Loading [MathJax]/extensions/MathMenu.js
Augmenting Model Extraction Attacks Against Disruption-Based Defenses | IEEE Journals & Magazine | IEEE Xplore

Augmenting Model Extraction Attacks Against Disruption-Based Defenses


Abstract:

Existing research has demonstrated that deep neural networks are susceptible to model extraction attacks, where an attacker can construct a substitute model with similar ...Show More

Abstract:

Existing research has demonstrated that deep neural networks are susceptible to model extraction attacks, where an attacker can construct a substitute model with similar functionality to the victim model by querying the black-box victim model. To counter such attacks, various disruption-based defenses have been proposed. These defenses disrupt the output results of queries before returning them to potential attackers. In this paper, we propose the first defense-penetrating model extraction attack framework, aimed at breaking disruption-based defense methods. Our proposed attack framework comprises two key modules: disruption detection and disruption recovery, which can be integrated into generic model extraction attacks. Specifically, the disruption detection module uses a novel meta-learning-based algorithm to infer the defense strategy employed by the defender, by learning the key differences between the distributions of disrupted and undisrupted query results. Once the defense method is inferred, the disruption recovery module is designed to restore clean query results from the disrupted query results, using a carefully-designed generative model. We conducted extensive experiments on 5 commonly-used datasets to evaluate the effectiveness of our proposed framework. The results demonstrate that the substitute model accuracy of current model extraction attacks can be significantly improved by up to 82.42%, even when faced with four state-of-the-art model extraction defenses. Moreover, our attack approach shows promising results in penetrating unknown defenses in real-world cloud service APIs hosted by Microsoft Azure and Face++.
Page(s): 531 - 546
Date of Publication: 11 December 2024

ISSN Information:

Funding Agency:


References

References is not available for this document.