SpringerLink
Log in

PtbStolen: Pre-trained Encoder Stealing Through Perturbed Samples

  • Conference paper
  • First Online:
Emerging Information Security and Applications (EISA 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2004 ))

  • 155 Accesses

Abstract

Recent years have witnessed the huge success of adopting the self-supervised learning paradigm into pre-train effective encoders [1].

This work is supported by the National Natural Science Foundation of China (Grant Nos. 62232002 and 62202051), the China Postdoctoral Science Foundation (Grant Nos. 2021M700435 and 2021TQ0042), the Shandong Provincial Key Research and Development Program (Grant No. 2021CXGC010106), the Guangdong Provincial Key Laboratory of Novel Security Intelligence Technologies (Grant No. 2022B1212010005), and the Bei**g Institute of Technology Research Fund Program for Young Scholars.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Spain)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 50.28
Price includes VAT (Spain)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 62.39
Price includes VAT (Spain)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Assran, M., et al.: Self-supervised learning from images with a joint-embedding predictive architecture. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 15619–15629 (2023)

    Google Scholar 

  2. Baevski, A., Hsu, W.N., Xu, Q., Babu, A., Gu, J., Auli, M.: Data2vec: a general framework for self-supervised learning in speech, vision and language. In: International Conference on Machine Learning, pp. 1298–1312. PMLR (2022)

    Google Scholar 

  3. Bardes, A., Ponce, J., LeCun, Y.: VICRegl: self-supervised learning of local visual features. In: Advances in Neural Information Processing Systems 35, pp. 8799–8810 (2022)

    Google Scholar 

  4. Chen, T., Kornblith, S., Norouzi, M., Hinton, G.: A simple framework for contrastive learning of visual representations. In: International Conference on Machine Learning, pp. 1597–1607. PMLR (2020)

    Google Scholar 

  5. Chen, X., He, K.: Exploring simple Siamese representation learning. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 15750–15758 (2021)

    Google Scholar 

  6. Coates, A., Ng, A., Lee, H.: An analysis of single-layer networks in unsupervised feature learning. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, pp. 215–223. JMLR Workshop and Conference Proceedings (2011)

    Google Scholar 

  7. Cong, T., He, X., Zhang, Y.: SSLGuard: a watermarking scheme for self-supervised learning pre-trained encoders. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 579–593 (2022)

    Google Scholar 

  8. Fawzi, A., Moosavi-Dezfooli, S.M., Frossard, P.: The robustness of deep networks: a geometrical perspective. IEEE Signal Process. Mag. 34(6), 50–62 (2017)

    Article  Google Scholar 

  9. Feng, S., et al.: Detecting backdoors in pre-trained encoders. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 16352–16362 (2023)

    Google Scholar 

  10. Grill, J.B., et al.: Bootstrap your own latent-a new approach to self-supervised learning. In: Advances in Neural Information Processing Systems 33, pp. 21271–21284 (2020)

    Google Scholar 

  11. He, K., Fan, H., Wu, Y., **e, S., Girshick, R.: Momentum contrast for unsupervised visual representation learning. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 9729–9738 (2020)

    Google Scholar 

  12. He, X., Zhang, Y.: Quantifying and mitigating privacy risks of contrastive learning. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 845–863 (2021)

    Google Scholar 

  13. Jia, J., Liu, Y., Gong, N.Z.: BadEncoder: backdoor attacks to pre-trained encoders in self-supervised learning. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 2043–2059. IEEE (2022)

    Google Scholar 

  14. Krizhevsky, A.: Learning multiple layers of features from tiny images. Master’s thesis, University of Tront (2009)

    Google Scholar 

  15. LeCun, Y., Cortes, C., Burges, C., et al.: MNIST handwritten digit database (2010)

    Google Scholar 

  16. Lin, Z., Xu, K., Fang, C., Zheng, H., Ahmed Jaheezuddin, A., Shi, J.: QUDA: query-limited data-free model extraction. In: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, pp. 913–924 (2023)

    Google Scholar 

  17. Liu, H., Jia, J., Qu, W., Gong, N.Z.: EncoderMI: membership inference against pre-trained encoders in contrastive learning. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 2081–2095 (2021)

    Google Scholar 

  18. Liu, Y., Jia, J., Liu, H., Gong, N.Z.: StolenEencoder: stealing pre-trained encoders in self-supervised learning. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 2115–2128 (2022)

