Scribd Logo
Upload

Welcome to Scribd!

  • Inter Iit Tech Meet 10.0: Bosch'S Model Extraction Attack For Video Classification

    Uploaded by

    Faheem Shanavas
    35 views4 pages
    This document provides guidelines for the Model Extraction Attack competition being organized by Inter IIT Tech Meet 2022. The competition aims to develop strategies for extracting video-based deep learning models in black box and grey box settings. Participants will extract 2 models - an action classification model and a video classification model. Submissions will be evaluated based on the extraction accuracy and number of queries used, with the top 5 teams presenting their work. Evaluation metrics and submission deadlines are clearly defined.

    Original Description:

    Original Title

    BoschPS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides guidelines for the Model Extraction Attack competition being organized by Inter IIT Tech Meet 2022. The competition aims to develop strategies for extracting video-based deep learning models in black box and grey box settings. Participants will extract 2 models - an action classification model and a video classification model. Submissions will be evaluated based on the extraction accuracy and number of queries used, with the top 5 teams presenting their work. Evaluation metrics and submission deadlines are clearly defined.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    35 views4 pages

    Inter Iit Tech Meet 10.0: Bosch'S Model Extraction Attack For Video Classification

    Uploaded by

    Faheem Shanavas
    This document provides guidelines for the Model Extraction Attack competition being organized by Inter IIT Tech Meet 2022. The competition aims to develop strategies for extracting video-based deep learning models in black box and grey box settings. Participants will extract 2 models - an action classification model and a video classification model. Submissions will be evaluated based on the extraction accuracy and number of queries used, with the top 5 teams presenting their work. Evaluation metrics and submission deadlines are clearly defined.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    INTER IIT

    IIT KHARAGPUR

    TECH MEET 10.0 25-27TH MARCH 2022

    BOSCH’S MODEL EXTRACTION ATTACK


    FOR VIDEO CLASSIFICATION

    Every organization wants to protect its valuable digital assets like data and information, but
    what about AI algorithms? Successful exploitation of AI algorithms can cause financial loss,
    reputational damage, loss of competitive advantage, and loss of intellectual property. For
    example, a malicious breach of pricing algorithm for an e-commerce company can result in
    attackers causing financial loss to the retailers/sellers and negatively impacting the
    platform's brand reputation.The majority of organizations are struggling to address the
    challenge of securing models. The first aspect of protecting the asset is understanding if
    they can be attacked. In this case, extracting the video-based DL algorithms.

    | HiGH PREP
    PROBLEM STATEMENT
    Develop an efficient common strategy and relevant implementation to extract the
    video-based models in the black box and grey box setting across the following 2
    problem statements.

    1.Action Classification
    Model Extraction for Swin-T Model for Action Classification on
    Kinetics-400 dataset.
    Download the model from here-
    https://github.com/SwinTransformer/Video-Swin-Transformer

    2.Video Classification
    Model Extraction for MoViNet-A2-Base Model for Video Classification on Kinetics-
    600 dataset
    Download the model from here-
    https://tfhub.dev/tensorflow/movinet/a2/base/kinetics- 600/classification/3

    Blackbox Setting
    Do not use any relevant data set available and use synthetic or generated data
    without using the Kinetics series dataset. Also, do not use the same model
    architecture as the original model to train the extracted model.

    Greybox Setting
    You can use 5% of original data (balanced representation of classes) as a starting
    point to generate the attack dataset. Also, do not use the same model architecture as
    the original model to train the extracted model.

    | HiGH PREP
    GUIDELINES
    The competition will use a private leaderboard, and no results will be announced
    intermittently. (detailed mechanism will be contributed)

    All teams will submit a score in the specified format and its sub-component (Px
    black/grey accuracy, no. of queries) at the end of week 3 and week 4.

    After week 4, each team will also be asked to give a small presentation explaining
    their work.

    The top 5 teams (based on scores+presentation) will be asked to submit the


    artifacts to verify the stated evaluation metric. The verified result of the top 5
    teams will be published.

    SUBMISSIONS
    The evaluation will be conducted in three steps-

    Score Submission - 50 Points


    Each team will have to submit their final score. The final scores will be evaluated. Due
    date: 16th March

    Score And Documentation Submission - 150 Points


    Each team will again have to submit their final score alongside a brief documentation.
    The scores will again be evaluated. The improvement in score will be judged along
    with the documentation. Due Date: 23rd March

    Final Presentation - 200 Points


    Every team will have to give a short presentation explaining their code, and justify
    their submitted scores. Due Date: 26th March

    Please note that the Final presentation should wrap up within 15 minutes which will be
    followed by Q&A (5 min).

    Send your submissions at this email: submissions@interiit-tech.org

    | HiGH PREP
    EVALUATION CRITERIA
    The results of extraction will be measured using the following evaluation metric

    Final Score = 0.5* P1 Score + 0.5* P2 Score


    P1 Score = 0.6* P1 Blackbox accuracy + 0.4*P1 Greybox accuracy
    P1 accuracy will be measured as Top 5 on randomly selected balanced 50% of
    Kinect-600 dataset
    Report no. of queries/dataset points used to achieve BlackBox accuracy and
    Greybox accuracy
    P2 Score = 0.6* P2 Blackbox accuracy + 0.4*P2 Greybox accuracy
    P2 accuracy will be measured as Top 5 on randomly selected balanced 50% of
    Kinect-600 dataset
    Report no. of queries/dataset points used to achieve BlackBox accuracy and
    Greybox accuracy Team size for this event is m
    No. of queries will be used in case of a tiebreaker in case Participation
    the Final Score awards
    of 2 teams
    shall be
    is within 2% of the accuracy band. Lesser queries will help you win.

    Team size for this event is maximum 8 participants.


    Participation awards shall be awarded to all participants.

    | HiGH PREP

    You might also like