{"id":"https://openalex.org/W6966793097","doi":"https://doi.org/10.48550/arxiv.2503.12497","title":"Defense Against Model Stealing Based on Account-Aware Distribution Discrepancy","display_name":"Defense Against Model Stealing Based on Account-Aware Distribution Discrepancy","publication_year":2025,"publication_date":"2025-03-16","ids":{"openalex":"https://openalex.org/W6966793097","doi":"https://doi.org/10.48550/arxiv.2503.12497"},"language":"en","primary_location":{"id":"doi:10.48550/arxiv.2503.12497","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2503.12497","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2503.12497","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Mei, Jian-Ping","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Mei, Jian-Ping","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Zhang, Weibin","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Weibin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Chen, Jie","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Jie","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":null,"display_name":"Zhang, Xuyun","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Xuyun","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"Zhu, Tiantian","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhu, Tiantian","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8901000022888184,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.8901000022888184,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11652","display_name":"Imbalanced Data Classification Techniques","score":0.01759999990463257,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.013199999928474426,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/nucleofection","display_name":"Nucleofection","score":0.4537999927997589},{"id":"https://openalex.org/keywords/gestational-period","display_name":"Gestational period","score":0.3440999984741211},{"id":"https://openalex.org/keywords/tsg101","display_name":"TSG101","score":0.32350000739097595},{"id":"https://openalex.org/keywords/dysgeusia","display_name":"Dysgeusia","score":0.3057999908924103},{"id":"https://openalex.org/keywords/diafiltration","display_name":"Diafiltration","score":0.2978000044822693},{"id":"https://openalex.org/keywords/hyporeflexia","display_name":"Hyporeflexia","score":0.2935999929904938},{"id":"https://openalex.org/keywords/fusible-alloy","display_name":"Fusible alloy","score":0.29330000281333923},{"id":"https://openalex.org/keywords/proteogenomics","display_name":"Proteogenomics","score":0.29280000925064087}],"concepts":[{"id":"https://openalex.org/C144251240","wikidata":"https://www.wikidata.org/wiki/Q7068229","display_name":"Nucleofection","level":4,"score":0.4537999927997589},{"id":"https://openalex.org/C2992336715","wikidata":"https://www.wikidata.org/wiki/Q63431143","display_name":"Gestational period","level":4,"score":0.3440999984741211},{"id":"https://openalex.org/C2778283623","wikidata":"https://www.wikidata.org/wiki/Q18032200","display_name":"TSG101","level":5,"score":0.32350000739097595},{"id":"https://openalex.org/C2777054765","wikidata":"https://www.wikidata.org/wiki/Q6402731","display_name":"Dysgeusia","level":3,"score":0.3057999908924103},{"id":"https://openalex.org/C18743360","wikidata":"https://www.wikidata.org/wiki/Q1208096","display_name":"Diafiltration","level":4,"score":0.2978000044822693},{"id":"https://openalex.org/C2777158700","wikidata":"https://www.wikidata.org/wiki/Q1419356","display_name":"Hyporeflexia","level":3,"score":0.2935999929904938},{"id":"https://openalex.org/C133074676","wikidata":"https://www.wikidata.org/wiki/Q428729","display_name":"Fusible alloy","level":2,"score":0.29330000281333923},{"id":"https://openalex.org/C145741570","wikidata":"https://www.wikidata.org/wiki/Q7251534","display_name":"Proteogenomics","level":5,"score":0.29280000925064087},{"id":"https://openalex.org/C135979968","wikidata":"https://www.wikidata.org/wiki/Q609809","display_name":"Protein