    Google Scholar 

  19. Oh, S.J., Schiele, B., Fritz, M.: Towards reverse-engineering black-box neural networks. In: Samek, W., Montavon, G., Vedaldi, A., Hansen, L.K., Müller, K.-R. (eds.) Explainable AI: Interpreting, Explaining and Visualizing Deep Learning. LNCS (LNAI), vol. 11700, pp. 121–144. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28954-6_7

    Chapter  Google Scholar 

  20. Oliynyk, D., Mayer, R., Rauber, A.: I know what you trained last summer: a survey on stealing machine learning models and defences. ACM Comput. Surv. 55, 1–41 (2023)

    Article  Google Scholar 

  21. Oord, A.v.d., Li, Y., Vinyals, O.: Representation learning with contrastive predictive coding. ar**v preprint ar**v:1807.03748 (2018)

  22. Orekondy, T., Schiele, B., Fritz, M.: Knockoff nets: stealing functionality of black-box models. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 4954–4963 (2019)

    Google Scholar 

  23. Peng, W., et al.: Are you copying my model? Protecting the copyright of large language models for EaaS via backdoor watermark. ar**v preprint ar**v:2305.10036 (2023)

  24. Radford, A., et al.: Learning transferable visual models from natural language supervision. In: International Conference on Machine Learning, pp. 8748–8763. PMLR (2021)

    Google Scholar 

  25. Saha, A., Tejankar, A., Koohpayegani, S.A., Pirsiavash, H.: Backdoor attacks on self-supervised learning. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 13337–13346 (2022)

    Google Scholar 

  26. Sanyal, S., Addepalli, S., Babu, R.V.: Towards data-free model stealing in a hard label setting. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 15284–15293 (2022)

    Google Scholar 

  27. Sha, Z., He, X., Yu, N., Backes, M., Zhang, Y.: Can’t steal? Cont-steal! Contrastive stealing attacks against image encoders. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 16373–16383 (2023)

    Google Scholar 

  28. Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: 25th USENIX security symposium (USENIX Security 2016), pp. 601–618 (2016)

    Google Scholar 

  29. Truong, J.B., Maini, P., Walls, R.J., Papernot, N.: Data-free model extraction. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 4771–4780 (2021)

    Google Scholar 

  30. Wang, B., Gong, N.Z.: Stealing hyperparameters in machine learning. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 36–52. IEEE (2018)

    Google Scholar 

  31. Wu, Z., **ong, Y., Yu, S.X., Lin, D.: Unsupervised feature learning via non-parametric instance discrimination. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 3733–3742 (2018)

    Google Scholar 

  32. **ao, H., Rasul, K., Vollgraf, R.: Fashion-MNIST: a novel image dataset for benchmarking machine learning algorithms. ar**v preprint ar**v:1708.07747 (2017)

  33. Yu, J., Yin, H., **a, X., Chen, T., Li, J., Huang, Z.: Self-supervised learning for recommender systems: a survey. IEEE Trans. Knowl. Data Eng. 36, 335–355 (2023)

    Article  Google Scholar 

  34. Yuval, N.: Reading digits in natural images with unsupervised feature learning. In: Proceedings of the NIPS Workshop on Deep Learning and Unsupervised Feature Learning (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Bei**g Institute of Technology, Bei**g, 100081, China

    Chuan Zhang, Haotian Liang, Zhuopeng Li, Licheng Wang & Liehuang Zhu

  2. University of Science and Technology Bei**g, Bei**g, 100081, China

    Tong Wu

Authors
  1. Chuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haotian Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhuopeng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tong Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Licheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Liehuang Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Licheng Wang .

Editor information

Editors and Affiliations

  1. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  2. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

  3. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, C., Liang, H., Li, Z., Wu, T., Wang, L., Zhu, L. (2024). PtbStolen: Pre-trained Encoder Stealing Through Perturbed Samples. In: Shao, J., Katsikas, S.K., Meng, W. (eds) Emerging Information Security and Applications. EISA 2023. Communications in Computer and Information Science, vol 2004 . Springer, Singapore. https://doi.org/10.1007/978-981-99-9614-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-9614-8_1

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-9613-1

  • Online ISBN: 978-981-99-9614-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation