door.py contains the main experiment code. The final project report is available here.
This project analyzes neural network model extraction techniques. It further investigates whether an extracted model can be used to conduct membership inference attacks and adversarial attacks on the original model.
- Used victim models for CIFAR-10 (from zenodo.org) and custom-trained CIFAR-100 models for extraction attack analysis.
- Varied attacker model architectures to test extraction effectiveness.
- Applied extraction techniques to an out-of-distribution dataset, assembled from downsampled 32x32 ImageNet data. A mapping between ImageNet and CIFAR-10 classes was prepared (note: Deer and Horse classes were sourced online and downsampled).
- Emulated the victim model using pre-trained models from zenodo.org/record/4431043.
- Experiments restricted to CIFAR-10 and CIFAR-100 datasets for reproducibility.
- Project report (PDF)
- Data-Free Model Extraction: arxiv.org/abs/2011.14779
- Developed as part of Deep Learning in Data Science at KTH Royal Institute of Technology.
- Contributors: Daniel Richards, Adhithyan Kalaivanan, Aishwarya Ganesan
- Forked from original repo: https://github.com/dannyrichy/dl-model-extraction.git