English
Related papers

Related papers: Can't Hide Behind the API: Stealing Black-Box Comm…

200 papers

We introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI's ChatGPT or Google's PaLM-2. Specifically, our attack recovers the embedding projection layer…

Machine learning (ML) models may be deemed confidential due to their sensitive training data, commercial value, or use in security applications. Increasingly often, confidential ML models are being deployed with publicly accessible query…

Cryptography and Security · Computer Science 2016-10-04 Florian Tramèr , Fan Zhang , Ari Juels , Michael K. Reiter , Thomas Ristenpart

Machine learning models deployed as a service (MLaaS) are susceptible to model stealing attacks, where an adversary attempts to steal the model within a restricted access framework. While existing attacks demonstrate near-perfect…

Cryptography and Security · Computer Science 2022-04-26 Sunandini Sanyal , Sravanti Addepalli , R. Venkatesh Babu

Machine-learning-as-a-service (MLaaS) has attracted millions of users to their splendid large-scale models. Although published as black-box APIs, the valuable models behind these services are still vulnerable to imitation attacks. Recently,…

Cryptography and Security · Computer Science 2022-09-07 Qiongkai Xu , Xuanli He , Lingjuan Lyu , Lizhen Qu , Gholamreza Haffari

Embeddings are functions that map raw input data to low-dimensional vector representations, while preserving important semantic information about the inputs. Pre-training embeddings on a large amount of unlabeled data and fine-tuning them…

Machine Learning · Computer Science 2020-08-21 Congzheng Song , Ananth Raghunathan

Model stealing attacks have become a serious concern for deep learning models, where an attacker can steal a trained model by querying its black-box API. This can lead to intellectual property theft and other security and privacy risks. The…

Machine Learning · Computer Science 2023-09-12 Kacem Khaled , Mouna Dhaouadi , Felipe Gohring de Magalhães , Gabriela Nicolescu

Transfer learning is a useful machine learning framework that allows one to build task-specific models (student models) without significantly incurring training costs using a single powerful model (teacher model) pre-trained with a large…

Machine Learning · Computer Science 2020-10-28 Seng Pei Liew , Tsubasa Takahashi

Diffusion models showcase strong capabilities in image synthesis, being used in many computer vision tasks with great success. To this end, we propose to explore a new use case, namely to copy black-box classification models without having…

Computer Vision and Pattern Recognition · Computer Science 2025-03-17 Vlad Hondru , Radu Tudor Ionescu

Self-Supervised Learning (SSL) is an increasingly popular ML paradigm that trains models to transform complex inputs into representations without relying on explicit labels. These representations encode similarity structures that enable…

Machine Learning · Computer Science 2022-06-30 Adam Dziedzic , Nikita Dhawan , Muhammad Ahmad Kaleem , Jonas Guan , Nicolas Papernot

In model extraction attacks, adversaries can steal a machine learning model exposed via a public API by repeatedly querying it and adjusting their own model based on obtained predictions. To prevent model stealing, existing defenses focus…

Cryptography and Security · Computer Science 2022-12-13 Adam Dziedzic , Muhammad Ahmad Kaleem , Yu Shen Lu , Nicolas Papernot

Recent advancements in diffusion models have enabled high-fidelity and photorealistic image generation across diverse applications. However, these models also present security and privacy risks, including copyright violations, sensitive…

Computer Vision and Pattern Recognition · Computer Science 2025-06-10 Jiacheng Shi , Yanfu Zhang , Huajie Shao , Ashley Gao

Previous studies have verified that the functionality of black-box models can be stolen with full probability outputs. However, under the more practical hard-label setting, we observe that existing methods suffer from catastrophic…

Computer Vision and Pattern Recognition · Computer Science 2022-09-27 Yixu Wang , Jie Li , Hong Liu , Yan Wang , Yongjian Wu , Feiyue Huang , Rongrong Ji

Machine learning models trained on confidential datasets are increasingly being deployed for profit. Machine Learning as a Service (MLaaS) has made such models easily accessible to end-users. Prior work has developed model extraction…

Machine Learning · Computer Science 2019-05-23 Soham Pal , Yash Gupta , Aditya Shukla , Aditya Kanade , Shirish Shevade , Vinod Ganapathy

The ever-increasing size of language models curtails their widespread availability to the community, thereby galvanizing many companies into offering access to large language models through APIs. One particular type, suitable for dense…

Information Retrieval · Computer Science 2023-07-10 Ehsan Kamalloo , Xinyu Zhang , Odunayo Ogundepo , Nandan Thakur , David Alfonso-Hermelo , Mehdi Rezagholizadeh , Jimmy Lin

Model extraction attacks are designed to steal trained models with only query access, as is often provided through APIs that ML-as-a-Service providers offer. Machine Learning (ML) models are expensive to train, in part because data is hard…

Machine Learning · Computer Science 2024-06-14 Avital Shafran , Ilia Shumailov , Murat A. Erdogdu , Nicolas Papernot

Obtaining a well-trained model involves expensive data collection and training procedures, therefore the model is a valuable intellectual property. Recent studies revealed that adversaries can `steal' deployed models even when they have no…

Cryptography and Security · Computer Science 2021-12-08 Yiming Li , Linghui Zhu , Xiaojun Jia , Yong Jiang , Shu-Tao Xia , Xiaochun Cao

Commercial Large Language Model (LLM) APIs create a fundamental trust problem: users pay for specific models but have no guarantee that providers deliver them faithfully. Providers may covertly substitute cheaper alternatives (e.g.,…

Computation and Language · Computer Science 2025-09-30 Will Cai , Tianneng Shi , Xuandong Zhao , Dawn Song

The emergence of Vec2Text -- a method for text embedding inversion -- has raised serious privacy concerns for dense retrieval systems which use text embeddings, such as those offered by OpenAI and Cohere. This threat comes from the ability…

Information Retrieval · Computer Science 2024-07-26 Shengyao Zhuang , Bevan Koopman , Xiaoran Chu , Guido Zuccon

Large language model (LLM) providers often hide the architectural details and parameters of their proprietary models by restricting public access to a limited API. In this work we show that, with only a conservative assumption about the…

Computation and Language · Computer Science 2024-11-11 Matthew Finlayson , Xiang Ren , Swabha Swayamdipta

Machine learning models are increasingly used for software security tasks. These models are commonly trained and evaluated on large Internet-derived datasets, which often contain duplicated or highly similar samples. When such samples are…

Cryptography and Security · Computer Science 2026-02-02 Farnaz Soltaniani , Mohammad Ghafari
‹ Prev 1 2 3 10 Next ›