{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T16:47:37Z","timestamp":1777567657776,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3590336","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"913-924","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["QUDA: Query-Limited Data-Free Model Extraction"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-4502-4157","authenticated-orcid":false,"given":"Zijun","family":"Lin","sequence":"first","affiliation":[{"name":"Nanyang Technological University, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7462-3348","authenticated-orcid":false,"given":"Ke","family":"Xu","sequence":"additional","affiliation":[{"name":"Huawei International, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8313-0980","authenticated-orcid":false,"given":"Chengfang","family":"Fang","sequence":"additional","affiliation":[{"name":"Huawei International, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1224-9885","authenticated-orcid":false,"given":"Huadi","family":"Zheng","sequence":"additional","affiliation":[{"name":"Huawei Technology, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9092-2080","authenticated-orcid":false,"given":"Aneez","family":"Ahmed Jaheezuddin","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-8022-4051","authenticated-orcid":false,"given":"Jie","family":"Shi","sequence":"additional","affiliation":[{"name":"Huawei International, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Alibaba Cloud Content Security Detailed Pricing Information. https:\/\/cn.aliyun.com\/price\/product?from_alibabacloud=#\/lvwang\/detail\/cdibag  [n. d.]. Alibaba Cloud Content Security Detailed Pricing Information. https:\/\/cn.aliyun.com\/price\/product?from_alibabacloud=#\/lvwang\/detail\/cdibag"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. Pricing | Cloud Vision API | Google Cloud. https:\/\/cloud.google.com\/vision\/pricing\/  [n. d.]. Pricing | Cloud Vision API | Google Cloud. https:\/\/cloud.google.com\/vision\/pricing\/"},{"key":"e_1_3_2_1_3_1","unstructured":"[n. d.]. Tencent Cloud Billing items. https:\/\/cloud.tencent.com\/document\/product\/1235\/44663  [n. d.]. Tencent Cloud Billing items. https:\/\/cloud.tencent.com\/document\/product\/1235\/44663"},{"key":"e_1_3_2_1_4_1","unstructured":"Brandon Amos Ivan Jimenez Jacob Sacks Byron Boots and J\u00a0Zico Kolter. 2018. Differentiable mpc for end-to-end planning and control. In Advances in Neural Information Processing Systems. 8289\u20138300.  Brandon Amos Ivan Jimenez Jacob Sacks Byron Boots and J\u00a0Zico Kolter. 2018. Differentiable mpc for end-to-end planning and control. In Advances in Neural Information Processing Systems. 8289\u20138300."},{"key":"e_1_3_2_1_5_1","volume-title":"Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp)","author":"Carlini Nicholas","unstructured":"Nicholas Carlini and David Wagner . 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp) . IEEE , 39\u201357. Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp). IEEE, 39\u201357."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_1_7_1","unstructured":"Gongfan Fang Jie Song Chengchao Shen Xinchao Wang Da Chen and Mingli Song. 2019. Data-Free Adversarial Distillation.  Gongfan Fang Jie Song Chengchao Shen Xinchao Wang Da Chen and Mingli Song. 2019. Data-Free Adversarial Distillation."},{"key":"e_1_3_2_1_8_1","unstructured":"Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems. 2672\u20132680.  Ian Goodfellow Jean Pouget-Abadie Mehdi Mirza Bing Xu David Warde-Farley Sherjil Ozair Aaron Courville and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems. 2672\u20132680."},{"key":"e_1_3_2_1_9_1","unstructured":"Ian\u00a0J. Goodfellow Mehdi Mirza Da Xiao Aaron Courville and Yoshua Bengio. 