Tuesday 08 April 2025
Researchers have discovered a new way to steal machine learning models, potentially putting intellectual property at risk. The technique, known as model stealing, involves training a substitute model that mimics the behavior of the original target model.
To carry out this attack, an attacker would need access to input-output pairs from the target model. This could be achieved by querying the model repeatedly with different inputs and observing the corresponding outputs. However, in many cases, the attacker may not have direct access to the model or its data.
In a new study, researchers have explored ways to optimize this attack process. They developed three query optimization methods: active learning, adversarial augmentation, and active adversarial augmentation. Active learning involves selecting the most informative samples from a dataset to query the target model. Adversarial augmentation involves modifying samples to make them more informative for the substitute model.
The researchers tested these methods on several machine learning models, including convolutional neural networks (CNNs) trained on image datasets like CIFAR-10. They found that active adversarial augmentation was the most effective method, allowing them to train a substitute model that achieved high accuracy and fidelity with minimal queries.
One of the key findings of this study is that the effectiveness of these query optimization methods depends heavily on the architecture of the target model. For example, CNNs were more susceptible to model stealing attacks than other types of models. This suggests that defenders may need to take specific steps to protect their models against these attacks.
The researchers also generated an artificial dataset using a pre-trained diffusion model to test the effectiveness of their methods in a data-free scenario. They used positive and negative prompts to generate images for each class, aiming to create a diverse and realistic dataset.
Overall, this study highlights the importance of protecting machine learning models from theft. As more organizations rely on AI and ML, it is crucial that we develop robust defenses against these types of attacks. By understanding how attackers can optimize their queries, we can better prepare ourselves to detect and prevent model stealing.
Cite this article: “Model Stealing: A Growing Concern in Deep Learning Security”, The Science Archive, 2025.
Machine Learning, Model Stealing, Intellectual Property, Query Optimization, Active Learning, Adversarial Augmentation, Active Adversarial Augmentation, Convolutional Neural Networks, Image Datasets, Data-Free Scenario.
