The Importance of Diversity in Data-Free Model Stealthy Teams
Having a data free model stealing team with a wide variety of skills and backgrounds helps ensure the integrity of the data and models that are stolen. Diversity is also important in creating a safe and welcoming environment for a team. Here are some tips to help you create a team that is diverse in personality and skill.
Getting the most out of your data is the hottest commodity in the machine learning department, but stealing a data point is not the only way to do it. For example, if you’re using a machine learning system to predict your stock market performance, you could try to outdo the model with a slew of randomised forecasts. But how do you go about it? The answer is a combination of technology and luck. This is particularly the case in areas where there is a shortage of data such as finance and the media. A good place to start is by identifying the data sources that are most relevant to your particular business. It’s also a good idea to get to know your competition. For instance, the MIT Media Lab’s Deep Learning Group has a deep bench of talented researchers, including the aforementioned Goodfellow. Despite their differences of opinion, they collaborated on a project that produced a plethora of useful information and data. Ultimately, they came up with a surprisingly accurate prediction model for their system.
Getting started in data-free model stealing can be challenging because of the large amount of data that is required. For instance, real-life example images are rare and costly, and it can be difficult to find such data in a large volume.
The adversary can either obtain a substitute model or query the target model to obtain its workings. The substitute model copies the target model’s results and outcomes. The adversary may also gain access to the training dataset or gain insider knowledge. This allows the adversary to obtain full access to the deployed model. The adversary may also be able to obtain sensitive user information and compromise user privacy.
To get started in model stealing, the adversary must know the target model’s predictions. He must then train a function-similar copy of the victim model. The process involves black-box optimization and retrieving the membership of the training data. This can be done by probing the target model for each data point. In some cases, the adversary can obtain a substitute model through zero-shot learning or other methods.
The adversary can use the stolen model to create adversarial examples. He can also try to bypass the defenses by using adaptive attacks. Some defenses perturb the prediction by adding noise, while others introduce randomness in the victim models. These defenses increase the cost of the model stealing process.