{"id":"https://openalex.org/W4409657002","doi":"https://doi.org/10.1145/3696410.3714894","title":"MER-Inspector: Assessing Model Extraction Risks from An Attack-Agnostic Perspective","display_name":"MER-Inspector: Assessing Model Extraction Risks from An Attack-Agnostic Perspective","publication_year":2025,"publication_date":"2025-04-22","ids":{"openalex":"https://openalex.org/W4409657002","doi":"https://doi.org/10.1145/3696410.3714894"},"language":"en","primary_location":{"id":"doi:10.1145/3696410.3714894","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714894","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714894","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714894","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100639543","display_name":"Xinwei Zhang","orcid":"https://orcid.org/0000-0002-1267-5182"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":true,"raw_author_name":"Xinwei Zhang","raw_affiliation_strings":["Hong Kong Polytechnic University, Hong Kong, China"],"raw_orcid":"https://orcid.org/0000-0002-1267-5182","affiliations":[{"raw_affiliation_string":"Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051088560","display_name":"Haibo Hu","orcid":"https://orcid.org/0000-0002-9008-2112"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Haibo Hu","raw_affiliation_strings":["Hong Kong Polytechnic University, Hong Kong, China"],"raw_orcid":"https://orcid.org/0000-0002-9008-2112","affiliations":[{"raw_affiliation_string":"Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001652101","display_name":"Qingqing Ye","orcid":"https://orcid.org/0000-0003-1547-2847"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Qingqing Ye","raw_affiliation_strings":["Hong Kong Polytechnic University, Hong Kong, China"],"raw_orcid":"https://orcid.org/0000-0003-1547-2847","affiliations":[{"raw_affiliation_string":"Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089747351","display_name":"Li Bai","orcid":"https://orcid.org/0000-0002-7202-3178"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Li Bai","raw_affiliation_strings":["Hong Kong Polytechnic University, Hong Kong, China"],"raw_orcid":"https://orcid.org/0000-0002-7202-3178","affiliations":[{"raw_affiliation_string":"Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5007825677","display_name":"Huadi Zheng","orcid":"https://orcid.org/0000-0003-1224-9885"},"institutions":[{"id":"https://openalex.org/I2250955327","display_name":"Huawei Technologies (China)","ror":"https://ror.org/00cmhce21","country_code":"CN","type":"company","lineage":["https://openalex.org/I2250955327"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Huadi Zheng","raw_affiliation_strings":["Huawei Technologies Co., Ltd., Shenzhen, China"],"raw_orcid":"https://orcid.org/0000-0003-1224-9885","affiliations":[{"raw_affiliation_string":"Huawei Technologies Co., Ltd., Shenzhen, China","institution_ids":["https://openalex.org/I2250955327"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100639543"],"corresponding_institution_ids":["https://openalex.org/I14243506"],"apc_list":null,"apc_paid":null,"fwci":2.1733,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.880275,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"4300","last_page":"4315"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9902999997138977,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/perspective","display_name":"Perspective (graphical)","score":0.675927996635437},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6285282969474792},{"id":"https://openalex.org/keywords/extraction","display_name":"Extraction (chemistry)","score":0.4627174735069275},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4568515419960022},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.17901921272277832}],"concepts":[{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.675927996635437},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6285282969474792},{"id":"https://openalex.org/C4725764","wikidata":"https://www.wikidata.org/wiki/Q844704","display_name":"Extraction (chemistry)","level":2,"score":0.4627174735069275},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4568515419960022},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.17901921272277832},{"id":"https://openalex.org/C43617362","wikidata":"https://www.wikidata.org/wiki/Q170050","display_name":"Chromatography","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3696410.3714894","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714894","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714894","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3696410.3714894","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3696410.3714894","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3696410.3714894","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Web