English
Related papers

Related papers: First to Possess His Statistics: Data-Free Model E…

200 papers

Compared to traditional neural networks with a single output channel, a multi-exit network has multiple exits that allow for early outputs from the model's intermediate layers, thus significantly improving computational efficiency while…

Cryptography and Security · Computer Science 2025-03-18 Li Pan , Lv Peizhuo , Chen Kai , Zhang Shengzhi , Cai Yuling , Xiang Fan

We study design of black-box model extraction attacks that can send minimal number of queries from a publicly available dataset to a target ML model through a predictive API with an aim to create an informative and distributionally…

Machine Learning · Computer Science 2023-10-19 Pratik Karmakar , Debabrota Basu

Model extraction aims to create a functionally similar copy from a machine learning as a service (MLaaS) API with minimal overhead, typically for illicit profit or as a precursor to further attacks, posing a significant threat to the MLaaS…

Cryptography and Security · Computer Science 2024-09-25 Hongyu Zhu , Wentao Hu , Sichu Liang , Fangqi Li , Wenwen Wang , Shilin Wang

Model extraction attacks aim to replicate the functionality of a black-box model through query access, threatening the intellectual property (IP) of machine-learning-as-a-service (MLaaS) providers. Defending against such attacks is…

Cryptography and Security · Computer Science 2025-06-04 Xueqi Cheng , Minxing Zheng , Shixiang Zhu , Yushun Dong

We investigate whether model extraction can be used to "steal" the weights of sequential recommender systems, and the potential threats posed to victims of such attacks. This type of risk has attracted attention in image and text…

Cryptography and Security · Computer Science 2021-09-06 Zhenrui Yue , Zhankui He , Huimin Zeng , Julian McAuley

Model extraction emerges as a critical security threat with attack vectors exploiting both algorithmic and implementation-based approaches. The main goal of an attacker is to steal as much information as possible about a protected victim…

Cryptography and Security · Computer Science 2024-11-18 Kevin Hector , Pierre-Alain Moellic , Mathieu Dumont , Jean-Max Dutertre

We study the problem of model extraction in natural language processing, in which an adversary with only query access to a victim model attempts to reconstruct a local copy of that model. Assuming that both the adversary and victim model…

Computation and Language · Computer Science 2020-10-13 Kalpesh Krishna , Gaurav Singh Tomar , Ankur P. Parikh , Nicolas Papernot , Mohit Iyyer

It has become common to publish large (billion parameter) language models that have been trained on private datasets. This paper demonstrates that in such settings, an adversary can perform a training data extraction attack to recover…

Neural networks are often trained on proprietary datasets, making them attractive attack targets. We present a novel dataset extraction method leveraging an innovative training time backdoor attack, allowing a malicious federated learning…

Cryptography and Security · Computer Science 2025-12-19 Eden Luzon , Guy Amit , Roy Weiss , Torsten Kraub , Alexandra Dmitrienko , Yisroel Mirsky

We study the problem of reconstructing tabular data from aggregate statistics, in which the attacker aims to identify interesting claims about the sensitive data that can be verified with 100% certainty given the aggregates. Successful…

Machine Learning · Statistics 2025-06-12 Terrance Liu , Eileen Xiao , Adam Smith , Pratiksha Thaker , Zhiwei Steven Wu

Recent attacks on Machine Learning (ML) models such as evasion attacks with adversarial examples and models stealing through extraction attacks pose several security and privacy threats. Prior work proposes to use adversarial training to…

Machine Learning · Computer Science 2022-08-23 Kacem Khaled , Gabriela Nicolescu , Felipe Gohring de Magalhães

Machine learning models are vulnerable to simple model stealing attacks if the adversary can obtain output labels for chosen inputs. To protect against these attacks, it has been proposed to limit the information provided to the adversary…

Machine Learning · Computer Science 2018-12-14 Taesung Lee , Benjamin Edwards , Ian Molloy , Dong Su

Machine learning models are typically made available to potential client users via inference APIs. Model extraction attacks occur when a malicious client uses information gleaned from queries to the inference API of a victim model $F_V$ to…

Machine Learning · Computer Science 2023-03-01 Sebastian Szyller , Vasisht Duddu , Tommi Gröndahl , N. Asokan

Deep machine learning models are increasingly deployedin the wild for providing services to users. Adversaries maysteal the knowledge of these valuable models by trainingsubstitute models according to the inference results of thetargeted…

Cryptography and Security · Computer Science 2022-02-02 Chi Hong , Jiyue Huang , Lydia Y. Chen

Machine learning is being increasingly used by individuals, research institutions, and corporations. This has resulted in the surge of Machine Learning-as-a-Service (MLaaS) - cloud services that provide (a) tools and resources to learn the…

Machine Learning · Computer Science 2019-11-21 Varun Chandrasekaran , Kamalika Chaudhuri , Irene Giacomelli , Somesh Jha , Songbai Yan

Security of machine learning models is a concern as they may face adversarial attacks for unwarranted advantageous decisions. While research on the topic has mainly been focusing on the image domain, numerous industrial applications, in…

Machine learning models deployed as a service (MLaaS) are susceptible to model stealing attacks, where an adversary attempts to steal the model within a restricted access framework. While existing attacks demonstrate near-perfect…

Cryptography and Security · Computer Science 2022-04-26 Sunandini Sanyal , Sravanti Addepalli , R. Venkatesh Babu

In a model inversion attack, an adversary attempts to reconstruct the data records, used to train a target model, using only the model's output. In launching a contemporary model inversion attack, the strategies discussed are generally…

Cryptography and Security · Computer Science 2022-03-15 Dayong Ye , Tianqing Zhu , Shuai Zhou , Bo Liu , Wanlei Zhou

Model extraction is a severe threat to Machine Learning-as-a-Service systems, especially through data-free approaches, where dishonest users can replicate the functionality of a black-box target model without access to realistic data.…

Machine Learning · Computer Science 2025-09-16 Dat-Thinh Nguyen , Kim-Hung Le , Nhien-An Le-Khac

Machine learning models are vulnerable to adversarial examples. For the black-box setting, current substitute attacks need pre-trained models to generate adversarial examples. However, pre-trained models are hard to obtain in real-world…

Cryptography and Security · Computer Science 2020-04-01 Mingyi Zhou , Jing Wu , Yipeng Liu , Shuaicheng Liu , Ce Zhu