{"id":"https://openalex.org/W4406011950","doi":"https://doi.org/10.1109/tdsc.2024.3520599","title":"FDINet: Protecting Against DNN Model Extraction Using Feature Distortion Index","display_name":"FDINet: Protecting Against DNN Model Extraction Using Feature Distortion Index","publication_year":2025,"publication_date":"2025-01-02","ids":{"openalex":"https://openalex.org/W4406011950","doi":"https://doi.org/10.1109/tdsc.2024.3520599"},"language":"en","primary_location":{"id":"doi:10.1109/tdsc.2024.3520599","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3520599","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040545892","display_name":"Hongwei Yao","orcid":"https://orcid.org/0000-0003-4680-5536"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hongwei Yao","raw_affiliation_strings":["State Key Laboratory of Blockchain and Data Security, Zhejiang University, Zhejiang, China","The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Blockchain and Data Security, Zhejiang University, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100784621","display_name":"Zheng Li","orcid":"https://orcid.org/0000-0002-6630-1311"},"institutions":[{"id":"https://openalex.org/I1305996414","display_name":"Helmholtz Association of German Research Centres","ror":"https://ror.org/0281dp749","country_code":"DE","type":"government","lineage":["https://openalex.org/I1305996414"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Zheng Li","raw_affiliation_strings":["German National Big Science Institution within the Helmholtz Association, Saarbr&#x00FC;cken, Germany","German National Big Science Institution, German"],"affiliations":[{"raw_affiliation_string":"German National Big Science Institution within the Helmholtz Association, Saarbr&#x00FC;cken, Germany","institution_ids":["https://openalex.org/I1305996414"]},{"raw_affiliation_string":"German National Big Science Institution, German","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026598555","display_name":"Haiqin Weng","orcid":"https://orcid.org/0000-0002-3005-761X"},"institutions":[{"id":"https://openalex.org/I168719708","display_name":"City University of Hong Kong","ror":"https://ror.org/03q8dnn23","country_code":"HK","type":"education","lineage":["https://openalex.org/I168719708"]},{"id":"https://openalex.org/I4210114441","display_name":"Zhejiang Provincial Public Security Department","ror":"https://ror.org/01z3tch16","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210114441"]},{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN","HK"],"is_corresponding":false,"raw_author_name":"Haiqin Weng","raw_affiliation_strings":["Department of Security and Trust Division, Ant Group, Hangzhou, China","Department of Computer Science, City University of Hong Kong, Hong Kong","State Key Laboratory of Blockchain and Data Security, Zhejiang University, China"],"affiliations":[{"raw_affiliation_string":"Department of Security and Trust Division, Ant Group, Hangzhou, China","institution_ids":["https://openalex.org/I4210114441"]},{"raw_affiliation_string":"Department of Computer Science, City University of Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I168719708"]},{"raw_affiliation_string":"State Key Laboratory of Blockchain and Data Security, Zhejiang University, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101797421","display_name":"Xue Feng","orcid":null},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Feng Xue","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Zhejiang, China","The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043524348","display_name":"Zhan Qin","orcid":"https://orcid.org/0000-0001-7872-6969"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhan Qin","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Zhejiang, China","The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5105297718","display_name":"Kui Ren","orcid":"https://orcid.org/0000-0002-1969-2591"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kui Ren","raw_affiliation_strings":["The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Zhejiang, China","The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Zhejiang, China","institution_ids":["https://openalex.org/I76130692"]},{"raw_affiliation_string":"The State Key Laboratory of Blockchain and Data