{"id":"https://openalex.org/W3141043040","doi":"https://doi.org/10.1109/tdsc.2021.3069258","title":"Monitoring-Based Differential Privacy Mechanism Against Query Flooding-Based Model Extraction Attack","display_name":"Monitoring-Based Differential Privacy Mechanism Against Query Flooding-Based Model Extraction Attack","publication_year":2021,"publication_date":"2021-03-29","ids":{"openalex":"https://openalex.org/W3141043040","doi":"https://doi.org/10.1109/tdsc.2021.3069258","mag":"3141043040"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2021.3069258","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3069258","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5048417676","display_name":"Haonan Yan","orcid":"https://orcid.org/0000-0002-1784-6091"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Haonan Yan","raw_affiliation_strings":["State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi&#x0027;an, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi&#x0027;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100373860","display_name":"Xiaoguang Li","orcid":"https://orcid.org/0000-0002-1839-1607"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]},{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["CN","US"],"is_corresponding":false,"raw_author_name":"Xiaoguang Li","raw_affiliation_strings":["State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi&#x0027;an, China","Department of Computer and Information Technology, Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi&#x0027;an, China","institution_ids":["https://openalex.org/I149594827"]},{"raw_affiliation_string":"Department of Computer and Information Technology, Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024453724","display_name":"Hui Li","orcid":"https://orcid.org/0000-0001-8310-7169"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hui Li","raw_affiliation_strings":["State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi&#x0027;an, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi&#x0027;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100730410","display_name":"Jiamin Li","orcid":"https://orcid.org/0000-0001-8110-2436"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiamin Li","raw_affiliation_strings":["State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi&#x0027;an, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi&#x0027;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045191954","display_name":"Wenhai Sun","orcid":"https://orcid.org/0000-0003-0458-0092"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wenhai Sun","raw_affiliation_strings":["Department of Computer and Information Technology, Purdue University, West Lafayette, IN, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer and Information Technology, Purdue University, West Lafayette, IN, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100325261","display_name":"Fenghua Li","orcid":"https://orcid.org/0000-0003-2994-8738"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fenghua Li","raw_affiliation_strings":["State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academic of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academic of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5048417676"],"corresponding_institution_ids":["https://openalex.org/I149594827"],"apc_list":null,"apc_paid":null,"fwci":4.8144,"has_fulltext":false,"cited_by_count":51,"citation_normalized_percentile":{"value":0.95571027,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":"19","issue":"4","first_page":"2680","last_page":"2694"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9937000274658203,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.765606164932251},{"id":"https://openalex.org/keywords/differential-privacy","display_name":"Differential privacy","score":0.546258807182312},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.5094240307807922},{"id":"https://openalex.org/keywords/flooding","display_name":"Flooding (psychology)","score":0.46859803795814514},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.401213675737381},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3765297532081604},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3661627173423767},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.34095072746276855}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.765606164932251},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.546258807182312},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.5094240307807922},{"id":"https://openalex.org/C186594467","wikidata":"https://www.wikidata.org/wiki/Q1429176","display_name":"Flooding (psychology)","level":2,"score":0.46859803795814514},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.401213675737381},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3765297532081604},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3661627173423767},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34095072746276855},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2021.3069258","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2021.3069258","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6800000071525574,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G1906728616","display_name":null,"funder_award_id":"201906960075","funder_id":"https://openalex.org/F4320322725","funder_display_name":"China Scholarship