Stealing Machine Learning Models via Prediction APIs

Tramèr, Florian; Zhang, Fan; Juels, Ari; Reiter, Michael K.; Ristenpart, Thomas

doi:10.48550/arxiv.1609.02943

preprintarXiv (Cornell University)Sep 9, 2016GREEN OA

Stealing Machine Learning Models via Prediction APIs

FTFlorian Tramèr FZFan Zhang AJAri Juels MKMichael K. Reiter TRThomas Ristenpart

Cornell University · Jacobs Institute · +2 more institutions

Indexed inarxivdatacite

Abstract

Machine learning (ML) models may be deemed confidential due to their sensitive training data, commercial value, or use in security applications. Increasingly often, confidential ML models are being deployed with publicly accessible query interfaces. ML-as-a-service ("predictive analytics") systems are an example: Some allow users to train models on potentially sensitive data and charge others for access on a pay-per-query basis. The tension between model confidentiality and public access motivates our investigation of model extraction attacks. In such attacks, an adversary with black-box access, but no prior knowledge of an ML model's parameters or training data, aims to duplicate the functionality of (i.e.,…

Citation impact

733

total citations

FWCI: —
Percentile: —
References: 0

Citations per year

Authors

5

Topics & keywords

Topics

Keywords

Computer science
Machine learning
Artificial intelligence
Lasso (programming language)
Support vector machine
Confidentiality
Analytics
Threat model

UN Sustainable Development Goals

Peace, Justice and strong institutions

No related works found for this paper.