摘要
With machine learning models(机器学习模型) being increasingly(越来越多) deployed(部署), model stealing attacks(模型窃取攻击) have raised an increasing interest. Extracting decision-based models(基于决策的模型窃取) is a more challenging task with the information of class similarity missing(类相似度信息缺失的情况下). In this paper, we propose a novel(新颖) and effective(有效) model stealing method as Label Refining via Feature Distance (LRFD 基于特征距离的标签精炼), to re-dig the class similarity(重新挖掘类相似度). Specifically(具体来说), since the information of class similarity(类相似度信息) can be represented by the distance between samples(样本之间的距离) from different classes(不同类) in the feature space(特征空间), we design a soft label(软标签) construction module(构造模型) inspired by the prototype learning(原型学习), and transfer the knowledge in the soft label to the substitution model(替代模型). Extensive experiments conducted on(进行了大量的实验) four widely-used(广泛使用的) datasets consistently demonstrate(一致表明) that our method yields(产生) a model with significantly greater functional similar