Current browse context:
cs.LG
Change to browse by:
References & Citations
Computer Science > Machine Learning
Title: I Know What You Trained Last Summer: A Survey on Stealing Machine Learning Models and Defences
(Submitted on 16 Jun 2022 (v1), last revised 6 Jun 2023 (this version, v2))
Abstract: Machine Learning-as-a-Service (MLaaS) has become a widespread paradigm, making even the most complex machine learning models available for clients via e.g. a pay-per-query principle. This allows users to avoid time-consuming processes of data collection, hyperparameter tuning, and model training. However, by giving their customers access to the (predictions of their) models, MLaaS providers endanger their intellectual property, such as sensitive training data, optimised hyperparameters, or learned model parameters. Adversaries can create a copy of the model with (almost) identical behavior using the the prediction labels only. While many variants of this attack have been described, only scattered defence strategies have been proposed, addressing isolated threats. This raises the necessity for a thorough systematisation of the field of model stealing, to arrive at a comprehensive understanding why these attacks are successful, and how they could be holistically defended against. We address this by categorising and comparing model stealing attacks, assessing their performance, and exploring corresponding defence techniques in different settings. We propose a taxonomy for attack and defence approaches, and provide guidelines on how to select the right attack or defence strategy based on the goal and available resources. Finally, we analyse which defences are rendered less effective by current attack strategies.
Submission history
From: Rudolf Mayer [view email][v1] Thu, 16 Jun 2022 21:16:41 GMT (796kb,D)
[v2] Tue, 6 Jun 2023 09:52:41 GMT (3195kb,D)
Link back to: arXiv, form interface, contact.