The source code for our AAAI2025 paper "HoneypotNet: Backdoor Attacks Against Model Extraction". Instead of passively defending, we propose an "attack as defense" strategy. HoneypotNet replaces the classification layer of a victim model with a "honeypot" layer, fine-tuned to inject a backdoor into any substitute model trained on its outputs. This backdoor, triggered by a specific, imperceptible perturbation, allows the model owner to control the substitute model's predictions.
-
Notifications
You must be signed in to change notification settings - Fork 0
yxwang-10/HoneypotNet
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published