Data

Tools

Indexes

Applications

Experiments

Open Source Science

dl-model-extraction

Model extraction attack - a Noob's attempt

https://github.com/dannyrichy/dl-model-extraction

Science Score: 54.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
    Links to: arxiv.org, zenodo.org
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (6.3%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

Model extraction attack - a Noob's attempt

Basic Info
  • Host: GitHub
  • Owner: dannyrichy
  • License: mit
  • Language: Jupyter Notebook
  • Default Branch: master
  • Size: 109 MB
Statistics
  • Stars: 1
  • Watchers: 1
  • Forks: 1
  • Open Issues: 0
  • Releases: 0
Created almost 4 years ago · Last pushed over 3 years ago
Metadata Files
Readme License Citation

README.md

Model extraction attacks

door.py has the high-level experiment code. The final report for this project can be found here

About

The aim of the project is to analyse model extraction techniques. Furthermore, it analyses how the extracted model can be used to do membership inference attack on the original model. It further explores if such an extracted momdel can be used to perform adversarial attacks on the original model

Experimental setup:

  • Victim models for datasets CIFAR-10 and CIFAR-100 were used to carry-out extraction attack analysis. The CIFAR-10 models were taken directly from here. For CIFAR-100, we trained our own models to act as victim.
  • Attacker model architecture was varied
  • The extraction technique was also run on an Out of Distrbution dataset which we put together from downsampled ImageNet data (32x32). An many-to-one relation between the imagenet class and cifar-10 was prepared. Data for classes Deer and Horse were not found in Imagenet, hence they were downloaded from the internet and downsampled to 32 x 32.

Resources

To help us analyse the performance, we restricted our experiments to CIFAR-10 and CIFAR-100. To emulate the victim model, we used pre-trained models from the following repositories: - https://zenodo.org/record/4431043

References

Data Free Model Extraction: https://arxiv.org/pdf/2011.14779.pdf

Owner

  • Name: Daniel Richards R
  • Login: dannyrichy
  • Kind: user
  • Location: Stockholm,Sweden

Msc in Machine Learning

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
  - family-names: "Ravi Arputharaj"
    given-names: "Daniel Richards"
    orcid: "https://orcid.org/0000-0000-0000-0000"
  - family-names: "Kalaivanan"
    given-names: "Adhithyan"
    orcid: "https://orcid.org/0000-0000-0000-0000"
  - family-names: "Ganesan"
    given-names: "Aishwarya"
    orcid: "https://orcid.org/0000-0000-0000-0000"
title: "Deep Learning - Model Extraction"
version: 1.0
doi: 10.5281/zenodo.1234
date-released: 2022-05-25
url: "https://github.com/the-nihilist-ninja/dl-model-extraction"

GitHub Events

Total
  • Watch event: 1
  • Fork event: 1
Last Year
  • Watch event: 1
  • Fork event: 1