2013. An Empirical Investigation of Catastrophic Forgetting in Gradient-Based Neural Networks. https:\/\/arxiv.org\/abs\/1312.6211  Ian\u00a0J. Goodfellow Mehdi Mirza Da Xiao Aaron Courville and Yoshua Bengio. 2013. An Empirical Investigation of Catastrophic Forgetting in Gradient-Based Neural Networks. https:\/\/arxiv.org\/abs\/1312.6211"},{"key":"e_1_3_2_1_10_1","volume-title":"In ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. 611\u2013618","author":"Guiga L.","unstructured":"L. Guiga and A.\u00a0 W. Roscoe .2020. Neural network security: Hiding CNN parameters with guided grad-CAM .. In In ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. 611\u2013618 . L. Guiga and A.\u00a0W. Roscoe.2020. Neural network security: Hiding CNN parameters with guided grad-CAM.. In In ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. 611\u2013618."},{"key":"e_1_3_2_1_11_1","volume-title":"Advances in neural information processing systems 23","author":"Hasselt Hado","year":"2010","unstructured":"Hado Hasselt . 2010. Double Q-learning. Advances in neural information processing systems 23 ( 2010 ). Hado Hasselt. 2010. Double Q-learning. Advances in neural information processing systems 23 (2010)."},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of NAACL-HLT.","author":"He Xuanli","year":"2021","unstructured":"Xuanli He , Lingjuan Lyu , Qiongkai Xu , and Lichao Sun . 2021 . Model Extraction and Adversarial Transferability, Your BERT is Vulnerable! . In Proceedings of NAACL-HLT. Xuanli He, Lingjuan Lyu, Qiongkai Xu, and Lichao Sun. 2021. Model Extraction and Adversarial Transferability, Your BERT is Vulnerable!. In Proceedings of NAACL-HLT."},{"key":"e_1_3_2_1_13_1","unstructured":"Xing Hu Ling Liang Shuangchen Li Lei Deng Pengfei Zuo Yu Ji Xinfeng Xie Yufei Ding Chang Liu Timothy Sherwood and Yuan Xie. 2020. DeepSniffer: A DNN Model Extraction Framework Based on Learning Architectural Hints. In ASPLOS \u201920: Architectural Support for Programming Languages and Operating Systems James\u00a0R. Larus Luis Ceze and Karin Strauss (Eds.).  Xing Hu Ling Liang Shuangchen Li Lei Deng Pengfei Zuo Yu Ji Xinfeng Xie Yufei Ding Chang Liu Timothy Sherwood and Yuan Xie. 2020. DeepSniffer: A DNN Model Extraction Framework Based on Learning Architectural Hints. In ASPLOS \u201920: Architectural Support for Programming Languages and Operating Systems James\u00a0R. Larus Luis Ceze and Karin Strauss (Eds.)."},{"key":"e_1_3_2_1_14_1","unstructured":"Andrew Ilyas Shibani Santurkar Dimitris Tsipras Logan Engstrom Brandon Tran and Aleksander Madry. 2019. Adversarial examples are not bugs they are features. In Advances in Neural Information Processing Systems. 125\u2013136.  Andrew Ilyas Shibani Santurkar Dimitris Tsipras Logan Engstrom Brandon Tran and Aleksander Madry. 2019. Adversarial examples are not bugs they are features. In Advances in Neural Information Processing Systems. 125\u2013136."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/3489212.3489288"},{"key":"e_1_3_2_1_16_1","unstructured":"H. Jia C.\u00a0A. Choquette-Choo and N. Papernot. 2021. Entangled watermarks as a defense against model extraction. In 23th { USENIX} Security Symposium ({ USENIX} Security 21).  H. Jia C.\u00a0A. Choquette-Choo and N. Papernot. 2021. Entangled watermarks as a defense against model extraction. In 23th { USENIX} Security Symposium ({ USENIX} Security 21)."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i05.6311"},{"key":"e_1_3_2_1_18_1","volume-title":"In IEEE European Symposium on Security and Privacy, EuroS&P. 512\u2013527","author":"Juuti Mika","unstructured":"Mika Juuti , Sebastian Szyller , Samuel Marchal , and N. Asokan . 2019. PRADA: Protecting Against DNN Model Stealing Attacks .. In In IEEE European Symposium on Security and Privacy, EuroS&P. 512\u2013527 . Mika Juuti, Sebastian Szyller, Samuel Marchal, and N. Asokan.2019. PRADA: Protecting Against DNN Model Stealing Attacks.. In In IEEE European Symposium on Security and Privacy, EuroS&P. 512\u2013527."