{"id":"https://openalex.org/W4414898434","doi":"https://doi.org/10.1109/icdcs63083.2025.00106","title":"Too Clever by Half: Detecting Sampling-based Model Stealing Attacks by Their Own Cleverness","display_name":"Too Clever by Half: Detecting Sampling-based Model Stealing Attacks by Their Own Cleverness","publication_year":2025,"publication_date":"2025-07-21","ids":{"openalex":"https://openalex.org/W4414898434","doi":"https://doi.org/10.1109/icdcs63083.2025.00106"},"language":"en","primary_location":{"id":"doi:10.1109/icdcs63083.2025.00106","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icdcs63083.2025.00106","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 45th International Conference on Distributed Computing Systems (ICDCS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100635494","display_name":"Xin Yao","orcid":"https://orcid.org/0000-0001-8837-4442"},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xin Yao","raw_affiliation_strings":["Central South University,School of Computer Science and Engineering,Changsha,China,410082"],"affiliations":[{"raw_affiliation_string":"Central South University,School of Computer Science and Engineering,Changsha,China,410082","institution_ids":["https://openalex.org/I139660479"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100424692","display_name":"Chenyang Wang","orcid":"https://orcid.org/0000-0001-6798-0857"},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chenyang Wang","raw_affiliation_strings":["Central South University,School of Computer Science and Engineering,Changsha,China,410082"],"affiliations":[{"raw_affiliation_string":"Central South University,School of Computer Science and Engineering,Changsha,China,410082","institution_ids":["https://openalex.org/I139660479"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013127718","display_name":"Yimin Chen","orcid":"https://orcid.org/0000-0003-2246-7587"},"institutions":[{"id":"https://openalex.org/I133738476","display_name":"University of Massachusetts Lowell","ror":"https://ror.org/03hamhx47","country_code":"US","type":"education","lineage":["https://openalex.org/I133738476"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yimin Chen","raw_affiliation_strings":["University of Massachusetts Lowell,Miner School of Computer &#x0026; Information Sciences,Lowell,MA,USA,01854"],"affiliations":[{"raw_affiliation_string":"University of Massachusetts Lowell,Miner School of Computer &#x0026; Information Sciences,Lowell,MA,USA,01854","institution_ids":["https://openalex.org/I133738476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111347477","display_name":"Keqi Huang","orcid":"https://orcid.org/0009-0006-0350-5321"},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kecheng Huang","raw_affiliation_strings":["Central South University,School of Computer Science and Engineering,Changsha,China,410082"],"affiliations":[{"raw_affiliation_string":"Central South University,School of Computer Science and Engineering,Changsha,China,410082","institution_ids":["https://openalex.org/I139660479"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101955304","display_name":"Jiawei Guo","orcid":"https://orcid.org/0000-0002-1787-1780"},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiawei Guo","raw_affiliation_strings":["Central South University,School of Computer Science and Engineering,Changsha,China,410082"],"affiliations":[{"raw_affiliation_string":"Central South University,School of Computer Science and Engineering,Changsha,China,410082","institution_ids":["https://openalex.org/I139660479"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048063101","display_name":"Ming Zhao","orcid":"https://orcid.org/0000-0002-2664-5267"},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ming Zhao","raw_affiliation_strings":["Central South University,School of Computer Science and Engineering,Changsha,China,410082"],"affiliations":[{"raw_affiliation_string":"Central South University,School of Computer Science and Engineering,Changsha,China,410082","institution_ids":["https://openalex.org/I139660479"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100635494"],"corresponding_institution_ids":["https://openalex.org/I139660479"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.14273579,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1055","last_page":"1065"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9825000166893005,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.9222000241279602,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5630000233650208},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.44859999418258667},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.43540000915527344},{"id":"https://openalex.org/keywords/dependency","display_name":"Dependency (UML)","score":0.42480000853538513},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.40549999475479126},{"id":"https://openalex.org/keywords/property","display_name":"Property (philosophy)","score":0.33640000224113464},{"id":"https://openalex.org/keywords/generative-model","display_name":"Generative model","score":0.3165000081062317},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.3118000030517578}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7950999736785889},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5630000233650208},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45809999108314514},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.44859999418258667},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4359999895095825},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.43540000915527344},{"id":"https://openalex.org/C19768560","wikidata":"https://www.wikidata.org/wiki/Q320727","display_name":"Dependency (UML)","level":2,"score":0.42480000853538513},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.40549999475479126},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3546999990940094},{"id":"https://openalex.org/C189950617","wikidata":"https://www.wikidata.org/wiki/Q937228","display_name":"Property (philosophy)","level":2,"score":0.33640000224113464},{"id":"https://openalex.org/C167966045","wikidata":"https://www.wikidata.org/wiki/Q5532625","display_name":"Generative model","level":3,"score":0.3165000081062317},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.3118000030517578},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.30169999599456787},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.3012999892234802},{"id":"https://openalex.org/C116537","wikidata":"https://www.wikidata.org/wiki/Q2169973","display_name":"Service provider","level":3,"score":0.2924000024795532},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.2903999984264374},{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.28780001401901245},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.2874000072479248},{"id":"https://openalex.org/C2775941552","wikidata":"https://www.wikidata.org/wiki/Q25212305","display_name":"Isolation (microbiology)","level":2,"score":0.2831999957561493},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.2786000072956085},{"id":"https://openalex.org/C99221444","wikidata":"https://www.wikidata.org/wiki/Q1532069","display_name":"Private information retrieval","level":2,"score":0.26350000500679016},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.2513999938964844}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icdcs63083.2025.00106","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icdcs63083.2025.00106","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 45th International Conference on Distributed Computing Systems (ICDCS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W2051267297","https://openalex.org/W2108598243","https://openalex.org/W2117876524","https://openalex.org/W2150856297","https://openalex.org/W2180612164","https://openalex.org/W2243397390","https://openalex.org/W2604847698","https://openalex.org/W2618043096","https://openalex.org/W2798991696","https://openalex.org/W2808195004","https://openalex.org/W2942497026","https://openalex.org/W2951911250","https://openalex.org/W2963303354","https://openalex.org/W2963309363","https://openalex.org/W2963465081","https://openalex.org/W2963857521","https://openalex.org/W2969695741","https://openalex.org/W2997146418","https://openalex.org/W3007318395","https://openalex.org/W3035379805","https://openalex.org/W3091857398","https://openalex.org/W3108655343","https://openalex.org/W3178659068","https://openalex.org/W3208646583","https://openalex.org/W4281398987","https://openalex.org/W4283210230","https://openalex.org/W4287332481","https://openalex.org/W4312343407","https://openalex.org/W4382317858"],"related_works":[],"abstract_inverted_index":{"Machine":[0],"learning":[1,164],"as":[2,132],"a":[3,158],"service":[4],"(MLaaS)":[5],"has":[6],"gained":[7],"significant":[8],"popularity":[9],"and":[10,70,141,145,161,183],"market":[11],"traction":[12],"in":[13,19],"recent":[14],"years,":[15],"driven":[16],"by":[17,46,105,139],"advancements":[18],"Artificial":[20],"Intelligence":[21],"particularly":[22],"Generative":[23],"AI":[24],"(GAI).":[25],"However,":[26],"MLaaS":[27,47],"faces":[28],"severe":[29,63],"challenges":[30],"from":[31,123],"sampling-based":[32,103,174,181],"model":[33,82,127],"stealing":[34],"attacks":[35,134],"(MSAs),":[36],"where":[37],"attackers":[38],"strategically":[39],"query":[40,52,159],"the":[41,51,57,124,146],"targeted":[42,125],"ML":[43],"models":[44],"provided":[45],"providers":[48],"to":[49,86,102,119,153],"minimize":[50],"burden":[53],"while":[54],"closely":[55],"replicating":[56],"model\u2019s":[58],"functionality.":[59],"Such":[60],"MSAs":[61,104,182],"pose":[62],"consequences,":[64],"including":[65],"intellectual":[66],"property":[67],"(IP)":[68],"theft":[69],"potential":[71],"leakage":[72],"of":[73],"private":[74],"training":[75],"data.":[76],"Unfortunately,":[77],"existing":[78],"defenses":[79],"either":[80],"sacrifice":[81],"utility":[83],"or":[84],"fail":[85],"generalize":[87],"across":[88,188],"diverse":[89],"MSAs.In":[90],"this":[91],"paper,":[92],"we":[93,150],"propose":[94],"DIARY,":[95],"an":[96],"innovative":[97],"detection":[98],"method":[99],"specifically":[100],"tailored":[101],"exploiting":[106],"their":[107,137],"inherent":[108],"sophistication.":[109],"Our":[110],"key":[111],"insight":[112],"is":[113],"that":[114,170],"\u2018clever\u2019":[115],"malicious":[116],"queries":[117,138,144],"tend":[118],"extract":[120,154],"more":[121],"information":[122],"(victim)":[126],"than":[128],"typical":[129],"benign":[130],"queries,":[131],"these":[133],"iteratively":[135],"refine":[136],"examining":[140],"analyzing":[142],"prior":[143],"corresponding":[147],"responses.":[148],"Hence":[149],"design":[151],"DIARY":[152],"timing":[155],"dependence":[156],"within":[157],"sequence":[160],"incorporate":[162],"contrastive":[163],"for":[165,172],"properly":[166],"characterizing":[167],"such":[168],"dependency":[169],"holds":[171],"different":[173,180],"MSAs.":[175],"Comprehensive":[176],"evaluations":[177],"using":[178],"five":[179],"two":[184],"state-of-the-art":[185],"defense":[186],"baselines":[187],"four":[189],"popular":[190],"datasets":[191],"consistently":[192],"validate":[193],"DIARY\u2019s":[194],"superior":[195],"performance.":[196]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}