Model extraction via active learning by fusing prior and posterior knowledge from unlabeled data

As machine learning models become increasingly integrated into practical applications and are made accessible via public APIs, the risk of model extraction attacks has gained prominence. This study presents an innovative and efficient approach to model extraction attacks, aimed at reducing query cos...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of intelligent & fuzzy systems 2024-03, p.1-16
Hauptverfasser: Gao, Lijun, Liu, Kai, Liu, Wenjun, Wu, Jiehong, Jin, Xiao
Format: Artikel
Sprache:eng
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:As machine learning models become increasingly integrated into practical applications and are made accessible via public APIs, the risk of model extraction attacks has gained prominence. This study presents an innovative and efficient approach to model extraction attacks, aimed at reducing query costs and enhancing attack effectiveness. The method begins by leveraging a pre-trained model to identify high-confidence samples from unlabeled datasets. It then employs unsupervised contrastive learning to thoroughly dissect the structural nuances of these samples, constructing a dataset of high quality that precisely mirrors a variety of features. A mixed information confidence strategy is employed to refine the query set, effectively probing the decision boundaries of the target model. By integrating consistency regularization and pseudo-labeling techniques, reliance on authentic labels is minimized, thus improving the feature extraction capabilities and predictive precision of the surrogate models. Evaluation on four major datasets reveals that the models crafted through this method bear a close functional resemblance to the original models, with a real-world API test success rate of 62.35%, which vouches for the method’s validity.
ISSN:1064-1246
1875-8967
DOI:10.3233/JIFS-239504