{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,12]],"date-time":"2025-07-12T01:21:18Z","timestamp":1752283278407,"version":"3.40.3"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030718510"},{"type":"electronic","value":"9783030718527"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-71852-7_2","type":"book-chapter","created":{"date-parts":[[2021,3,12]],"date-time":"2021-03-12T07:02:45Z","timestamp":1615532565000},"page":"21-36","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["DAS-AST: Defending Against Model Stealing Attacks Based on Adaptive Softmax Transformation"],"prefix":"10.1007","author":[{"given":"Jinyin","family":"Chen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Changan","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shijing","family":"Shen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xuhong","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianhao","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,3,13]]},"reference":[{"issue":"3","key":"2_CR1","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1504\/IJSN.2015.071829","volume":"10","author":"G Ateniese","year":"2015","unstructured":"Ateniese, G., Mancini, L.V., Spognardi, A., Villani, A., Vitali, D., Felici, G.: Hacking smart machines with smarter ones: how to extract meaningful data from machine learning classifiers. Int. J. Secur. Netw. 10(3), 137\u2013150 (2015)","journal-title":"Int. J. Secur. Netw."},{"key":"2_CR2","unstructured":"Athalye, A., Carlini, N., Wagner, D.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. arXiv preprint arXiv:1802.00420 (2018)"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Correia-Silva, J.R., Berriel, R.F., Badue, C., de Souza, A.F., Oliveira-Santos, T.: Copycat CNN: stealing knowledge by persuading confession with random non-labeled data. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp. 1\u20138. IEEE (2018)","DOI":"10.1109\/IJCNN.2018.8489592"},{"issue":"6","key":"2_CR4","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1109\/MSP.2012.2211477","volume":"29","author":"L Deng","year":"2012","unstructured":"Deng, L.: The MNIST database of handwritten digit images for machine learning research [best of the web]. IEEE Signal Process. Mag. 29(6), 141\u2013142 (2012)","journal-title":"IEEE Signal Process. Mag."},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1322\u20131333 (2015)","DOI":"10.1145\/2810103.2813677"},{"key":"2_CR6","unstructured":"Fredrikson, M., Lantz, E., Jha, S., Lin, S., Page, D., Ristenpart, T.: Privacy in pharmacogenetics: an end-to-end case study of personalized warfarin dosing. In: 23rd $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 2014), pp. 17\u201332 (2014)"},{"key":"2_CR7","unstructured":"Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition (2016)","DOI":"10.1109\/CVPR.2016.90"},{"issue":"4","key":"2_CR9","doi-asserted-by":"publisher","first-page":"1028","DOI":"10.1093\/molbev\/msx286","volume":"35","author":"S H\u00f6hna","year":"2018","unstructured":"H\u00f6hna, S., Coghill, L.M., Mount, G.G., Thomson, R.C., Brown, J.M.: P3: Phylogenetic posterior prediction in RevBayes. Mol. Biol. Evol. 35(4), 1028\u20131034 (2018)","journal-title":"Mol. Biol. Evol."},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Juuti, M., Szyller, S., Marchal, S., Asokan, N.: Prada: protecting against dnn model stealing attacks. In: 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 512\u2013527. IEEE (2019)","DOI":"10.1109\/EuroSP.2019.00044"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Kesarwani, M., Mukhoty, B., Arya, V., Mehta, S.: Model extraction warning in MLaaS paradigm. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 371\u2013380 (2018)","DOI":"10.1145\/3274694.3274740"},{"key":"2_CR12","unstructured":"Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks (2012)"},{"key":"2_CR13","unstructured":"LeCun, Y., et al.: LeNet-5, convolutional neural networks, vol. 20, no. 5, p. 14 (2015). http:\/\/yann.lecun.com\/exdb\/lenet"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Lee, T., Edwards, B., Molloy, I., Su, D.: Defending against machine learning model stealing attacks using deceptive perturbations. arXiv preprint arXiv:1806.00054 (2018)","DOI":"10.1109\/SPW.2019.00020"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Lowd, D., Meek, C.: Adversarial learning. In: Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, pp. 641\u2013647 (2005)","DOI":"10.1145\/1081870.1081950"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Milli, S., Schmidt, L., Dragan, A.D., Hardt, M.: Model reconstruction from model explanations. In: Proceedings of the Conference on Fairness, Accountability, and Transparency, pp. 1\u20139 (2019)","DOI":"10.1145\/3287560.3287562"},{"issue":"4","key":"2_CR17","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1145\/222132.222147","volume":"20","author":"GC Murphy","year":"1995","unstructured":"Murphy, G.C., Notkin, D.: Lightweight source model extraction. ACM SIGSOFT Softw. Eng. Notes 20(4), 116\u2013127 (1995)","journal-title":"ACM SIGSOFT Softw. Eng. Notes"},{"key":"2_CR18","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-0-387-88735-7_2","volume-title":"Machine Learning in Cyber Trust","author":"B Nelson","year":"2009","unstructured":"Nelson, B., et al.: Misleading learners: co-opting your spam filter. In: Yu, P.S., Tsai, J.J.P. (eds.) Machine Learning in Cyber Trust, pp. 17\u201351. Springer, Boston (2009). https:\/\/doi.org\/10.1007\/978-0-387-88735-7_2"},{"key":"2_CR19","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-030-28954-6_7","volume-title":"Explainable AI: Interpreting, Explaining and Visualizing Deep Learning","author":"SJ Oh","year":"2019","unstructured":"Oh, S.J., Schiele, B., Fritz, M.: Towards reverse-engineering black-box neural networks. In: Samek, W., Montavon, G., Vedaldi, A., Hansen, L.K., M\u00fcller, K.