Data-free generative model stealing – an experimental study
Model stealing attack refers to duplicating the functionalities of a deep learning model, which results in social or economic effect to model owner or leads to further attacks. Generative Artificial Intelligence is becoming more and more popular and influential, but compared to classification models...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/176957 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Model stealing attack refers to duplicating the functionalities of a deep learning model, which results in social or economic effect to model owner or leads to further attacks. Generative Artificial Intelligence is becoming more and more popular and influential, but compared to classification models and image translation models, there is less research on the stealing and protection of image generative models. This report investigates whether the functionalities of a deep learning black-box generative model can also be stolen without private training data, which is referred to as “Data-Free Generative Model Stealing”. Through research, experiments and quantitative comparisons, we successfully implemented stealing using Generative Adversarial Network and Diffusion Model in the image domain of MNIST handwritten digits, giving a deeper understanding of the effectiveness and cost factors of generative model stealing attack. Stronger surrogate models and simpler image domains easily achieved better results in stealing, and proper image augmentation methods could further improve it. Discussions on the impacts of dataset size and manual cleaning indicated the low cost of stealing attacks. These are expected to provide insight into future studies on the analysis and protection of deep learning generative models. |
|---|