摘要
Recently, model stealing attacks(模型窃取攻击) are widely studied(广泛研究) but most of them are focused on stealing a single non-discrete model(窃取单个非离散模型), e.g., neural networks(神经网络). For ensemble models(对于集成模型), these attacks are either non-executable(不可执行) or suffer from intolerant performance degradation(遭受不可容忍的性能损失) due to(由于) the complex model structure(复杂网络结构) (multiple sub-models 多个子模型) and the discreteness possessed by the sub-model(子模型拥有的离散性) (e.g., decision trees 决策树). To overcome the bottleneck(为了克服这一瓶颈), this paper proposes a divide-and-conquer strategy(分而治之的策略) called DivTheft to formulate the model stealing attack(模型窃取攻击) to common ensemble models(常见的集成模型&#x