哈尔滨商业大学学报(自然科学版)2025,Vol.41Issue(2):169-175,7.
基于Stable Diffusion的模型窃取攻击方法
Model extraction attack based on Stable Diffusion
摘要
Abstract
Aiming to address the problem that existing data-free extraction attack techniques struggled to fit the original training set distribution under a limited query budget,thus affecting the effectiveness of fitting the decision boundary of the target model,model extraction attack based on stable diffusion(MEASD)was proposed.Pre-trained Stable Diffusion was utilized to generate training data that might cover multiple domains and contain a large number of non-discriminative samples.The ILAF method was designed to optimize the quality of data generated by Stable Diffusion.The original samples of high-quality synthetic data were combined with adversarial samples generated by the adversarial sample generator to form an alternative training set.The alternative model assembled by the DPA module fitted the decision boundary of the target model based on the alternative training set.Experimental results demonstrated that the proposed MEASD method improved the fitting degree of the target model's decision boundary to 84%and increased the success rate of black-box adversarial attacks on the target model to more than 68%with a low query budget compared to the EBFA and DMEAE methods on the four mainstream benchmark datasets.The MEASD method effectively enhanced the fitting effect of the target model's decision boundary and the success rate of the attacks.关键词
深度学习/模型窃取攻击/Stable Diffusion/替代模型/对抗攻击/对抗训练Key words
deep learning/model extraction attack/Stable Diffusion/surrogate model/adversarial attack/adversarial training分类
计算机与自动化引用本文复制引用
李若宇,冯辉,李强,季宁宁,唐贝贝,陈磊..基于Stable Diffusion的模型窃取攻击方法[J].哈尔滨商业大学学报(自然科学版),2025,41(2):169-175,7.基金项目
2023年中国高校产学研创新基金(2023IT166) (2023IT166)
安徽省教育厅哲学社会科学研究重点项目(2023AH051520) (2023AH051520)
全国重点实验室开放课题(COGOS-2023HE02) (COGOS-2023HE02)
淮南师范学院质量工程项目(2023hskc54) (2023hskc54)
淮南师范学院重点项目(2023HX106). (2023HX106)