},{"key":"e_1_3_2_1_19_1","volume-title":"In IEEE\/CVF Conference on Computer Vision and Pattern Recognition, CVPR. 767\u2013775","author":"Qureshi Sanjay","unstructured":"Sanjay K. and Moinuddin\u00a0K. Qureshi .2020. Defending Against Model Stealing Attacks With Adaptive Misinformation .. In In IEEE\/CVF Conference on Computer Vision and Pattern Recognition, CVPR. 767\u2013775 . Sanjay K. and Moinuddin\u00a0K. Qureshi.2020. Defending Against Model Stealing Attacks With Adaptive Misinformation.. In In IEEE\/CVF Conference on Computer Vision and Pattern Recognition, CVPR. 767\u2013775."},{"key":"e_1_3_2_1_20_1","volume-title":"MAZE: Data-Free Model Stealing Attack Using Zeroth-Order Gradient Estimation. 2021 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Kariyappa Sanjay","year":"2021","unstructured":"Sanjay Kariyappa , Atul Prakash , and Moinuddin\u00a0 K. Qureshi . 2021 . MAZE: Data-Free Model Stealing Attack Using Zeroth-Order Gradient Estimation. 2021 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2021), 13809\u201313818. Sanjay Kariyappa, Atul Prakash, and Moinuddin\u00a0K. Qureshi. 2021. MAZE: Data-Free Model Stealing Attack Using Zeroth-Order Gradient Estimation. 2021 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2021), 13809\u201313818."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274740"},{"key":"e_1_3_2_1_22_1","volume-title":"Kingma and Jimmy Ba","author":"P.","year":"2015","unstructured":"Diederik\u00a0 P. Kingma and Jimmy Ba . 2015 . Adam : A Method for Stochastic Optimization. In 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds .). http:\/\/arxiv.org\/abs\/1412.6980 Diederik\u00a0P. Kingma and Jimmy Ba. 2015. Adam: A Method for Stochastic Optimization. In 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http:\/\/arxiv.org\/abs\/1412.6980"},{"key":"e_1_3_2_1_23_1","unstructured":"Kalpesh Krishna Gaurav\u00a0Singh Tomar Ankur\u00a0P Parikh Nicolas Papernot and Mohit Iyyer. 2020. Thieves on sesame street! model extraction of bert-based apis. (2020).  Kalpesh Krishna Gaurav\u00a0Singh Tomar Ankur\u00a0P Parikh Nicolas Papernot and Mohit Iyyer. 2020. Thieves on sesame street! model extraction of bert-based apis. (2020)."},{"key":"e_1_3_2_1_25_1","volume-title":"Adversarial examples in the physical world. (07","author":"Kurakin Alexey","year":"2016","unstructured":"Alexey Kurakin , Ian Goodfellow , and Samy Bengio . 2016. Adversarial examples in the physical world. (07 2016 ). Alexey Kurakin, Ian Goodfellow, and Samy Bengio. 2016. Adversarial examples in the physical world. (07 2016)."},{"key":"e_1_3_2_1_26_1","volume-title":"4th International Conference on Learning Representations, ICLR","author":"Lillicrap P.","year":"2016","unstructured":"Timothy\u00a0 P. Lillicrap , Jonathan\u00a0 J. Hunt , Alexander Pritzel , Nicolas Heess , Tom Erez , Yuval Tassa , David Silver , and Daan Wierstra . [n. d.]. Continuous control with deep reinforcement learning . In 4th International Conference on Learning Representations, ICLR , San Juan, Puerto Rico , May 2-4, 2016 , Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). Timothy\u00a0P. Lillicrap, Jonathan\u00a0J. Hunt, Alexander Pritzel, Nicolas Heess, Tom Erez, Yuval Tassa, David Silver, and Daan Wierstra. [n. d.]. Continuous control with deep reinforcement learning. In 4th International Conference on Learning Representations, ICLR, San Juan, Puerto Rico, May 2-4, 2016, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.)."},{"key":"e_1_3_2_1_27_1","volume-title":"StolenEncoder: Stealing Pre-Trained Encoders in Self-Supervised Learning(CCS \u201922)","author":"Liu Yupei","unstructured":"Yupei Liu , Jinyuan Jia , Hongbin Liu , and Neil\u00a0Zhenqiang Gong . 