Daily TMLR digest for Nov 27, 2022

1 view

Skip to first unread message

TMLR

unread,

Nov 26, 2022, 7:00:07 PM11/26/22

to tmlr-anno...@googlegroups.com

New submissions
===============

Title: A Scalable Finite Difference Method for Deep Reinforcement Learning

Abstract: Several low-bandwidth distributable black-box optimization algorithms have recently been shown to perform nearly as well as more refined modern methods in some Deep Reinforcement Learning domains. In this work we investigate a core problem with the use of distributed workers in such systems. Further, we investigate the dramatic differences in performance between the popular Adam gradient descent algorithm and the simplest form of stochastic gradient descent. These investigations produce a stable, low-bandwidth learning algorithm that achieves 100% usage of all connected CPUs under typical conditions.

URL: https://openreview.net/forum?id=K9BtQxtXJr

---

Title: Good Artists Copy, Great Artists Steal: Model Extraction Attacks Against Image Translation Models

Abstract: Machine learning models are typically made available to potential client users via inference APIs. Model extraction attacks occur when a malicious client uses information gleaned from queries to the inference API of a victim model $F_V$ to build a surrogate model $F_A$ with comparable functionality. Recent research has shown successful model extraction of image classification, and natural language processing models.
In this paper, we show the first model extraction attack against real-world generative adversarial network (GAN) image translation models. We present a framework for conducting such attacks, and show that an adversary can successfully extract functional surrogate models by querying $F_V$ using data from the same domain as the training data for $F_V$. The adversary need not know $F_V$’s architecture or any other information about it beyond its intended task.
We evaluate the effectiveness of our attacks using three different instances of two popular categories of image translation: (1) Selfie-to-Anime and (2) Monet-to-Photo (image style transfer), and (3) Super-Resolution (super resolution). Using standard performance metrics for GANs, we show that our attacks are effective. Furthermore, we conducted a large scale (125 participants) user study on Selfie-to-Anime and Monet-to-Photo to show that human perception of the images produced by $F_V$ and $F_A$ can be considered equivalent, within an equivalence bound of Cohen’s d = 0.3.
Finally, we show that existing defenses against model extraction attacks (watermarking, adversarial examples, poisoning) do not extend to image translation models.

URL: https://openreview.net/forum?id=6zdIXnMs0F

---

Reply all

Reply to author

Forward

0 new messages