Conceitos essenciais
The author introduces a novel approach to model extraction attacks in image translation tasks by addressing the domain shift problem through wavelet regularization and sharpness-aware minimization.
Resumo
The content discusses model extraction attacks in GAN-based image translation, focusing on mitigating the domain shift issue. The authors propose a new method that outperforms baseline approaches in various image translation tasks. They conduct experiments, analyze results, and evaluate the attack performance against real-world commercial services.
Key Points:
- Model extraction attacks pose a threat to DNN-based services.
- Traditional MEA techniques are not directly transferable to image-to-image translation (I2IT) tasks.
- The paper introduces a new perspective on MEA by mitigating domain shift through wavelet regularization and sharpness-aware minimization.
- Experimental results show significant improvement over baseline methods in style transfer and super-resolution tasks.
- Real-world commercial I2IT services are also targeted with successful outcomes.
Estatísticas
"Extensive exper-
iments on different image translation tasks, including image super-resolution and style transfer, are performed on differ-
ent backbone victim models"
"the FID/KID scores of our attack reach 82.63/2.55 for Rcapability and 57.87/0.32 for Rfidelity"
"our method shows a 2.06 increase in PSNR for Rcapability and a decrease of 0.032 in LIPIS"
Citações
"Extensive experimental results corroborate that MEA is a real threat to image translation systems."
"Our approach addresses the issue from a new angle by resorting to a flatter and smoother loss landscape for the attack model."