{"id":"https://openalex.org/W7134068204","doi":"https://doi.org/10.48550/arxiv.2603.04859","title":"Osmosis Distillation: Model Hijacking with the Fewest Samples","display_name":"Osmosis Distillation: Model Hijacking with the Fewest Samples","publication_year":2026,"publication_date":"2026-03-05","ids":{"openalex":"https://openalex.org/W7134068204","doi":"https://doi.org/10.48550/arxiv.2603.04859"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2603.04859","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5128223031","display_name":"Yuchen Shi","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Shi, Yuchen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128222848","display_name":"Huajie Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Huajie","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128245924","display_name":"Heng Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Heng","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128257495","display_name":"Zhiquan Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Zhiquan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079852922","display_name":"Jialiang Shen","orcid":"https://orcid.org/0000-0001-7475-5770"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Shen, Jialiang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128247925","display_name":"Chi Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Chi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128228927","display_name":"Shuai Zhou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhou, Shuai","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128270516","display_name":"Tianqing Zhu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhu, Tianqing","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5128227916","display_name":"Wanlei Zhou","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhou, Wanlei","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5128223031"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9793000221252441,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9793000221252441,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.006300000008195639,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.0020000000949949026,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.6751000285148621},{"id":"https://openalex.org/keywords/transfer-of-learning","display_name":"Transfer of learning","score":0.6241999864578247},{"id":"https://openalex.org/keywords/distillation","display_name":"Distillation","score":0.586899995803833},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.40630000829696655},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.40310001373291016},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.31450000405311584}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7346000075340271},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.6751000285148621},{"id":"https://openalex.org/C150899416","wikidata":"https://www.wikidata.org/wiki/Q1820378","display_name":"Transfer of learning","level":2,"score":0.6241999864578247},{"id":"https://openalex.org/C204030448","wikidata":"https://www.wikidata.org/wiki/Q101017","display_name":"Distillation","level":2,"score":0.586899995803833},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.565500020980835},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5309000015258789},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.40630000829696655},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.40310001373291016},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.31450000405311584},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3028999865055084},{"id":"https://openalex.org/C58489278","wikidata":"https://www.wikidata.org/wiki/Q1172284","display_name":"Data set","level":2,"score":0.28760001063346863},{"id":"https://openalex.org/C160920958","wikidata":"https://www.wikidata.org/wiki/Q7662746","display_name":"Synthetic data","level":2,"score":0.2809999883174896},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.27889999747276306},{"id":"https://openalex.org/C2776175482","wikidata":"https://www.wikidata.org/wiki/Q1195816","display_name":"Transfer (computing)","level":2,"score":0.2757999897003174},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.25699999928474426},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.25690001249313354}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2603.04859","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2603.04859","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.04859","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2603.04859","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Transfer":[0],"learning":[1,44,62,108,157,176],"is":[2],"devised":[3],"to":[4,10,25],"leverage":[5],"knowledge":[6],"from":[7,34],"pre-trained":[8],"models":[9,109],"solve":[11],"new":[12],"tasks":[13,131],"with":[14,80,158],"limited":[15],"data":[16],"and":[17,45,162],"computational":[18],"resources.":[19],"Meanwhile,":[20],"dataset":[21,29,46,68],"distillation":[22,47,69],"has":[23],"emerged":[24],"synthesize":[26],"a":[27,40,54,76,82,100],"compact":[28],"that":[30,105,120,167],"preserves":[31],"critical":[32],"information":[33],"the":[35,87,111,121,141],"original":[36,138],"large":[37],"dataset.":[38,89],"Therefore,":[39],"combination":[41],"of":[42,169],"transfer":[43,61,156,175],"offers":[48],"promising":[49],"performance":[50,161],"in":[51,60,86,129,137,155,174],"evaluations.":[52],"However,":[53],"non-negligible":[55],"security":[56],"threat":[57],"remains":[58],"undiscovered":[59],"using":[63,110,170],"synthetic":[64,88,172],"datasets":[65,118,173],"generated":[66],"by":[67],"methods,":[70],"where":[71],"an":[72],"adversary":[73],"can":[74],"perform":[75],"model":[77,102,135,146,150,153,163],"hijacking":[78,103,147,154],"attack":[79,123,126,160],"only":[81],"few":[83],"poisoned":[84],"samples":[85],"To":[90],"reveal":[91],"this":[92],"threat,":[93],"we":[94],"propose":[95],"Osmosis":[96],"Distillation":[97],"(OD)":[98],"attack,":[99],"novel":[101],"strategy":[104],"targets":[106],"deep":[107],"fewest":[112],"samples.":[113],"Comprehensive":[114],"evaluations":[115],"on":[116],"various":[117],"demonstrate":[119],"OD":[122],"attains":[124],"high":[125,134],"success":[127],"rates":[128],"hidden":[130],"while":[132],"preserving":[133],"utility":[136],"tasks.":[139],"Furthermore,":[140],"distilled":[142],"osmosis":[143],"set":[144],"enables":[145],"across":[148],"diverse":[149],"architectures,":[151],"allowing":[152],"considerable":[159],"utility.":[164],"We":[165],"argue":[166],"awareness":[168],"third-party":[171],"must":[177],"be":[178],"raised.":[179]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-03-07T00:00:00"}