A framework for the extraction of Deep Neural Networks by leveraging public data

05/22/2019
by   Soham Pal, et al.
0

Machine learning models trained on confidential datasets are increasingly being deployed for profit. Machine Learning as a Service (MLaaS) has made such models easily accessible to end-users. Prior work has developed model extraction attacks, in which an adversary extracts an approximation of MLaaS models by making black-box queries to it. However, none of these works is able to satisfy all the three essential criteria for practical model extraction: (1) the ability to work on deep learning models, (2) the non-requirement of domain knowledge and (3) the ability to work with a limited query budget. We design a model extraction framework that makes use of active learning and large public datasets to satisfy them. We demonstrate that it is possible to use this framework to steal deep classifiers trained on a variety of datasets from image and text domains. By querying a model via black-box access for its top prediction, our framework improves performance on an average over a uniform noise baseline by 4.70x for image tasks and 2.11x for text tasks respectively, while using only 30

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/09/2016

Stealing Machine Learning Models via Prediction APIs

Machine learning (ML) models may be deemed confidential due to their sen...
research
03/21/2022

Integrity Fingerprinting of DNN with Double Black-box Design and Verification

Cloud-enabled Machine Learning as a Service (MLaaS) has shown enormous p...
research
02/02/2020

Interpretability of Blackbox Machine Learning Models through Dataview Extraction and Shadow Model creation

Deep learning models trained using massive amounts of data tend to captu...
research
02/22/2018

The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets

Machine learning models based on neural networks and deep learning are b...
research
07/02/2023

Make Text Unlearnable: Exploiting Effective Patterns to Protect Personal Data

This paper addresses the ethical concerns arising from the use of unauth...
research
04/23/2022

Towards Data-Free Model Stealing in a Hard Label Setting

Machine learning models deployed as a service (MLaaS) are susceptible to...
research
11/30/2020

Data-Free Model Extraction

Current model extraction attacks assume that the adversary has access to...

Please sign up or login with your details

Forgot password? Click here to reset