Core Concepts
Keeping the generated data samples more diverse across all the classes is the critical point for improving the performance of data-free model stealing attacks.
Abstract
The content discusses an efficient data-free model stealing attack that leverages label diversity. The key insights are:
Diversity of the generated data samples, measured by the entropy of the prediction probabilities from the victim model, is the critical factor that influences the performance of model stealing attacks, regardless of whether a surrogate dataset or synthetic data is used.
The authors propose a simplified attack framework, called Diversity-based Data-Free Model Stealing (DB-DFMS), that focuses on generating diverse data samples across all classes using a diversity loss. This approach achieves comparable or even better performance compared to state-of-the-art methods, while being more efficient in terms of query budget and computational cost.
Extensive experiments on benchmark datasets demonstrate the effectiveness of the proposed attack. The authors also analyze the influence of various factors, such as clone model architecture, query budget, and generator design, on the attack performance.
The authors show that their attack works well even on unbalanced datasets, indicating its broad applicability without prior knowledge of the victim model's training data distribution.
Visualizations and analyses reveal that the diversity of the generated data samples, as measured by the entropy of the victim model's predictions, is the key to the success of the proposed attack.
Stats
The content does not provide any specific numerical data or metrics to support the key logics. The analysis is based on qualitative comparisons and observations.
Quotes
There are no direct quotes from the content that support the key logics.