This is the repo for CloudLeak: Large-Scale Deep Learning Models Stealing Through Adversarial Examples, Honggang Yu, Kaichen Yang, Teng Zhang, Yun-Yun Tsai, Tsung-Yi Ho, Yier Jin, in Proceeding of Network and Distributed System Security Symposium (NDSS), 2020. Our code is implemented in Python 3.6 and Caffe.
The following figure illustrates the transfer framework for our proposed model extraction method:
(a) generate unlabeled adversarial examples as synthetic dataset.
(b) query victim model using the generated synthetic dataset.
(c) label adversarial examples according to the output of the victim model.
(d) train the local substitute model using the synthetic dataset.
(e) use the local substitute model for predictions. The local substitute model is expected to match the performance of the victim model.