Conference 2025","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G8088107578","display_name":null,"funder_award_id":"92270123","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8632164231","display_name":null,"funder_award_id":"62372122","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4409657002.pdf","grobid_xml":"https://content.openalex.org/works/W4409657002.grobid-xml"},"referenced_works_count":38,"referenced_works":["https://openalex.org/W317957491","https://openalex.org/W1540155273","https://openalex.org/W1834627138","https://openalex.org/W2125204570","https://openalex.org/W2194775991","https://openalex.org/W2526529994","https://openalex.org/W2551524776","https://openalex.org/W2558687840","https://openalex.org/W2603766943","https://openalex.org/W2808195004","https://openalex.org/W2912917402","https://openalex.org/W2963303354","https://openalex.org/W2963446712","https://openalex.org/W2972997402","https://openalex.org/W2973414778","https://openalex.org/W2997146418","https://openalex.org/W3007318395","https://openalex.org/W3044796230","https://openalex.org/W3094460838","https://openalex.org/W3113058464","https://openalex.org/W3122215046","https://openalex.org/W3174136778","https://openalex.org/W4214588794","https://openalex.org/W4221160670","https://openalex.org/W4308391439","https://openalex.org/W4308410483","https://openalex.org/W4312878236","https://openalex.org/W4319793479","https://openalex.org/W4323059284","https://openalex.org/W4360898063","https://openalex.org/W4367047423","https://openalex.org/W4386608606","https://openalex.org/W4400121015","https://openalex.org/W4400121797","https://openalex.org/W4400877644","https://openalex.org/W4400910119","https://openalex.org/W4404387360","https://openalex.org/W6983402278"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2018871932","https://openalex.org/W2001405890"],"abstract_inverted_index":{"Information":[0],"leakage":[1,18],"issues":[2],"in":[3],"machine":[4],"learning-based":[5],"Web":[6],"applications":[7],"have":[8,203],"attracted":[9],"increasing":[10],"attention.":[11],"While":[12],"the":[13,23,45,67,75,87,95,116,122,170,200,216],"risk":[14],"of":[15,25,94,118,173,219],"data":[16],"privacy":[17],"has":[19,35],"been":[20,37],"rigorously":[21],"analyzed,":[22],"theory":[24],"model":[26,62,135,144,177,190,208],"function":[27],"leakage,":[28],"known":[29],"as":[30,78,149],"Model":[31,110,163],"Extraction":[32,164],"Attacks":[33],"(MEAs),":[34],"not":[36],"well":[38],"studied.":[39],"In":[40],"this":[41],"paper,":[42],"we":[43,73,103,131,158],"are":[44],"first":[46],"to":[47,56,127,168,225],"understand":[48],"MEAs":[49],"theoretically":[50],"from":[51],"an":[52,150],"attack-agnostic":[53],"perspective":[54],"and":[55,84,90,124,192,211],"propose":[57,104,159],"analytical":[58],"metrics":[59,202],"for":[60],"evaluating":[61],"extraction":[63,145,171,209,217],"risks.":[64],"By":[65,153],"using":[66],"Neural":[68],"Tangent":[69],"Kernel":[70],"(NTK)":[71],"theory,":[72],"formulate":[74],"linearized":[76],"MEA":[77],"a":[79,105,139,160,204],"regularized":[80],"kernel":[81],"classification":[82],"problem":[83],"then":[85],"derive":[86],"fidelity":[88],"gap":[89],"generalization":[91],"error":[92],"bounds":[93],"attack":[96],"performance.":[97],"Based":[98],"on":[99,188],"these":[100,155],"theoretical":[101,107],"analyses,":[102],"new":[106],"metric":[108,182],"called":[109],"Recovery":[111],"Complexity":[112],"(MRC),":[113],"which":[114,137],"measures":[115],"distance":[117],"weight":[119],"changes":[120],"between":[121],"victim":[123,134],"surrogate":[125],"models":[126,174,222],"quantify":[128],"risk.":[129],"Additionally,":[130],"find":[132],"that":[133,199],"accuracy,":[136],"shows":[138],"strong":[140],"positive":[141],"correlation":[142,206],"with":[143,207,223],"risk,":[146],"can":[147,213],"serve":[148],"empirical":[151],"metric.":[152],"integrating":[154],"two":[156,221],"metrics,":[157],"framework,":[161],"namely":[162],"Risk":[165],"Inspector":[166],"(MER-Inspector),":[167],"compare":[169,215],"risks":[172,218],"under":[175],"different":[176],"architectures":[178,191],"by":[179],"utilizing":[180],"relative":[181],"values.":[183],"We":[184],"conduct":[185],"extensive":[186],"experiments":[187],"16":[189],"5":[193],"datasets.":[194],"The":[195],"experimental":[196],"results":[197],"demonstrate":[198],"proposed":[201],"high":[205],"risks,":[210],"MER-Inspector":[212],"accurately":[214],"any":[220],"up":[224],"89.58%.":[226]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}