Authors: Yunfei Yang, Xiaojun Chen etc…

KeyWords: Model Stealing and Defending

Abstract: Although data-free model stealing attacks are free from reliance on real data, they suffer from limitations, including low accuracy and high query budgets, which restrict their practical feasibility. In this paper, we propose a novel data-free model stealing framework called DualCOS, which adopts a dual clone model architecture and incorporates efficient data generation and sampling strategies. Initially, we use a dual clone model to address the challenge of querying victim model during generator training. Moreover, to optimize the usage of query budgets, we design three innovative modules: diversified sample generation, optimal sample selection, and sample potential mining. Through extensive evaluations, we demonstrate the superiority of our proposed method in terms of accuracy and query efficiency, particularly in scenarios involving hard labels and multiple classes.