge attacks focus on actively designing query samples to enhance model fidelity and imprudently adhere to the standard ML training approach. This causes a deviation from the true objective of learning a model over a task. In this paper, we innovatively shift our focus from query selection to training process optimization, aiming to boost the similarity of the copy model with the victim model from neuron to model level. We leverage neuron matching theory to attain this objective and develop a general training booster framework, MEBooster, to fully exploit this theory. MEBooster comprises an initial bootstrapping phase that furnishes initial parameters and an optimal model architecture, followed by a post-processing phase that employs fine-tuning for enhanced neuron matching. Notably, MEBooster can seamlessly integrate with all existing model extraction attacks, enhancing their overall performance. Performance evaluation shows up to 58.10% fidelity gain in image classification. From a defender's perspective, we introduce a novel defensive strategy called Stochastic Norm Enlargement (SNE) to mitigate the risk of such attacks by enlarging the model parameters' norm property in training. Performance evaluation shows up to 58.81% extractability (i.e., fidelity) reduction.en_US
dcterms.accessRightsopen accessen_US
dcterms.bibliographicCitationIEEE transactions on dependable and secure computing, Nov.-Dec. 2025, v. 22, no. 6, p. 6622-6635en_US
dcterms.isPartOfIEEE transactions on dependable and secure computingen_US
dcterms.issued2025-11-
dc.identifier.scopus2-s2.0-105010973289-
dc.identifier.eissn1941-0018en_US
dc.description.validate202510 bcchen_US
dc.description.oaAccepted Manuscripten_US
dc.identifier.SubFormIDG000302/2025-08-
dc.description.fundingSourceRGCen_US
dc.description.fundingSourceOthersen_US
dc.description.fundingTextThis work was supported by the National Natural Science Foundation of China (Grant No: 92270123 and 62372122), the Research Grants Council, Hong Kong SAR, China (Grant No: 15226221, 15225921, and 15208923), and the Innovation and Technology Fund (Grant No: ITS-140-23FP).en_US
dc.description.pubStatusPublisheden_US
dc.description.oaCategoryGreen (AAM)en_US
Appears in Collections:Journal/Magazine Article
Files in This Item:
File Description SizeFormat 
Xiao_Unlocking_High_Fidelity.pdfPre-Published version4.1 MBAdobe PDFView/Open
Open Access Information
Status open access
File Version Final Accepted Manuscript
Access
View full-text via PolyU eLinks SFX Query
Show simple item record

SCOPUSTM   
Citations

1
Citations as of Apr 3, 2026

Google ScholarTM

Check

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.