Security, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5040545892"],"corresponding_institution_ids":["https://openalex.org/I76130692"],"apc_list":null,"apc_paid":null,"fwci":4.7137,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.93422275,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":"22","issue":"4","first_page":"3179","last_page":"3191"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7914000153541565,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7914000153541565,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T14510","display_name":"Medical Imaging and Analysis","score":0.6980000138282776,"subfield":{"id":"https://openalex.org/subfields/2204","display_name":"Biomedical Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7379904985427856},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.7092804908752441},{"id":"https://openalex.org/keywords/distortion","display_name":"Distortion (music)","score":0.634616494178772},{"id":"https://openalex.org/keywords/index","display_name":"Index (typography)","score":0.6078343391418457},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5110105276107788},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.46432891488075256},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.45745009183883667},{"id":"https://openalex.org/keywords/computer-vision","display_name":"Computer vision","score":0.34120339155197144},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.1919349730014801},{"id":"https://openalex.org/keywords/bandwidth","display_name":"Bandwidth (computing)","score":0.11985599994659424}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7379904985427856},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.7092804908752441},{"id":"https://openalex.org/C126780896","wikidata":"https://www.wikidata.org/wiki/Q899871","display_name":"Distortion (music)","level":4,"score":0.634616494178772},{"id":"https://openalex.org/C2777382242","wikidata":"https://www.wikidata.org/wiki/Q6017816","display_name":"Index (typography)","level":2,"score":0.6078343391418457},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5110105276107788},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.46432891488075256},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.45745009183883667},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.34120339155197144},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.1919349730014801},{"id":"https://openalex.org/C2776257435","wikidata":"https://www.wikidata.org/wiki/Q1576430","display_name":"Bandwidth (computing)","level":2,"score":0.11985599994659424},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C194257627","wikidata":"https://www.wikidata.org/wiki/Q211554","display_name":"Amplifier","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2024.3520599","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2024.3520599","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.47999998927116394,"display_name":"Climate action","id":"https://metadata.un.org/sdg/13"}],"awards":[{"id":"https://openalex.org/G1349971534","display_name":null,"funder_award_id":"62206207","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G1803704698","display_name":null,"funder_award_id":"62072395","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3935748781","display_name":null,"funder_award_id":"U20A20178","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":58,"referenced_works":["https://openalex.org/W2067713319","https://openalex.org/W2535690855","https://openalex.org/W2603766943","https://openalex.org/W2808195004","https://openalex.org/W2879765882","https://openalex.org/W2963303354","https://openalex.org/W2963465081","https://openalex.org/W2969695741","https://openalex.org/W2972997402","https://openalex.org/W2973414778","https://openalex.org/W2997146418","https://openalex.org/W3007318395","https://openalex.org/W3034530016","https://openalex.org/W3035379805","https://openalex.org/W3035556764","https://openalex.org/W3113058464","https://openalex.org/W3119841746","https://openalex.org/W3139434763","https://openalex.org/W3167676691","https://openalex.org/W3174136778","https://openalex.org/W3175685622","https://openalex.org/W3178659068","https://openalex.org/W3179216274","https://openalex.org/W3190229640","https://openalex.org/W3206880386","https://openalex.org/W3208646583","https://openalex.org/W4221155126","https://openalex.org/W4229449242","https://openalex.org/W4283156875","https://openalex.org/W4290945651","https://openalex.org/W4312343407","https://openalex.org/W4313555702","https://openalex.org/W4386072376","https://openalex.org/W4400913543","https://openalex.org/W6638046521","https://openalex.org/W6738898614","https://openalex.org/W6755174528","https://openalex.org/W6760237559","https://openalex.org/W6761152059","https://openalex.org/W6766394743","https://openalex.org/W6770088130","https://openalex.org/W6770411749","https://openalex.org/W6772101090","https://openalex.org/W6774150056","https://openalex.org/W6775078712","https://openalex.org/W6776644305","https://openalex.org/W6784730007","https://openalex.org/W6787144186","https://openalex.org/W6787972765","https://openalex.org/W6789690338","https://openalex.org/W6790544463","https://openalex.org/W6790889838","https://openalex.org/W6797718555","https://openalex.org/W6797987041","https://openalex.org/W6798190327","https://openalex.org/W6810033617","https://openalex.org/W6838755830","https://openalex.org/W6842301077"],"related_works":["https://openalex.org/W2601157893","https://openalex.org/W2373006798","https://openalex.org/W2131735617","https://openalex.org/W2056912418","https://openalex.org/W2033213769","https://openalex.org/W4312376745","https://openalex.org/W2136016640","https://openalex.org/W2049538278","https://openalex.org/W2886173746","https://openalex.org/W4200043248"],"abstract_inverted_index":{"Machine":[0],"Learning":[1],"as":[2],"a":[3,42,95,115,169],"Service":[4],"(MLaaS)":[5],"platforms":[6],"have":[7],"gained":[8],"popularity":[9],"due":[10],"to":[11,32,98,113,122,134,160,188,208,225],"their":[12],"accessibility,":[13],"cost-efficiency,":[14],"scalability,":[15],"and":[16,118,146,177],"rapid":[17],"development":[18],"capabilities.":[19],"However,":[20],"recent":[21],"research":[22],"has":[23],"highlighted":[24],"the":[25,48,60,64,70,80,101,154,206,223],"vulnerability":[26],"of":[27,51,73,79,105,199,229],"cloud-based":[28],"models":[29],"in":[30,164],"MLaaS":[31],"model":[33,149,166],"extraction":[34,128,140,191],"attacks.":[35,129,231],"In":[36],"this":[37,86],"paper,":[38],"we":[39,67,89],"introduce":[40],"FDINet,":[41],"novel":[43],"defense":[44],"mechanism":[45],"that":[46,69,78],"leverages":[47],"feature":[49,61,71,102],"distribution":[50,62,72,103],"deep":[52],"neural":[53],"network":[54],"(DNN)":[55],"models.":[56],"Concretely,":[57],"by":[58],"analyzing":[59],"from":[63,77,126],"adversary's":[65],"queries,":[66],"reveal":[68],"these":[74],"queries":[75,187],"deviates":[76],"model's":[81],"problem":[82],"domain.":[83],"Based":[84],"on":[85,142,175],"key":[87],"observation,":[88],"propose":[90],"Feature":[91],"Distortion":[92],"Index":[93],"(FDI),":[94],"metric":[96],"designed":[97],"quantitatively":[99],"measure":[100],"deviation":[104],"received":[106],"queries.":[107],"The":[108],"proposed":[109],"FDINet":[110,136,158,180,204],"utilizes":[111],"FDI":[112,120],"train":[114],"binary":[116],"detector":[117],"exploits":[119],"similarity":[121],"identify":[123,209],"colluding":[124,210],"adversaries":[125,211],"distributed":[127],"We":[130],"conduct":[131],"extensive":[132],"experiments":[133],"evaluate":[135],"against":[137],"six":[138],"state-of-the-art":[139],"attacks":[141],"four":[143,147],"benchmark":[144],"datasets":[145],"popular":[148],"architectures.":[150],"Empirical":[151],"results":[152],"demonstrate":[153],"following":[155],"findings:":[156],"(1)":[157],"proves":[159],"be":[161],"highly":[162,182],"effective":[163],"detecting":[165],"extraction,":[167],"achieving":[168],"<bold":[170,195,215],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[171,196,216],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">100%":[172],"detection":[173],"accuracy</b>":[174],"DFME":[176],"DaST.":[178],"(2)":[179],"is":[181],"efficient,":[183],"using":[184],"just":[185],"50":[186],"raise":[189],"an":[190,194,213],"alarm":[192],"with":[193,212],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">average":[197],"confidence":[198],"96.08%</b>":[200],"for":[201],"GTSRB.":[202],"(3)":[203],"exhibits":[205],"capability":[207],"accuracy":[214],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">exceeding":[217],"91%</b>":[218],".":[219],"Additionally,":[220],"it":[221],"demonstrates":[222],"ability":[224],"detect":[226],"two":[227],"types":[228],"adaptive":[230]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}