Current browse context:
cs.CR
Change to browse by:
References & Citations
Computer Science > Cryptography and Security
Title: Increasing the Cost of Model Extraction with Calibrated Proof of Work
(Submitted on 23 Jan 2022 (v1), last revised 12 Dec 2022 (this version, v3))
Abstract: In model extraction attacks, adversaries can steal a machine learning model exposed via a public API by repeatedly querying it and adjusting their own model based on obtained predictions. To prevent model stealing, existing defenses focus on detecting malicious queries, truncating, or distorting outputs, thus necessarily introducing a tradeoff between robustness and model utility for legitimate users. Instead, we propose to impede model extraction by requiring users to complete a proof-of-work before they can read the model's predictions. This deters attackers by greatly increasing (even up to 100x) the computational effort needed to leverage query access for model extraction. Since we calibrate the effort required to complete the proof-of-work to each query, this only introduces a slight overhead for regular users (up to 2x). To achieve this, our calibration applies tools from differential privacy to measure the information revealed by a query. Our method requires no modification of the victim model and can be applied by machine learning practitioners to guard their publicly exposed models against being easily stolen.
Submission history
From: Adam Dziedzic [view email][v1] Sun, 23 Jan 2022 12:21:28 GMT (1666kb,D)
[v2] Tue, 19 Jul 2022 18:19:00 GMT (1667kb,D)
[v3] Mon, 12 Dec 2022 16:11:45 GMT (1667kb,D)
Link back to: arXiv, form interface, contact.