2022. StolenEncoder: Stealing Pre-Trained Encoders in Self-Supervised Learning(CCS \u201922) . Association for Computing Machinery , New York, NY, USA , 2115\u20132128. Yupei Liu, Jinyuan Jia, Hongbin Liu, and Neil\u00a0Zhenqiang Gong. 2022. StolenEncoder: Stealing Pre-Trained Encoders in Self-Supervised Learning(CCS \u201922). Association for Computing Machinery, New York, NY, USA, 2115\u20132128."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1038\/nature14236"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00509"},{"key":"e_1_3_2_1_30_1","volume-title":"In International Conference on Learning Representations, ICLR, Virtual Event.","author":"Orekondy Tribhuvanesh","year":"2020","unstructured":"Tribhuvanesh Orekondy , Bernt Schiele , and Mario Fritz . 2020 . Prediction Poisoning: Towards Defenses Against DNN Model Stealing Attacks .. In In International Conference on Learning Representations, ICLR, Virtual Event. Tribhuvanesh Orekondy, Bernt Schiele, and Mario Fritz. 2020. Prediction Poisoning: Towards Defenses Against DNN Model Stealing Attacks.. In In International Conference on Learning Representations, ICLR, Virtual Event."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_1_32_1","volume-title":"Model Weight Theft With Just Noise Inputs: The Curious Case of the Petulant Attacker. ArXiv abs\/1912.08987","author":"Roberts Nicholas","year":"2019","unstructured":"Nicholas Roberts , Vinay\u00a0Uday Prabhu , and Matthew McAteer . 2019. Model Weight Theft With Just Noise Inputs: The Curious Case of the Petulant Attacker. ArXiv abs\/1912.08987 ( 2019 ). Nicholas Roberts, Vinay\u00a0Uday Prabhu, and Matthew McAteer. 2019. Model Weight Theft With Just Noise Inputs: The Curious Case of the Petulant Attacker. ArXiv abs\/1912.08987 (2019)."},{"key":"e_1_3_2_1_33_1","volume-title":"2022 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR)","author":"Sanyal Sunandini","year":"2022","unstructured":"Sunandini Sanyal , Sravanti Addepalli , and R.\u00a0 Venkatesh Babu . 2022 . Towards Data-Free Model Stealing in a Hard Label Setting . 2022 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2022), 15263\u201315272. Sunandini Sanyal, Sravanti Addepalli, and R.\u00a0Venkatesh Babu. 2022. Towards Data-Free Model Stealing in a Hard Label Setting. 2022 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2022), 15263\u201315272."},{"key":"e_1_3_2_1_34_1","volume-title":"Trust Region Policy Optimization. CoRR abs\/1502.05477","author":"Schulman John","year":"2015","unstructured":"John Schulman , Sergey Levine , Philipp Moritz , Michael\u00a0 I. Jordan , and Pieter Abbeel . 2015. Trust Region Policy Optimization. CoRR abs\/1502.05477 ( 2015 ). arxiv:1502.05477http:\/\/arxiv.org\/abs\/1502.05477 John Schulman, Sergey Levine, Philipp Moritz, Michael\u00a0I. Jordan, and Pieter Abbeel. 2015. Trust Region Policy Optimization. CoRR abs\/1502.05477 (2015). arxiv:1502.05477http:\/\/arxiv.org\/abs\/1502.05477"},{"key":"e_1_3_2_1_36_1","unstructured":"Zeyang Sha Xinlei He Ning Yu Michael Backes and Yang Zhang. 2022. Can\u2019t Steal? Cont-Steal! Contrastive Stealing Attacks Against Image Encoders. https:\/\/arxiv.org\/abs\/2201.07513  Zeyang Sha Xinlei He Ning Yu Michael Backes and Yang Zhang. 2022. Can\u2019t Steal? Cont-Steal! Contrastive Stealing Attacks Against Image Encoders. https:\/\/arxiv.org\/abs\/2201.07513"},{"key":"e_1_3_2_1_37_1","volume-title":"Membership Inference Attacks Against Machine Learning Models. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society","author":"Shokri R.","year":"2017","unstructured":"R. Shokri , M. Stronati , C. Song , and V. Shmatikov . 2017 . Membership Inference Attacks Against Machine Learning Models. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society , Los Alamitos, CA, USA, 3\u201318. https:\/\/doi.org\/10.1109\/SP. 2017 .41 10.1109\/SP.2017.41 R. Shokri, M. Stronati, C. Song, and V. Shmatikov. 