-R. (eds.) Explainable AI: Interpreting, Explaining and Visualizing Deep Learning. LNCS (LNAI), vol. 11700, pp. 121\u2013144. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-28954-6_7"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Orekondy, T., Schiele, B., Fritz, M.: Knockoff nets: stealing functionality of black-box models. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4954\u20134963 (2019)","DOI":"10.1109\/CVPR.2019.00509"},{"key":"2_CR21","unstructured":"Orekondy, T., Schiele, B., Fritz, M.: Prediction poisoning: towards defenses against DNN model stealing attacks. In: International Conference on Learning Representations (2019)"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Papernot, N., McDaniel, P., Goodfellow, I., Jha, S., Celik, Z.B., Swami, A.: Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 506\u2013519 (2017)","DOI":"10.1145\/3052973.3053009"},{"key":"2_CR23","unstructured":"Papernot, N., McDaniel, P., Sinha, A., Wellman, M.: Towards the science of security and privacy in machine learning. arXiv preprint arXiv:1611.03814 (2016)"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Salem, A., Zhang, Y., Humbert, M., Berrang, P., Fritz, M., Backes, M.: ML-leaks: model and data independent membership inference attacks and defenses on machine learning models. arXiv preprint arXiv:1806.01246 (2018)","DOI":"10.14722\/ndss.2019.23119"},{"key":"2_CR25","doi-asserted-by":"crossref","unstructured":"Selvaraju, R.R., Das, A., Vedantam, R., Cogswell, M., Parikh, D., Batra, D.: Grad-CAM: why did you say that? Visual explanations from deep networks via gradient-based localization (2016)","DOI":"10.1109\/ICCV.2017.74"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 3\u201318. IEEE (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"2_CR27","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/978-3-7908-2084-3_27","volume-title":"COMPSTAT 2008","author":"R Siciliano","year":"2008","unstructured":"Siciliano, R., Aria, M., D\u2019Ambrosio, A.: Posterior prediction modelling of optimal trees. In: Brito, P. (ed.) COMPSTAT 2008, pp. 323\u2013334. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-7908-2084-3_27"},{"key":"2_CR28","unstructured":"Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. In: International Conference on Learning Representations, May 2015"},{"key":"2_CR29","unstructured":"Tram\u00e8r, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: 25th $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 2016), pp. 601\u2013618 (2016)"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Wang, B., Gong, N.Z.: Stealing hyperparameters in machine learning. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 36\u201352. IEEE (2018)","DOI":"10.1109\/SP.2018.00038"},{"key":"2_CR31","doi-asserted-by":"crossref","unstructured":"Yoshida, K., Kubota, T., Shiozaki, M., Fujino, T.: Model-extraction attack against FPGA-DNN accelerator utilizing correlation electromagnetic analysis. In: 2019 IEEE 27th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), pp. 318\u2013318. IEEE (2019)","DOI":"10.1109\/FCCM.2019.00059"},{"key":"2_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1007\/978-3-030-29959-0_4","volume-title":"Computer Security \u2013 ESORICS 2019","author":"H Zheng","year":"2019","unstructured":"Zheng, H., Ye, Q., Hu, H., Fang, C., Shi, J.: BDPL: a boundary differentially private layer against machine learning model extraction attacks. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 66\u201383. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-29959-0_4"}],"container-title":["Lecture Notes in Computer Science","Information Security and Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-71852-7_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,3,12]],"date-time":"2021-03-12T07:05:36Z","timestamp":1615532736000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-71852-7_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030718510","9783030718527"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-71852-7_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"13 March 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Inscrypt","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security and Cryptology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cisc2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"79","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"30% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}