Black-box model functionality stealing for Vietnamese sentiment analysis
4 viewsDOI:
https://doi.org/10.54939/1859-1043.j.mst.104.2025.144-154Keywords:
Knockoff model; Black-box model functionality extraction; Vietnamese text sentiment analysis.Abstract
Black-box deep learning models often keep critical components such as model architecture, hyperparameters, and training data confidential, allowing users to observe only the inputs and outputs without understanding their internal workings. Consequently, there is growing interested in developing "knockoff" models that replicate the behavior of these black-box models without direct access to internal details. We have conducted extensive studies on function extraction attacks targeting English text sentiment analysis models. By employing random or adaptive sampling methods, we have successfully reconstructed knockoff models that achieve functionality equivalent to the original models with high similarity. In this study, we extend our investigation to sentiment analysis datasets in Vietnamese. Experimental results demonstrate that for black-box models in Vietnamese text sentiment analysis, our method remains effective, successfully constructing models with equivalent functionality.
References
[1]. Akshit Jindal, Vikram Goyal, Saket Anand et al., "Army of Thieves: Enhancing Black-Box Model Extraction via Ensemble based sample selection," (2023). DOI: https://doi.org/10.1109/WACV57701.2024.00378
[2]. Dai C. W., Lv M. X, Li K. et al., "MeaeQ: Mount Model Extraction Attacks with Efficient Queries," presented at the arXiv:2310.14047, (2023). DOI: https://doi.org/10.18653/v1/2023.emnlp-main.781
[3]. Minh Pham Quang Nhat, "An Empirical Study of Using Pre-trained BERT Models for Vietnamese Relation Extraction Task at VLSP 2020," in Proceedings of the 7th International Workshop on Vietnamese Language and Speech Processing, (2020).
[4]. Nguyen D.Q and Nguyen A.T, "PhoBERT: Pre-trained language models for Vietnamese," arXiv:2003.00744, (2020). DOI: https://doi.org/10.18653/v1/2020.findings-emnlp.92
[5]. Nguyen K.V., Nguyen V.D., Nguyen P.X. V. et al., "UIT-VSFC: Vietnamese Students’ Feedback Corpus for Sentiment Analysis," presented at the 10th KSE, Vietnam, (2018). DOI: https://doi.org/10.1109/KSE.2018.8573337
[6]. Nguyen Q.N., Phan T.C., Nguyen D.V. et al., "ViSoBERT: A pre-trained language model for Vietnamese social media text processing," arXiv:2310.11166, (2023). DOI: https://doi.org/10.18653/v1/2023.emnlp-main.315
[7]. Nguyen T.M.H, Nguyen V.H, Ngo T.Q. et al., "VLSP shared task: sentiment analysis," Journal of Computer Science and Cybernetics, vol. 34, no. 4, pp. 295-310, (2018). DOI: https://doi.org/10.15625/1813-9663/34/4/13160
[8]. Oanh Tran Thi and Phuong Le Hong, "Improving sequence tagging for Vietnamese text using transformer-based neural models," in Proceedings of the 34th Pacific Asia conference on language, information and computation, pp. 13-20, (2020).
[9]. Orekondy T., Schiele B., and Fritz M., "Knockoff Nets: Stealing Functionality of Black-Box Models," in IEEE/CVF, pp. 4954--4963, (2019). DOI: https://doi.org/10.1109/CVPR.2019.00509
[10]. Pal Soham, Yash Gupta, Aditya Shukla et al., "ActiveThief: Model Extraction Using Active Learning and Unannotated Public Data," presented at the AAAI-20, (2020). DOI: https://doi.org/10.1609/aaai.v34i01.5432
[11]. Pham X. Cong, Hoang T. Nguyen, Tran C. Truong et al., "Adaptive Sampling Technique for Building Knockoff Text Sentiment Models," in The 18th IEEE-RIVF, Danang, Vietnam, (2024). DOI: https://doi.org/10.1109/RIVF64335.2024.11009072
[12]. Pham X. Cong, Hoang T. Nguyen, Tran C. Truong et al., "Textknockoff: Knockoff nets for stealing functionality of text sentiment models," Journal of Science and Technique - Section on ICT, vol. 13, no. 1, (2024), doi: 10.56651/lqdtu.jst.v13.n01.821.ict. DOI: https://doi.org/10.56651/lqdtu.jst.v13.n01.821.ict
[13]. Phan L. L., Pham P. H., Nguyen K.T.T. et al., "SA2SL: From Aspect-Based Sentiment Analysis to Social Listening System for Business Intelligence," arXiv:2105.15079, (2021).
[14]. Rigaki Maria and Garcia Sebastian, "A Survey of Privacy Attacks in Machine Learning," ACM Computing Surveys, vol. 56, no. 4, pp. 1-34, (2020) (arXiv:2007.07646v3 11-2023). DOI: https://doi.org/10.1145/3624010
[15]. S. Kumar, P. P. Roy, D. P. Dogra et al., "A Comprehensive Review on Sentiment Analysis: Tasks, Approaches and Applications," arXiv:2311.11250, (2024).
[16]. V. Sanh, L. Debut, J. Chaumond et al., "DistilBERT, a distilled version of BERT: smaller, faster, cheaper and lighter," NeurIPS, (2019).
[17]. W. Wu, J. Zhang, Wei V. J. et al., "Practical and Efficient Model Extraction of Sentiment Analysis APIs," presented at the ICSE 45, (2023).
[18]. Y. Liu, M. Ott, N. Goyal et al., "RoBERTa: A Robustly Optimized BERT Pretraining Approach," arXiv:1907.11692v1, (2019).
[19]. Yuan X., Ding L., Zhang L. et al., "ES Attack: Model Stealing against Deep Neural Networks without Data Hurdles," (2022). DOI: https://doi.org/10.1109/TETCI.2022.3147508
