{"id":"https://openalex.org/W3087685156","doi":"https://doi.org/10.1109/tetci.2022.3147508","title":"ES Attack: Model Stealing Against Deep Neural Networks Without Data Hurdles","display_name":"ES Attack: Model Stealing Against Deep Neural Networks Without Data Hurdles","publication_year":2022,"publication_date":"2022-03-03","ids":{"openalex":"https://openalex.org/W3087685156","doi":"https://doi.org/10.1109/tetci.2022.3147508","mag":"3087685156"},"language":"en","primary_location":{"id":"doi:10.1109/tetci.2022.3147508","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tetci.2022.3147508","pdf_url":null,"source":{"id":"https://openalex.org/S4210210251","display_name":"IEEE Transactions on Emerging Topics in Computational Intelligence","issn_l":"2471-285X","issn":["2471-285X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Emerging Topics in Computational Intelligence","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5010643450","display_name":"Xiaoyong Yuan","orcid":"https://orcid.org/0000-0003-0782-4187"},"institutions":[{"id":"https://openalex.org/I11957088","display_name":"Michigan Technological University","ror":"https://ror.org/0036rpn28","country_code":"US","type":"education","lineage":["https://openalex.org/I11957088"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaoyong Yuan","raw_affiliation_strings":["College of Computing, Michigan Technological University, Houghton, MI, USA"],"affiliations":[{"raw_affiliation_string":"College of Computing, Michigan Technological University, Houghton, MI, USA","institution_ids":["https://openalex.org/I11957088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037645054","display_name":"Lei Ding","orcid":"https://orcid.org/0000-0002-1534-6237"},"institutions":[{"id":"https://openalex.org/I181401687","display_name":"American University","ror":"https://ror.org/052w4zt36","country_code":"US","type":"education","lineage":["https://openalex.org/I181401687"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Leah Ding","raw_affiliation_strings":["Department of Computer Science, American University, Washington, DC, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, American University, Washington, DC, USA","institution_ids":["https://openalex.org/I181401687"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100322310","display_name":"Lan Zhang","orcid":"https://orcid.org/0000-0002-7718-6128"},"institutions":[{"id":"https://openalex.org/I11957088","display_name":"Michigan Technological University","ror":"https://ror.org/0036rpn28","country_code":"US","type":"education","lineage":["https://openalex.org/I11957088"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lan Zhang","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Michigan Technological University, Houghton, MI, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Michigan Technological University, Houghton, MI, USA","institution_ids":["https://openalex.org/I11957088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100353846","display_name":"Xiaolin Li","orcid":"https://orcid.org/0000-0002-3368-159X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiaolin Li","raw_affiliation_strings":["Deep Learning, Cognization Lab, Palo Alto, CA, USA"],"affiliations":[{"raw_affiliation_string":"Deep Learning, Cognization Lab, Palo Alto, CA, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001469325","display_name":"Dapeng Wu","orcid":"https://orcid.org/0000-0003-1755-0183"},"institutions":[{"id":"https://openalex.org/I33213144","display_name":"University of Florida","ror":"https://ror.org/02y3ad647","country_code":"US","type":"education","lineage":["https://openalex.org/I33213144"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dapeng Oliver Wu","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, USA","institution_ids":["https://openalex.org/I33213144"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5010643450"],"corresponding_institution_ids":["https://openalex.org/I11957088"],"apc_list":null,"apc_paid":null,"fwci":5.5198,"has_fulltext":false,"cited_by_count":44,"citation_normalized_percentile":{"value":0.96248851,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":93,"max":100},"biblio":{"volume":"6","issue":"5","first_page":"1258","last_page":"1270"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9914000034332275,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9900000095367432,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6257729530334473},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6226013898849487},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.49169594049453735},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.45407095551490784},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35122501850128174}],"concepts":[{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6257729530334473},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6226013898849487},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.49169594049453735},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.45407095551490784},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35122501850128174}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tetci.2022.3147508","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tetci.2022.3147508","pdf_url":null,"source":{"id":"https://openalex.org/S4210210251","display_name":"IEEE Transactions on Emerging Topics in Computational Intelligence","issn_l":"2471-285X","issn":["2471-285X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Emerging Topics in Computational Intelligence","raw_type":"journal-article"},{"id":"pmh:oai:digitalcommons.mtu.edu:michigantech-p-35156","is_oa":false,"landing_page_url":"https://digitalcommons.mtu.edu/michigantech-p/15854","pdf_url":null,"source":{"id":"https://openalex.org/S4377196391","display_name":"Digital