@inproceedings{d258533d99634199aebac2292daa6a67,
title = "ACTIVETHIEF: Model extraction using active learning and unannotated public data",
abstract = "Machine learning models are increasingly being deployed in practice. Machine Learning as a Service (MLaaS) providers expose such models to queries by third-party developers through application programming interfaces (APIs). Prior work has developed model extraction attacks, in which an attacker extracts an approximation of an MLaaS model by making black-box queries to it. We design ACTIVETHIEF – a model extraction framework for deep neural networks that makes use of active learning techniques and unannotated public datasets to perform model extraction. It does not expect strong domain knowledge or access to annotated data on the part of the attacker. We demonstrate that (1) it is possible to use ACTIVETHIEF to extract deep classifiers trained on a variety of datasets from image and text domains, while querying the model with as few as 10-30% of samples from public datasets, (2) the resulting model exhibits a higher transferability success rate of adversarial examples than prior work, and (3) the attack evades detection by the state-of-the-art model extraction detection method, PRADA.",
author = "Soham Pal and Yash Gupta and Aditya Shukla and Aditya Kanade and Shirish Shevade and Vinod Ganapathy",
note = "Publisher Copyright: Copyright {\textcopyright} 2020, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.; 34th AAAI Conference on Artificial Intelligence, AAAI 2020 ; Conference date: 07-02-2020 Through 12-02-2020",
year = "2020",
language = "English (US)",
series = "AAAI 2020 - 34th AAAI Conference on Artificial Intelligence",
publisher = "AAAI press",
pages = "865--872",
booktitle = "AAAI 2020 - 34th AAAI Conference on Artificial Intelligence",
}