Proceedings of the
The Nineteenth International Conference on Computational Intelligence and Security (CIS 2023)
December 1 – 4, 2023, Haikou, China
LBME: Low-Budget Model Extraction Based on GAN
1College of Cyberspace Security, Hainan University, China.
2National Computer Network Intrusion Prevention Center, University of Chinese Academy of Sciences and School of Cyber Engineering, Xidian University, China
ABSTRACT
With deep neural networks demonstrating outstanding performance in multiple fields, trained models have gained high commercial value and intellectual property attributes. Model extraction attacks involve accessing a victim's model in a black-box manner to steal the functionality of a model deployed on the cloud. It's important to note that the query frequency of the victim model is often limited and comes at a high cost. Existing model extraction attacks focus on improving their frameworks to enhance the success rate of the model extractions. Given this premise, we develop a low-budget model extraction (LBME) that relies on image similarities to filter images, thereby reducing the query budget during the model extraction process. We find that selecting appropriate image similarity metrics is crucial to the extent of budget reductions. We successfully implemented efficient model extraction on the SVHN and CIFAR10 datasets. The results show that our approach can reduce query budgets by over 35% in these attacks. It also exhibits high versatility. Whenever there is a need to generate images to incur query costs through the victim model, budget reductions can be achieved. Through comparative experiments with other strategies, we determine which image attributes should be retained or removed, thereby revealing, to some extent, the nature of deep neural networks in model extractions.
Keywords: Model extractions, Budget reductions, Image similarities, Black-box attacks, Machine learning.
Download PDF
1College of Cyberspace Security, Hainan University, China.
2National Computer Network Intrusion Prevention Center, University of Chinese Academy of Sciences and School of Cyber Engineering, Xidian University, China
ABSTRACT
With deep neural networks demonstrating outstanding performance in multiple fields, trained models have gained high commercial value and intellectual property attributes. Model extraction attacks involve accessing a victim's model in a black-box manner to steal the functionality of a model deployed on the cloud. It's important to note that the query frequency of the victim model is often limited and comes at a high cost. Existing model extraction attacks focus on improving their frameworks to enhance the success rate of the model extractions. Given this premise, we develop a low-budget model extraction (LBME) that relies on image similarities to filter images, thereby reducing the query budget during the model extraction process. We find that selecting appropriate image similarity metrics is crucial to the extent of budget reductions. We successfully implemented efficient model extraction on the SVHN and CIFAR10 datasets. The results show that our approach can reduce query budgets by over 35% in these attacks. It also exhibits high versatility. Whenever there is a need to generate images to incur query costs through the victim model, budget reductions can be achieved. Through comparative experiments with other strategies, we determine which image attributes should be retained or removed, thereby revealing, to some extent, the nature of deep neural networks in model extractions.
Keywords: Model extractions, Budget reductions, Image similarities, Black-box attacks, Machine learning.
Download PDF