isoform","level":5,"score":0.28940001130104065},{"id":"https://openalex.org/C2777935831","wikidata":"https://www.wikidata.org/wiki/Q3144949","display_name":"Hemopericardium","level":3,"score":0.2883000075817108},{"id":"https://openalex.org/C104545631","wikidata":"https://www.wikidata.org/wiki/Q464858","display_name":"Demotion","level":3,"score":0.27709999680519104},{"id":"https://openalex.org/C2781032047","wikidata":"https://www.wikidata.org/wiki/Q938793","display_name":"Articular cartilage damage","level":5,"score":0.27300000190734863},{"id":"https://openalex.org/C180938184","wikidata":"https://www.wikidata.org/wiki/Q2142270","display_name":"Liquation","level":3,"score":0.2711000144481659},{"id":"https://openalex.org/C2779627259","wikidata":"https://www.wikidata.org/wiki/Q779763","display_name":"Pretext","level":3,"score":0.27090001106262207},{"id":"https://openalex.org/C2909186138","wikidata":"https://www.wikidata.org/wiki/Q1500373","display_name":"Hyperlactatemia","level":2,"score":0.26969999074935913},{"id":"https://openalex.org/C2777742743","wikidata":"https://www.wikidata.org/wiki/Q19904005","display_name":"Durvalumab","level":5,"score":0.26649999618530273},{"id":"https://openalex.org/C2776781215","wikidata":"https://www.wikidata.org/wiki/Q83253","display_name":"Triacetin","level":2,"score":0.26019999384880066},{"id":"https://openalex.org/C2776356786","wikidata":"https://www.wikidata.org/wiki/Q1048573","display_name":"Tubulopathy","level":3,"score":0.25999999046325684},{"id":"https://openalex.org/C2777968768","wikidata":"https://www.wikidata.org/wiki/Q1280161","display_name":"Emperipolesis","level":4,"score":0.25609999895095825},{"id":"https://openalex.org/C2778128915","wikidata":"https://www.wikidata.org/wiki/Q3782613","display_name":"Contractualism","level":2,"score":0.25130000710487366}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2503.12497","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2503.12497","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2503.12497","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2503.12497","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.724577009677887}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Malicious":[0],"users":[1,54,130],"attempt":[2],"to":[3,22,28,49,96],"replicate":[4],"commercial":[5],"models":[6],"functionally":[7],"at":[8],"low":[9],"cost":[10],"by":[11,55],"training":[12],"a":[13,40,65,98],"clone":[14],"model":[15],"with":[16,92,124],"query":[17],"responses.":[18],"It":[19],"is":[20,90],"challenging":[21],"timely":[23],"prevent":[24],"such":[25],"model-stealing":[26],"attacks":[27,123],"achieve":[29],"strong":[30,117],"protection":[31],"and":[32,74,134],"maintain":[33],"utility.":[34],"In":[35],"this":[36],"paper,":[37],"we":[38],"propose":[39],"novel":[41],"non-parametric":[42],"detector":[43,89],"called":[44],"Account-aware":[45],"Distribution":[46],"Discrepancy":[47],"(ADD)":[48],"recognize":[50],"queries":[51],"from":[52],"malicious":[53,77],"leveraging":[56],"account-wise":[57],"local":[58],"dependency.":[59],"We":[60],"formulate":[61],"each":[62],"class":[63],"as":[64,79],"Multivariate":[66],"Normal":[67],"distribution":[68,85],"(MVN)":[69],"in":[70,127],"the":[71,76,80],"feature":[72],"space":[73],"measure":[75],"score":[78],"sum":[81],"of":[82,109,122],"weighted":[83],"class-wise":[84],"discrepancy.":[86],"The":[87],"ADD":[88],"combined":[91],"random-based":[93],"prediction":[94],"poisoning":[95],"yield":[97],"plug-and-play":[99],"defense":[100,118],"module":[101],"named":[102],"D-ADD":[103,115],"for":[104,131],"image":[105],"classification":[106],"models.":[107],"Results":[108],"extensive":[110],"experimental":[111],"studies":[112],"show":[113],"that":[114],"achieves":[116],"against":[119],"different":[120],"types":[121],"little":[125],"interference":[126],"serving":[128],"benign":[129],"both":[132],"soft":[133],"hard-label":[135],"settings.":[136]},"counts_by_year":[],"updated_date":"2025-11-06T06:51:31.235846","created_date":"2025-10-10T00:00:00"}