Commons - Michigan Tech (Michigan Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11957088","host_organization_name":"Michigan Technological University","host_organization_lineage":["https://openalex.org/I11957088"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Michigan Tech Publications, Part 1","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7599999904632568,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G252616945","display_name":null,"funder_award_id":"CCF-2106610","funder_id":"https://openalex.org/F4320335353","funder_display_name":"National Science Foundation of Sri Lanka"},{"id":"https://openalex.org/G2942565751","display_name":null,"funder_award_id":"CCF-2007210","funder_id":"https://openalex.org/F4320335353","funder_display_name":"National Science Foundation of Sri Lanka"},{"id":"https://openalex.org/G521436067","display_name":null,"funder_award_id":"CCF-2106754","funder_id":"https://openalex.org/F4320335353","funder_display_name":"National Science Foundation of Sri Lanka"}],"funders":[{"id":"https://openalex.org/F4320335353","display_name":"National Science Foundation of Sri Lanka","ror":"https://ror.org/010xaa060"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W1677182931","https://openalex.org/W1821462560","https://openalex.org/W1932198206","https://openalex.org/W2001610032","https://openalex.org/W2112796928","https://openalex.org/W2194775991","https://openalex.org/W2294370754","https://openalex.org/W2335728318","https://openalex.org/W2408141691","https://openalex.org/W2548275288","https://openalex.org/W2570685808","https://openalex.org/W2603766943","https://openalex.org/W2766966408","https://openalex.org/W2793398195","https://openalex.org/W2808195004","https://openalex.org/W2902986194","https://openalex.org/W2911803042","https://openalex.org/W2944977718","https://openalex.org/W2945528222","https://openalex.org/W2963178695","https://openalex.org/W2963303354","https://openalex.org/W2963306805","https://openalex.org/W2963373786","https://openalex.org/W2963465081","https://openalex.org/W2963844355","https://openalex.org/W2963857521","https://openalex.org/W2963981733","https://openalex.org/W2964121744","https://openalex.org/W2964153729","https://openalex.org/W2964253222","https://openalex.org/W2964318098","https://openalex.org/W2969695741","https://openalex.org/W2982802130","https://openalex.org/W2997006708","https://openalex.org/W3007318395","https://openalex.org/W3034530016","https://openalex.org/W3034957837","https://openalex.org/W3035460915","https://openalex.org/W3103932910","https://openalex.org/W3118608800","https://openalex.org/W3174136778","https://openalex.org/W4293846201","https://openalex.org/W6631190155","https://openalex.org/W6637162671","https://openalex.org/W6638523607","https://openalex.org/W6714069269","https://openalex.org/W6718379498","https://openalex.org/W6729482032","https://openalex.org/W6731927902","https://openalex.org/W6745689806","https://openalex.org/W6746090280","https://openalex.org/W6749255846","https://openalex.org/W6762685017","https://openalex.org/W6762840122","https://openalex.org/W6765779288","https://openalex.org/W6787972765"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W3046775127","https://openalex.org/W3107602296","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347"],"abstract_inverted_index":{"Deep":[0],"neural":[1],"networks":[2],"(DNNs)":[3],"have":[4],"become":[5],"the":[6,56,75,120,127,142,190],"essential":[7],"components":[8],"for":[9],"various":[10],"commercialized":[11],"machine":[12,27],"learning":[13,28],"services,":[14],"such":[15,59],"as":[16,19],"Machine":[17],"Learning":[18],"a":[20,62,88,109,115],"Service":[21],"(MLaaS).":[22],"Recent":[23],"studies":[24],"show":[25],"that":[26],"services":[29],"face":[30],"severe":[31],"privacy":[32],"threats":[33],"-":[34],"well-trained":[35],"DNNs":[36],"owned":[37],"by":[38],"MLaaS":[39],"providers":[40],"can":[41],"be":[42],"stolen":[43,191],"through":[44],"public":[45],"APIs,":[46],"namely":[47],"model":[48,90,111,144,157,166],"stealing":[49,91,158],"attacks.":[50],"However,":[51],"most":[52,155,169],"existing":[53,156],"works":[54],"undervalued":[55],"impact":[57],"of":[58,119,129,165],"attacks,":[60],"where":[61],"successful":[63],"attack":[64,92],"has":[65],"to":[66],"acquire":[67],"confidential":[68],"training":[69],"data":[70,73,95,146,162],"or":[71],"auxiliary":[72,161],"regarding":[74],"victim":[76,121,143],"DNN.":[77,122],"In":[78],"this":[79],"paper,":[80],"we":[81],"propose":[82],"<italic":[83,103,130,136,149,175,181],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[84,104,131,137,150,176,182],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">ES":[85,105,132,138,151,177,183],"Attack</i>":[86,106,133,139,152,178,184],",":[87],"novel":[89],"without":[93,145],"any":[94],"hurdles.":[96],"By":[97],"using":[98,160],"heuristically":[99],"generated":[100],"synthetic":[101],"data,":[102],"iteratively":[107],"trains":[108],"substitute":[110],"and":[112,148],"eventually":[113],"achieves":[114],"functionally":[116],"equivalent":[117],"copy":[118],"The":[123],"experimental":[124],"results":[125],"reveal":[126],"severity":[128],":":[134],"i)":[135],"successfully":[140],"steals":[141],"hurdles,":[147],"even":[153],"outperforms":[154],"attacks":[159,187],"in":[163,173],"terms":[164],"accuracy;":[167],"ii)":[168],"countermeasures":[170],"are":[171],"ineffective":[172],"defending":[174],";":[179],"iii)":[180],"facilitates":[185],"further":[186],"relying":[188],"on":[189],"model.":[192]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":13},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":2}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}