Council"},{"id":"https://openalex.org/G306439148","display_name":null,"funder_award_id":"U1836203","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G673329116","display_name":null,"funder_award_id":"B16037","funder_id":"https://openalex.org/F4320327912","funder_display_name":"Higher Education Discipline Innovation Project"}],"funders":[{"id":"https://openalex.org/F4320309036","display_name":"Purdue University","ror":"https://ror.org/02dqehb95"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322725","display_name":"China Scholarship Council","ror":"https://ror.org/04atp4p48"},{"id":"https://openalex.org/F4320327912","display_name":"Higher Education Discipline Innovation Project","ror":null},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":51,"referenced_works":["https://openalex.org/W1574447377","https://openalex.org/W1821462560","https://openalex.org/W1991669689","https://openalex.org/W2050411378","https://openalex.org/W2051267297","https://openalex.org/W2053637704","https://openalex.org/W2101234009","https://openalex.org/W2109426455","https://openalex.org/W2255147616","https://openalex.org/W2268542889","https://openalex.org/W2461943168","https://openalex.org/W2473418344","https://openalex.org/W2535690855","https://openalex.org/W2582825155","https://openalex.org/W2603766943","https://openalex.org/W2623427976","https://openalex.org/W2805104469","https://openalex.org/W2879765882","https://openalex.org/W2906869444","https://openalex.org/W2950943617","https://openalex.org/W2955636524","https://openalex.org/W2962835266","https://openalex.org/W2963303354","https://openalex.org/W2963465081","https://openalex.org/W2963629772","https://openalex.org/W2963844355","https://openalex.org/W2969695741","https://openalex.org/W2972997402","https://openalex.org/W2978172845","https://openalex.org/W2979477102","https://openalex.org/W3035168593","https://openalex.org/W3037261120","https://openalex.org/W3041206960","https://openalex.org/W3168455774","https://openalex.org/W4205228770","https://openalex.org/W4239953570","https://openalex.org/W4297799122","https://openalex.org/W6604919213","https://openalex.org/W6628547770","https://openalex.org/W6628911050","https://openalex.org/W6638523607","https://openalex.org/W6675354045","https://openalex.org/W6677855611","https://openalex.org/W6691665703","https://openalex.org/W6695731146","https://openalex.org/W6728897251","https://openalex.org/W6751912496","https://openalex.org/W6758096801","https://openalex.org/W6779786081","https://openalex.org/W6779987556","https://openalex.org/W6780803235"],"related_works":["https://openalex.org/W4387497383","https://openalex.org/W3183948672","https://openalex.org/W3173606202","https://openalex.org/W3110381201","https://openalex.org/W2948807893","https://openalex.org/W2935909890","https://openalex.org/W2778153218","https://openalex.org/W2758277628","https://openalex.org/W1531601525","https://openalex.org/W3038283795"],"abstract_inverted_index":{"Public":[0],"intelligent":[1],"services":[2],"enabled":[3],"by":[4],"machine":[5],"learning":[6,21],"algorithms":[7],"are":[8,28,40],"vulnerable":[9],"to":[10,44,127,139,168],"model":[11,74,85,165],"extraction":[12,119],"attacks":[13],"that":[14,51],"can":[15,71],"steal":[16],"confidential":[17],"information":[18,75],"of":[19,83,131,160],"the":[20,52,73,129,132,141,158,164,169,178,187],"models":[22,196],"through":[23],"public":[24],"queries.":[25],"Though":[26],"there":[27],"some":[29],"protection":[30],"options":[31],"such":[32],"as":[33],"differential":[34,142],"privacy":[35,143],"(DP)":[36],"and":[37,79,175,185,190,199],"monitoring,":[38],"which":[39],"considered":[41],"promising":[42],"techniques":[43],"mitigate":[45],"this":[46,56,105],"attack,":[47],"we":[48,58,110,135,182],"still":[49],"find":[50],"vulnerability":[53],"persists.":[54],"In":[55,108],"article,":[57],"propose":[59,112],"an":[60],"adaptive":[61],"<italic":[62,116,124,172],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[63,117,125,173],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">query-flooding":[64],"parameter":[65],"duplication</i>":[66],"(QPD)":[67],"attack.":[68,107,180],"The":[69],"adversary":[70],"infer":[72],"with":[76,153,197],"black-box":[77],"access":[78],"no":[80],"prior":[81],"knowledge":[82],"any":[84],"parameters":[86],"or":[87],"training":[88],"data":[89],"via":[90],"QPD.":[91],"We":[92],"also":[93],"develop":[94],"a":[95,113,137],"defense":[96,192],"strategy":[97],"using":[98],"DP":[99,102,198],"called":[100,123,146],"monitoring-based":[101],"(MDP)":[103],"against":[104],"new":[106],"MDP,":[109],"first":[111],"novel":[114],"real-time":[115],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">model":[118],"status":[120],"assessment</i>":[121],"scheme":[122],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">Monitor</i>":[126,174],"evaluate":[128,184],"situation":[130],"model.":[133],"Then,":[134],"design":[136],"method":[138],"guide":[140],"budget":[144],"allocation":[145],"APBA":[147],"adaptively.":[148],"Finally,":[149],"all":[150],"DP-based":[151],"defenses":[152],"MDP":[154,191],"could":[155],"dynamically":[156],"adjust":[157],"amount":[159],"noise":[161],"added":[162],"in":[163],"response":[166],"according":[167],"result":[170],"from":[171],"effectively":[176],"defends":[177],"QPD":[179,188],"Furthermore,":[181],"thoroughly":[183],"compare":[186],"attack":[189],"performance":[193],"on":[194],"real-world":[195],"monitoring":[200],"protection.":[201]},"counts_by_year":[{"year":2025,"cited_by_count":17},{"year":2024,"cited_by_count":17},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}