Saved in:
Bibliographic Details
Main Authors: Shao, Mingwen, Meng, Lingzhuang, Qiao, Yuanjian, Zhang, Lixu, Zuo, Wangmeng
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2307.12872
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914990673362944
author Shao, Mingwen
Meng, Lingzhuang
Qiao, Yuanjian
Zhang, Lixu
Zuo, Wangmeng
author_facet Shao, Mingwen
Meng, Lingzhuang
Qiao, Yuanjian
Zhang, Lixu
Zuo, Wangmeng
contents Since the training data of the target model is not available in the black-box substitute attack, most recent schemes utilize GANs to generate data for training the substitute model. However, these GANs-based schemes suffer from low training efficiency as the generator needs to be retrained for each target model during the substitute training process, as well as low generation quality. To overcome these limitations, we consider utilizing the diffusion model to generate data, and propose a novel data-free substitute attack scheme based on the Stable Diffusion (SD) to improve the efficiency and accuracy of substitute training. Despite the data generated by the SD exhibiting high quality, it presents a different distribution of domains and a large variation of positive and negative samples for the target model. For this problem, we propose Latent Code Augmentation (LCA) to facilitate SD in generating data that aligns with the data distribution of the target model. Specifically, we augment the latent codes of the inferred member data with LCA and use them as guidance for SD. With the guidance of LCA, the data generated by the SD not only meets the discriminative criteria of the target model but also exhibits high diversity. By utilizing this data, it is possible to train the substitute model that closely resembles the target model more efficiently. Extensive experiments demonstrate that our LCA achieves higher attack success rates and requires fewer query budgets compared to GANs-based schemes for different target models. Our codes are available at \url{https://github.com/LzhMeng/LCA}.
format Preprint
id arxiv_https___arxiv_org_abs_2307_12872
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Latent Code Augmentation Based on Stable Diffusion for Data-free Substitute Attacks
Shao, Mingwen
Meng, Lingzhuang
Qiao, Yuanjian
Zhang, Lixu
Zuo, Wangmeng
Computer Vision and Pattern Recognition
Cryptography and Security
Machine Learning
Since the training data of the target model is not available in the black-box substitute attack, most recent schemes utilize GANs to generate data for training the substitute model. However, these GANs-based schemes suffer from low training efficiency as the generator needs to be retrained for each target model during the substitute training process, as well as low generation quality. To overcome these limitations, we consider utilizing the diffusion model to generate data, and propose a novel data-free substitute attack scheme based on the Stable Diffusion (SD) to improve the efficiency and accuracy of substitute training. Despite the data generated by the SD exhibiting high quality, it presents a different distribution of domains and a large variation of positive and negative samples for the target model. For this problem, we propose Latent Code Augmentation (LCA) to facilitate SD in generating data that aligns with the data distribution of the target model. Specifically, we augment the latent codes of the inferred member data with LCA and use them as guidance for SD. With the guidance of LCA, the data generated by the SD not only meets the discriminative criteria of the target model but also exhibits high diversity. By utilizing this data, it is possible to train the substitute model that closely resembles the target model more efficiently. Extensive experiments demonstrate that our LCA achieves higher attack success rates and requires fewer query budgets compared to GANs-based schemes for different target models. Our codes are available at \url{https://github.com/LzhMeng/LCA}.
title Latent Code Augmentation Based on Stable Diffusion for Data-free Substitute Attacks
topic Computer Vision and Pattern Recognition
Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2307.12872