no code implementations • 14 Oct 2019 • Derui, Wang, Chaoran Li, Sheng Wen, Surya Nepal, Yang Xiang
First, such attacks must acquire the outputs from the models by multiple times before actually launching attacks, which is difficult for the MitM adversary in practice.