{"id":"https://openalex.org/W4405270879","doi":"https://doi.org/10.1109/tifs.2024.3515792","title":"Augmenting Model Extraction Attacks Against Disruption-Based Defenses","display_name":"Augmenting Model Extraction Attacks Against Disruption-Based Defenses","publication_year":2024,"publication_date":"2024-12-11","ids":{"openalex":"https://openalex.org/W4405270879","doi":"https://doi.org/10.1109/tifs.2024.3515792"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2024.3515792","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2024.3515792","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046712504","display_name":"Xueluan Gong","orcid":"https://orcid.org/0000-0003-2190-8117"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Xueluan Gong","raw_affiliation_strings":["Nanyang Technological University, Jurong West, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Jurong West, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059696543","display_name":"Shuaike Li","orcid":"https://orcid.org/0009-0006-6063-8817"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shuaike Li","raw_affiliation_strings":["School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015275781","display_name":"Yanjiao Chen","orcid":"https://orcid.org/0000-0002-1382-0679"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanjiao Chen","raw_affiliation_strings":["College of Electrical Engineering, Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"College of Electrical Engineering, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100775681","display_name":"Mingzhe Li","orcid":"https://orcid.org/0000-0003-0352-5630"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingzhe Li","raw_affiliation_strings":["School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115061198","display_name":"Rubin Wei","orcid":null},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rubin Wei","raw_affiliation_strings":["School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100391116","display_name":"Qian Wang","orcid":"https://orcid.org/0000-0002-8967-8525"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qian Wang","raw_affiliation_strings":["School of Cyber Science and Engineering, Wuhan University, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101720092","display_name":"Kwok\u2010Yan Lam","orcid":"https://orcid.org/0000-0001-7479-7970"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Kwok-Yan Lam","raw_affiliation_strings":["Nanyang Technological University, Jurong West, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Jurong West, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5046712504"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":0.3637,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.69820651,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"20","issue":null,"first_page":"531","last_page":"546"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7643687725067139},{"id":"https://openalex.org/keywords/extraction","display_name":"Extraction (chemistry)","score":0.5066571831703186},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4518621861934662}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7643687725067139},{"id":"https://openalex.org/C4725764","wikidata":"https://www.wikidata.org/wiki/Q844704","display_name":"Extraction (chemistry)","level":2,"score":0.5066571831703186},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4518621861934662},{"id":"https://openalex.org/C43617362","wikidata":"https://www.wikidata.org/wiki/Q170050","display_name":"Chromatography","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2024.3515792","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2024.3515792","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2404993877","display_name":null,"funder_award_id":"U20B2049","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6034313629","display_name":null,"funder_award_id":"U21B2018","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W1515851193","https://openalex.org/W1686810756","https://openalex.org/W1821462560","https://openalex.org/W1873763122","https://openalex.org/W2117876524","https://openalex.org/W2147800946","https://openalex.org/W2187089797","https://openalex.org/W2194775991","https://openalex.org/W2603766943","https://openalex.org/W2750384547","https://openalex.org/W2794363191","https://openalex.org/W2808195004","https://openalex.org/W2963303354","https://openalex.org/W2963351448","https://openalex.org/W2963470657","https://openalex.org/W2969695741","https://openalex.org/W2972997402","https://openalex.org/W2973414778","https://openalex.org/W2995049146","https://openalex.org/W2997146418","https://openalex.org/W3007318395","https://openalex.org/W3035379805","https://openalex.org/W3096831136","https://openalex.org/W3103932910","https://openalex.org/W3107725882","https://openalex.org/W3118608800","https://openalex.org/W3119841746","https://openalex.org/W3141043040","https://openalex.org/W3174136778","https://openalex.org/W3178659068","https://openalex.org/W4229977739","https://openalex.org/W4311415873","https://openalex.org/W4385080307","https://openalex.org/W6628547770","https://openalex.org/W6637373629","https://openalex.org/W6684191040","https://openalex.org/W6736057607","https://openalex.org/W6743688258","https://openalex.org/W6750222692","https://openalex.org/W6760237559","https://openalex.org/W6768532476","https://openalex.org/W6772101090","https://openalex.org/W6787972765","https://openalex.org/W6790889838"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Existing":[0],"research":[1],"has":[2],"demonstrated":[3],"that":[4,178],"deep":[5],"neural":[6],"networks":[7],"are":[8],"susceptible":[9],"to":[10,25,56,109,144,167,194],"model":[11,21,28,67,96,181,185,202],"extraction":[12,68,97,186,203],"attacks,":[13,38],"where":[14],"an":[15],"attacker":[16],"can":[17,91,188],"construct":[18],"a":[19,105,155],"substitute":[20,180],"with":[22,199],"similar":[23],"functionality":[24],"the":[26,31,48,64,100,111,116,120,124,133,138,150,169,179],"victim":[27,33],"by":[29,115,118,192,222],"querying":[30],"black-box":[32],"model.":[34,158],"To":[35],"counter":[36],"such":[37],"various":[39],"disruption-based":[40,74],"defenses":[41,46,215],"have":[42],"been":[43],"proposed.":[44],"These":[45],"disrupt":[47],"output":[49],"results":[50,148,176,211],"of":[51,126,171,183],"queries":[52],"before":[53],"returning":[54],"them":[55],"potential":[57],"attackers.":[58],"In":[59],"this":[60],"paper,":[61],"we":[62],"propose":[63],"first":[65],"defense-penetrating":[66],"attack":[69,79,207],"framework,":[70],"aimed":[71],"at":[72],"breaking":[73],"defense":[75,112,134],"methods.":[76],"Our":[77],"proposed":[78,173],"framework":[80],"comprises":[81],"two":[82],"key":[83,121],"modules:":[84],"disruption":[85,88,101,139],"detection":[86,102],"and":[87,128,225],"recovery,":[89],"which":[90],"be":[92,189],"integrated":[93],"into":[94],"generic":[95],"attacks.":[98],"Specifically,":[99],"module":[103,141],"uses":[104],"novel":[106],"meta-learning-based":[107],"algorithm":[108],"infer":[110],"strategy":[113],"employed":[114],"defender,":[117],"learning":[119],"differences":[122],"between":[123],"distributions":[125],"disrupted":[127,151],"undisrupted":[129],"query":[130,147,152],"results.":[131],"Once":[132],"method":[135],"is":[136,142],"inferred,":[137],"recovery":[140],"designed":[143],"restore":[145],"clean":[146],"from":[149],"results,":[153],"using":[154],"carefully-designed":[156],"generative":[157],"We":[159],"conducted":[160],"extensive":[161],"experiments":[162],"on":[163],"5":[164],"commonly-used":[165],"datasets":[166],"evaluate":[168],"effectiveness":[170],"our":[172,206],"framework.":[174],"The":[175],"demonstrate":[177],"accuracy":[182],"current":[184],"attacks":[187],"significantly":[190],"improved":[191],"up":[193],"82.42%,":[195],"even":[196],"when":[197],"faced":[198],"four":[200],"state-of-the-art":[201],"defenses.":[204],"Moreover,":[205],"approach":[208],"shows":[209],"promising":[210],"in":[212,216],"penetrating":[213],"unknown":[214],"real-world":[217],"cloud":[218],"service":[219],"APIs":[220],"hosted":[221],"Microsoft":[223],"Azure":[224],"Face++.":[226]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-12-22T23:10:17.713674","created_date":"2025-10-10T00:00:00"}