2017. Membership Inference Attacks Against Machine Learning Models. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA, 3\u201318. https:\/\/doi.org\/10.1109\/SP.2017.41"},{"key":"e_1_3_2_1_38_1","volume-title":"Steal: Model Extraction Attacks Against Image Translation Generative Adversarial Networks. https:\/\/arxiv.org\/abs\/2104.12623","author":"Szyller Sebastian","year":"2021","unstructured":"Sebastian Szyller , Vasisht Duddu , Tommi Gr\u00f6ndahl , and N. Asokan . 2021 . Good Artists Copy , Great Artists Steal: Model Extraction Attacks Against Image Translation Generative Adversarial Networks. https:\/\/arxiv.org\/abs\/2104.12623 Sebastian Szyller, Vasisht Duddu, Tommi Gr\u00f6ndahl, and N. Asokan. 2021. Good Artists Copy, Great Artists Steal: Model Extraction Attacks Against Image Translation Generative Adversarial Networks. https:\/\/arxiv.org\/abs\/2104.12623"},{"key":"e_1_3_2_1_39_1","volume-title":"25th { USENIX} Security Symposium ({ USENIX} Security 16). 601\u2013618.","author":"Tram\u00e8r Florian","unstructured":"Florian Tram\u00e8r , Fan Zhang , Ari Juels , Michael\u00a0 K Reiter , and Thomas Ristenpart . 2016. Stealing machine learning models via prediction apis . In 25th { USENIX} Security Symposium ({ USENIX} Security 16). 601\u2013618. Florian Tram\u00e8r, Fan Zhang, Ari Juels, Michael\u00a0K Reiter, and Thomas Ristenpart. 2016. Stealing machine learning models via prediction apis. In 25th { USENIX} Security Symposium ({ USENIX} Security 16). 601\u2013618."},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR).","author":"Truong Jean-Baptiste","year":"2021","unstructured":"Jean-Baptiste Truong , Pratyush Maini , Robert\u00a0 J. Walls , and Nicolas Papernot . 2021 . Data-Free Model Extraction . In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR). Jean-Baptiste Truong, Pratyush Maini, Robert\u00a0J. Walls, and Nicolas Papernot. 2021. Data-Free Model Extraction. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR)."},{"key":"e_1_3_2_1_41_1","volume-title":"In Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval. 269\u2013277","author":"Uchida Y.","unstructured":"Y. Uchida , Y. Nagai , S. Sakazawa , and S. Satoh . 2017. Embedding watermarks into deep neural networks . In In Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval. 269\u2013277 . Y. Uchida, Y. Nagai, S. Sakazawa, and S. Satoh. 2017. Embedding watermarks into deep neural networks. In In Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval. 269\u2013277."},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 1498\u20131507","author":"Wang Dongdong","year":"2020","unstructured":"Dongdong Wang , Yandong Li , Liqiang Wang , and Boqing Gong . 2020 . Neural Networks Are More Productive Teachers Than Human Raters: Active Mixup for Data-Efficient Knowledge Distillation from a Blackbox Model . In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 1498\u20131507 . Dongdong Wang, Yandong Li, Liqiang Wang, and Boqing Gong. 2020. Neural Networks Are More Productive Teachers Than Human Raters: Active Mixup for Data-Efficient Knowledge Distillation from a Blackbox Model. In Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 1498\u20131507."},{"key":"e_1_3_2_1_43_1","unstructured":"Han Xiao Kashif Rasul and Roland Vollgraf. 2017. Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. https:\/\/arxiv.org\/abs\/1708.07747  Han Xiao Kashif Rasul and Roland Vollgraf. 2017. Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms. https:\/\/arxiv.org\/abs\/1708.07747"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460231.3474275"},{"key":"e_1_3_2_1_45_1","volume-title":"In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 159\u2013172","author":"Zhang J.","unstructured":"J. Zhang , Z. Gu , J. Jang , H. Wu , M.\u00a0 P. Stoecklin , H. Huang , and I. Molloy . 