Machine learning (ML) models were shown to be vulnerable to model stealing attacks, which lead to intellectual property infringement. Among other attack methods, substitute model training is an all-encompassing attack...
详细信息
Machine learning (ML) models were shown to be vulnerable to model stealing attacks, which lead to intellectual property infringement. Among other attack methods, substitute model training is an all-encompassing attack applicable to any machine learning model whose behaviour can be approximated from input-output queries. Whereas previous works mainly focused on improving the performance of substitute models by, e.g. developing a new substitute training method, there have been only limited ablation studies that try to understand the impact the strength of an attacker has on the substitute model’s performance. As a result, different authors came to diverse, sometimes contradicting, conclusions. In this work, we exhaustively examine the ambivalent influence of different factors resulting from varying the attacker’s capabilities and knowledge on a substitute training attack. Our findings suggest that some of the factors that have been considered important in the past are, in fact, not that influential;instead, we discover new correlations between attack conditions and success rate. In particular, we demonstrate that better-performing target models enable higher-fidelity attacks and explain the intuition behind this phenomenon. Further, we propose to shift the focus from the complexity of target models toward the complexity of their learning tasks. Therefore, for the substitute model, rather than aiming for a higher architecture complexity, we suggest focusing on getting data of higher complexity and an appropriate architecture. Finally, we demonstrate that even in the most limited data-free scenario, there is no need to overcompensate weak knowledge with unrealistic capabilities in the form of millions of queries. Our results often exceed or match the performance of previous attacks that assume a stronger attacker, suggesting that these stronger attacks are likely endangering a model owner’s intellectual property to a significantly higher degree than shown until now. Cop
The paper presents the results obtained in modeling the creep phenomenon of unidirectional composites reinforced with fibers. Thus, several models that have proven their validity and results obtained with their help a...
详细信息
Machine learning (ML) models were shown to be vulnerable to model stealing attacks, which lead to intellectual property infringement. Among other attack methods, substitute model training is an all-encompassing attack...
详细信息
ISBN:
(数字)9798331517113
ISBN:
(纸本)9798331517120
Machine learning (ML) models were shown to be vulnerable to model stealing attacks, which lead to intellectual property infringement. Among other attack methods, substitute model training is an all-encompassing attack applicable to any machine learning model whose behaviour can be approximated from input-output queries. Whereas previous works mainly focused on improving the performance of substitute models by, e.g. developing a new substitute training method, there have been only limited ablation studies that try to understand the impact the strength of an attacker has on the substitute model's performance. As a result, different authors came to diverse, sometimes contradicting, conclusions. In this work, we exhaustively examine the ambivalent influence of different factors resulting from varying the attacker's capabilities and knowledge on a substitute training attack. Our findings suggest that some of the factors that have been considered important in the past are, in fact, not that influential; instead, we discover new correlations between attack conditions and success rate. In particular, we demonstrate that better-performing target models enable higher-fidelity attacks and explain the intuition behind this phenomenon. Further, we propose to shift the focus from the complexity of target models toward the complexity of their learning tasks. Therefore, for the substitute model, rather than aiming for a higher architecture complexity, we suggest focusing on getting data of higher complexity and an appropriate architecture. Finally, we demonstrate that even in the most limited data-free scenario, there is no need to overcompensate weak knowledge with unrealistic capabilities in the form of millions of queries. Our results often exceed or match the performance of previous attacks that assume a stronger attacker, suggesting that these stronger attacks are likely endangering a model owner's intellectual property to a significantly higher degree than shown until now.
Numerous remote area applications welcome standalone renewable energy power generation systems or isolated microgrids (MGs). Due to the nature of solar and wind energy, the frequency deviation control (FDC) in hybrid ...
详细信息
We study the sparse recovery problem with an underdetermined linear system characterized by a Kronecker-structured dictionary and a Kronecker-supported sparse vector. We cast this problem into the sparse Bayesian lear...
详细信息
This paper investigates algorithms for distributing Internet of Things sensors within the Wildland-Urban Interface to enhance early wildland fire detection. Using geospatial data analysis and a validated wildland fire...
详细信息
ISBN:
(数字)9798350373011
ISBN:
(纸本)9798350373028
This paper investigates algorithms for distributing Internet of Things sensors within the Wildland-Urban Interface to enhance early wildland fire detection. Using geospatial data analysis and a validated wildland fire growth model, we generated burn maps to guide sensor placement strategies across a defined region. We evaluated even grid distribution, random distributions, and genetic algorithm-based methods, testing each against 50,000 burn maps with sensor counts ranging from 50 to $\mathbf{8 0 0}$. Results indicate that while even grid distribution achieved the highest detection rates, its practicality in real-world applications is limited. Genetic algorithms showed promise but require further exploration to simulate field deployment accurately. Notably, weighting sensor placement based on wildland fire growth risk did not significantly impact detection effectiveness, highlighting the need for further research into the representativeness of burn maps.
The paper describes a fiber optic Fabry-Perot (FP) refractive index (RI) sensors that provide performances required in gas sensing applications. Presented high-resolution FabryPerot Interferometer (FPI) sensors are ba...
The paper describes a fiber optic Fabry-Perot (FP) refractive index (RI) sensors that provide performances required in gas sensing applications. Presented high-resolution FabryPerot Interferometer (FPI) sensors are based on open-path cells that can be integrated with the optical fiber in different ways. They can be fabricated as microcells on the fiber tip or along the optical fiber, or as external/extrinsic gas cells connected to the fiber. All presented configurations are based on low-finesse FPI as they allow for a simple and cost-efficient designs.
In this study, we describe an evaluation of the positional accuracy of stereo Visual SLAM with noisy feature points removed by blurring. We constructed an experimental environment that intentionally degrades the accur...
详细信息
暂无评论