Go to DBLP homepageDualCOS: Query-Efficient Data-Free Model Stealing with Dual Clone Networks and Optimal Samples
Abstract: Although data-free model stealing attacks are free from reliance on real data, they suffer from limitations, including low accuracy and high query budgets, which restrict their practical feasibility. In this paper, we propose a novel data-free model stealing framework called DualCOS. As a whole, DualCOS is divided into two stages: interactive training and semi-supervised boosting. To optimize the usage of query budgets, we use a dual clone model architecture to address the challenge of querying victim model during generator training. We also introduce active learning-based sampling strategy and sample reuse mechanism to achieve an efficient query process. Furthermore, once query budget is exhausted, the semi-supervised boosting is employed to continue improving the final clone accuracy. Through extensive evaluations, we demonstrate the superiority of our proposed method in terms of accuracy and query efficiency, particularly in scenarios involving hard labels and multiple classes.
Loading