2018. \u201cProtecting intellectual property of deep neural networks with watermarking . In In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 159\u2013172 . J. Zhang, Z. Gu, J. Jang, H. Wu, M.\u00a0P. Stoecklin, H. Huang, and I. Molloy. 2018. \u201cProtecting intellectual property of deep neural networks with watermarking. In In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 159\u2013172."},{"key":"e_1_3_2_1_46_1","volume-title":"The Secret Revealer: Generative Model-Inversion Attacks Against Deep Neural Networks. In 2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE Computer Society","author":"Zhang Y.","year":"2020","unstructured":"Y. Zhang , R. Jia , H. Pei , W. Wang , B. Li , and D. Song . 2020 . The Secret Revealer: Generative Model-Inversion Attacks Against Deep Neural Networks. In 2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE Computer Society , Los Alamitos, CA, USA, 250\u2013258. https:\/\/doi.org\/10.1109\/CVPR42600. 2020 .00033 10.1109\/CVPR42600.2020.00033 Y. Zhang, R. Jia, H. Pei, W. Wang, B. Li, and D. Song. 2020. The Secret Revealer: Generative Model-Inversion Attacks Against Deep Neural Networks. In 2020 IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE Computer Society, Los Alamitos, CA, USA, 250\u2013258. https:\/\/doi.org\/10.1109\/CVPR42600.2020.00033"},{"key":"e_1_3_2_1_47_1","volume-title":"European Symposium on Research in Computer Security. Springer, 66\u201383","author":"Zheng Huadi","year":"2019","unstructured":"Huadi Zheng , Qingqing Ye , Haibo Hu , Chengfang Fang , and Jie Shi . 2019 . Bdpl: A boundary differentially private layer against machine learning model extraction attacks . In European Symposium on Research in Computer Security. Springer, 66\u201383 . Huadi Zheng, Qingqing Ye, Haibo Hu, Chengfang Fang, and Jie Shi. 2019. Bdpl: A boundary differentially private layer against machine learning model extraction attacks. In European Symposium on Research in Computer Security. Springer, 66\u201383."},{"key":"e_1_3_2_1_48_1","volume-title":"Protecting decision boundary of machine learning model with differentially private perturbation","author":"Zheng Huadi","unstructured":"Huadi Zheng , Qingqing Ye , Haibo Hu , Jie Shi , and Chengfang Fang . 2020. Protecting decision boundary of machine learning model with differentially private perturbation . In IEEE Transactions on Dependable and Secure Computing. IEEE. Huadi Zheng, Qingqing Ye, Haibo Hu, Jie Shi, and Chengfang Fang. 2020. Protecting decision boundary of machine learning model with differentially private perturbation. In IEEE Transactions on Dependable and Secure Computing. IEEE."},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of the IEEE conference on computer vision and pattern recognition. 7340\u20137351","author":"Zhou Zongwei","year":"2017","unstructured":"Zongwei Zhou , Jae Shin , Lei Zhang , Suryakanth Gurudu , Michael Gotway , and Jianming Liang . 2017 . Fine-tuning convolutional neural networks for biomedical image analysis: actively and incrementally . In Proceedings of the IEEE conference on computer vision and pattern recognition. 7340\u20137351 . Zongwei Zhou, Jae Shin, Lei Zhang, Suryakanth Gurudu, Michael Gotway, and Jianming Liang. 2017. Fine-tuning convolutional neural networks for biomedical image analysis: actively and incrementally. In Proceedings of the IEEE conference on computer vision and pattern recognition. 7340\u20137351."}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3590336","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:16Z","timestamp":1750183696000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3590336"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":47,"alternative-id":["10.1145\/3579856.3590336","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3590336","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}