English
Related papers

Related papers: Marich: A Query-efficient Distributionally Equival…

200 papers

Machine-Learning-as-a-Service providers expose machine learning (ML) models through application programming interfaces (APIs) to developers. Recent work has shown that attackers can exploit these APIs to extract good approximations of such…

Machine Learning · Computer Science 2021-07-13 Soham Pal , Yash Gupta , Aditya Kanade , Shirish Shevade

Membership inference attacks are designed to determine, using black box access to trained models, whether a particular example was used in training or not. Membership inference can be formalized as a hypothesis testing problem. The most…

Machine Learning · Computer Science 2023-07-10 Martin Bertran , Shuai Tang , Michael Kearns , Jamie Morgenstern , Aaron Roth , Zhiwei Steven Wu

Model inversion (MI) attacks are aimed at reconstructing training data from model parameters. Such attacks have triggered increasing concerns about privacy, especially given a growing number of online model repositories. However, existing…

Machine Learning · Computer Science 2021-08-20 Si Chen , Mostafa Kahla , Ruoxi Jia , Guo-Jun Qi

Model extraction emerges as a critical security threat with attack vectors exploiting both algorithmic and implementation-based approaches. The main goal of an attacker is to steal as much information as possible about a protected victim…

Cryptography and Security · Computer Science 2024-11-18 Kevin Hector , Pierre-Alain Moellic , Mathieu Dumont , Jean-Max Dutertre

The widespread use of deep learning technology across various industries has made deep neural network models highly valuable and, as a result, attractive targets for potential attackers. Model extraction attacks, particularly query-based…

Cryptography and Security · Computer Science 2023-12-25 Zeyu Li , Chenghui Shi , Yuwen Pu , Xuhong Zhang , Yu Li , Jinbao Li , Shouling Ji

Pre-trained large language models, such as GPT\nobreakdash-2 and BERT, are often fine-tuned to achieve state-of-the-art performance on a downstream task. One natural example is the ``Smart Reply'' application where a pre-trained model is…

Cryptography and Security · Computer Science 2023-09-06 Bargav Jayaraman , Esha Ghosh , Melissa Chase , Sambuddha Roy , Wei Dai , David Evans

Machine learning models are shown to face a severe threat from Model Extraction Attacks, where a well-trained private model owned by a service provider can be stolen by an attacker pretending as a client. Unfortunately, prior works focus on…

Machine Learning · Computer Science 2021-12-02 Bang Wu , Xiangwen Yang , Shirui Pan , Xingliang Yuan

Recent advancements in diffusion models have enabled high-fidelity and photorealistic image generation across diverse applications. However, these models also present security and privacy risks, including copyright violations, sensitive…

Computer Vision and Pattern Recognition · Computer Science 2025-06-10 Jiacheng Shi , Yanfu Zhang , Huajie Shao , Ashley Gao

Data-free model stealing involves replicating the functionality of a target model into a substitute model without accessing the target model's structure, parameters, or training data. The adversary can only access the target model's…

Cryptography and Security · Computer Science 2024-12-23 Gaozheng Pei , Shaojie lyu , Ke Ma , Pinci Yang , Qianqian Xu , Yingfei Sun

The privacy of machine learning models has become a significant concern in many emerging Machine-Learning-as-a-Service applications, where prediction services based on well-trained models are offered to users via pay-per-query. The lack of…

Machine Learning · Computer Science 2022-06-24 Xun Xian , Mingyi Hong , Jie Ding

We investigate whether model extraction can be used to "steal" the weights of sequential recommender systems, and the potential threats posed to victims of such attacks. This type of risk has attracted attention in image and text…

Cryptography and Security · Computer Science 2021-09-06 Zhenrui Yue , Zhankui He , Huimin Zeng , Julian McAuley

In model extraction attacks, the goal is to reveal the parameters of a black-box machine learning model by querying the model for a selected set of data points. Due to an increasing demand for explanations, this may involve counterfactual…

Optimization and Control · Mathematics 2026-03-04 Daan Otto , Jannis Kurtz , Dick den Hertog , Ilker Birbil

This paper investigates a class of attacks targeting the confidentiality aspect of security in Deep Reinforcement Learning (DRL) policies. Recent research have established the vulnerability of supervised machine learning models (e.g.,…

Machine Learning · Computer Science 2019-06-05 Vahid Behzadan , William Hsu

With the growing deployment of sequential recommender systems in e-commerce and other fields, their black-box interfaces raise security concerns: models are vulnerable to extraction and subsequent adversarial manipulation. Existing…

Information Retrieval · Computer Science 2026-02-13 Hongyue Zhang , Mingming Li , Dongqin Liu , Hui Wang , Yaning Zhang , Xi Zhou , Honglei Lv , Jiao Dai , Jizhong Han

Machine learning models are critically susceptible to evasion attacks from adversarial examples. Generally, adversarial examples, modified inputs deceptively similar to the original input, are constructed under whitebox settings by…

Machine Learning · Computer Science 2023-03-27 Viet Quoc Vo , Ehsan Abbasnejad , Damith C. Ranasinghe

With increasingly deployed deep neural networks in sensitive application domains, such as healthcare and security, it's essential to understand what kind of sensitive information can be inferred from these models. Most known model-targeted…

Machine Learning · Computer Science 2025-01-28 Yuechun Gu , Jiajie He , Keke Chen

Model extraction attacks are a kind of attacks in which an adversary obtains a new model, whose performance is equivalent to that of a target model, via query access to the target model efficiently, i.e., fewer datasets and computational…

Cryptography and Security · Computer Science 2020-02-04 Tatsuya Takemura , Naoto Yanai , Toru Fujiwara

The advance of explainable artificial intelligence, which provides reasons for its predictions, is expected to accelerate the use of deep neural networks in the real world like Machine Learning as a Service (MLaaS) that returns predictions…

Cryptography and Security · Computer Science 2021-07-20 Takayuki Miura , Satoshi Hasegawa , Toshiki Shibahara

Model extraction attacks are designed to steal trained models with only query access, as is often provided through APIs that ML-as-a-Service providers offer. Machine Learning (ML) models are expensive to train, in part because data is hard…

Machine Learning · Computer Science 2024-06-14 Avital Shafran , Ilia Shumailov , Murat A. Erdogdu , Nicolas Papernot

Decision-based attacks construct adversarial examples against a machine learning (ML) model by making only hard-label queries. These attacks have mainly been applied directly to standalone neural networks. However, in practice, ML models…

Cryptography and Security · Computer Science 2023-07-24 Chawin Sitawarin , Florian Tramèr , Nicholas Carlini