{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T13:17:48Z","timestamp":1742995068945,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":34,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819996131"},{"type":"electronic","value":"9789819996148"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-99-9614-8_1","type":"book-chapter","created":{"date-parts":[[2024,1,3]],"date-time":"2024-01-03T15:02:31Z","timestamp":1704294151000},"page":"1-19","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["PtbStolen: Pre-trained Encoder Stealing Through Perturbed Samples"],"prefix":"10.1007","author":[{"given":"Chuan","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haotian","family":"Liang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhuopeng","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tong","family":"Wu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Licheng","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liehuang","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,1,4]]},"reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Assran, M., et al.: Self-supervised learning from images with a joint-embedding predictive architecture. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 15619\u201315629 (2023)","DOI":"10.1109\/CVPR52729.2023.01499"},{"key":"1_CR2","unstructured":"Baevski, A., Hsu, W.N., Xu, Q., Babu, A., Gu, J., Auli, M.: Data2vec: a general framework for self-supervised learning in speech, vision and language. In: International Conference on Machine Learning, pp. 1298\u20131312. PMLR (2022)"},{"key":"1_CR3","unstructured":"Bardes, A., Ponce, J., LeCun, Y.: VICRegl: self-supervised learning of local visual features. In: Advances in Neural Information Processing Systems 35, pp. 8799\u20138810 (2022)"},{"key":"1_CR4","unstructured":"Chen, T., Kornblith, S., Norouzi, M., Hinton, G.: A simple framework for contrastive learning of visual representations. In: International Conference on Machine Learning, pp. 1597\u20131607. PMLR (2020)"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Chen, X., He, K.: Exploring simple Siamese representation learning. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 15750\u201315758 (2021)","DOI":"10.1109\/CVPR46437.2021.01549"},{"key":"1_CR6","unstructured":"Coates, A., Ng, A., Lee, H.: An analysis of single-layer networks in unsupervised feature learning. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, pp. 215\u2013223. JMLR Workshop and Conference Proceedings (2011)"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Cong, T., He, X., Zhang, Y.: SSLGuard: a watermarking scheme for self-supervised learning pre-trained encoders. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 579\u2013593 (2022)","DOI":"10.1145\/3548606.3559355"},{"issue":"6","key":"1_CR8","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSP.2017.2740965","volume":"34","author":"A Fawzi","year":"2017","unstructured":"Fawzi, A., Moosavi-Dezfooli, S.M., Frossard, P.: The robustness of deep networks: a geometrical perspective. IEEE Signal Process. Mag. 34(6), 50\u201362 (2017)","journal-title":"IEEE Signal Process. Mag."},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Feng, S., et al.: Detecting backdoors in pre-trained encoders. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 16352\u201316362 (2023)","DOI":"10.1109\/CVPR52729.2023.01569"},{"key":"1_CR10","unstructured":"Grill, J.B., et al.: Bootstrap your own latent-a new approach to self-supervised learning. In: Advances in Neural Information Processing Systems 33, pp. 21271\u201321284 (2020)"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"He, K., Fan, H., Wu, Y., Xie, S., Girshick, R.: Momentum contrast for unsupervised visual representation learning. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 9729\u20139738 (2020)","DOI":"10.1109\/CVPR42600.2020.00975"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"He, X., Zhang, Y.: Quantifying and mitigating privacy risks of contrastive learning. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 845\u2013863 (2021)","DOI":"10.1145\/3460120.3484571"},{"key":"1_CR13","doi-asserted-by":"crossref","unstructured":"Jia, J., Liu, Y., Gong, N.Z.: BadEncoder: backdoor attacks to pre-trained encoders in self-supervised learning. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 2043\u20132059. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833644"},{"key":"1_CR14","unstructured":"Krizhevsky, A.: Learning multiple layers of features from tiny images. Master\u2019s thesis, University of Tront (2009)"},{"key":"1_CR15","unstructured":"LeCun, Y., Cortes, C., Burges, C., et al.: MNIST handwritten digit database (2010)"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"Lin, Z., Xu, K., Fang, C., Zheng, H., Ahmed Jaheezuddin, A., Shi, J.: QUDA: query-limited data-free model extraction. In: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, pp. 913\u2013924 (2023)","DOI":"10.1145\/3579856.3590336"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Liu, H., Jia, J., Qu, W., Gong, N.Z.: EncoderMI: membership inference against pre-trained encoders in contrastive learning. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 2081\u20132095 (2021)","DOI":"10.1145\/3460120.3484749"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Liu, Y., Jia, J., Liu, H., Gong, N.Z.: StolenEencoder: stealing pre-trained encoders in self-supervised learning. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 2115\u20132128 (2022)","DOI":"10.1145\/3548606.3560586"},{"key":"1_CR19","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-030-28954-6_7","volume-title":"Explainable AI: Interpreting, Explaining and Visualizing Deep Learning","author":"SJ Oh","year":"2019","unstructured":"Oh, S.J., Schiele, B., Fritz, M.: Towards reverse-engineering black-box neural networks. In: Samek, W., Montavon, G., Vedaldi, A., Hansen, L.K., M\u00fcller, K.-R. (eds.) Explainable AI: Interpreting, Explaining and Visualizing Deep Learning. LNCS (LNAI), vol. 11700, pp. 121\u2013144. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-28954-6_7"},{"key":"1_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3595292","volume":"55","author":"D Oliynyk","year":"2023","unstructured":"Oliynyk, D., Mayer, R., Rauber, A.: I know what you trained last summer: a survey on stealing machine learning models and defences. ACM Comput. Surv. 55, 1\u201341 (2023)","journal-title":"ACM Comput. Surv."},{"key":"1_CR21","unstructured":"Oord, A.v.d., Li, Y., Vinyals, O.: Representation learning with contrastive predictive coding. arXiv preprint arXiv:1807.03748 (2018)"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Orekondy, T., Schiele, B., Fritz, M.: Knockoff nets: stealing functionality of black-box models. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 4954\u20134963 (2019)","DOI":"10.1109\/CVPR.2019.00509"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Peng, W., et al.: Are you copying my model? Protecting the copyright of large language models for EaaS via backdoor watermark. arXiv preprint arXiv:2305.10036 (2023)","DOI":"10.18653\/v1\/2023.acl-long.423"},{"key":"1_CR24","unstructured":"Radford, A., et al.: Learning transferable visual models from natural language supervision. In: International Conference on Machine Learning, pp. 8748\u20138763. PMLR (2021)"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"Saha, A., Tejankar, A., Koohpayegani, S.A., Pirsiavash, H.: Backdoor attacks on self-supervised learning. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 13337\u201313346 (2022)","DOI":"10.1109\/CVPR52688.2022.01298"},{"key":"1_CR26","doi-asserted-by":"crossref","unstructured":"Sanyal, S., Addepalli, S., Babu, R.V.: Towards data-free model stealing in a hard label setting. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 15284\u201315293 (2022)","DOI":"10.1109\/CVPR52688.2022.01485"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Sha, Z., He, X., Yu, N., Backes, M., Zhang, Y.: Can\u2019t steal? Cont-steal! Contrastive stealing attacks against image encoders. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 16373\u201316383 (2023)","DOI":"10.1109\/CVPR52729.2023.01571"},{"key":"1_CR28","unstructured":"Tram\u00e8r, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: 25th USENIX security symposium (USENIX Security 2016), pp. 601\u2013618 (2016)"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Truong, J.B., Maini, P., Walls, R.J., Papernot, N.: Data-free model extraction. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 4771\u20134780 (2021)","DOI":"10.1109\/CVPR46437.2021.00474"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Wang, B., Gong, N.Z.: Stealing hyperparameters in machine learning. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 36\u201352. IEEE (2018)","DOI":"10.1109\/SP.2018.00038"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Wu, Z., Xiong, Y., Yu, S.X., Lin, D.: Unsupervised feature learning via non-parametric instance discrimination. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 3733\u20133742 (2018)","DOI":"10.1109\/CVPR.2018.00393"},{"key":"1_CR32","unstructured":"Xiao, H., Rasul, K., Vollgraf, R.: Fashion-MNIST: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 (2017)"},{"key":"1_CR33","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1109\/TKDE.2023.3282907","volume":"36","author":"J Yu","year":"2023","unstructured":"Yu, J., Yin, H., Xia, X., Chen, T., Li, J., Huang, Z.: Self-supervised learning for recommender systems: a survey. IEEE Trans. Knowl. Data Eng. 36, 335\u2013355 (2023)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"1_CR34","unstructured":"Yuval, N.: Reading digits in natural images with unsupervised feature learning. In: Proceedings of the NIPS Workshop on Deep Learning and Unsupervised Feature Learning (2011)"}],"container-title":["Communications in Computer and Information Science","Emerging Information Security and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-9614-8_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,3]],"date-time":"2024-01-03T15:02:52Z","timestamp":1704294172000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-9614-8_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819996131","9789819996148"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-9614-8_1","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"4 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Emerging Information Security and Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Hangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eisa2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eisa.compute.dtu.dk\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"31% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}