Model Extraction Warning in MLaaS Paradigm

Cloud vendors are increasingly offering machine learning services as part of their platform and services portfolios. These services enable the deployment of machine learning models on the cloud that are offered on a pay-per-query basis to application developers and end users. However recent work has shown that the hosted models are susceptible to extraction attacks. Adversaries may launch queries to steal the model and compromise future query payments or privacy of the training data. In this work, we present a cloud-based extraction monitor that can quantify the extraction status of models by observing the query and response streams of both individual and colluding adversarial users. We present a novel technique that uses information gain to measure the model learning rate by users with increasing number of queries. Additionally, we present an alternate technique that maintains intelligent query summaries to measure the learning rate relative to the coverage of the input feature space in the presence of collusion. Both these approaches have low computational overhead and can easily be offered as services to model owners to warn them of possible extraction attacks from adversaries. We present performance results for these approaches for decision tree models deployed on BigML MLaaS platform, using open source datasets and different adversarial attack strategies

An investigation of TREPAN utilising a continuous oracle model

TREPAN is decision tree algorithm that utilises artificial neural networks (ANNs) in order to improve partitioning conditions when sample data is sparse. When sample sizes are limited during the tree-induction process, TREPAN relies on an ANN oracle in order to create artificial sample instances. The original TREPAN implementation was limited to ANNs that were designed to be classification models. In other words, TREPAN was incapable of building decision trees from ANN models that were continuous in nature. Thus, the objective of this research was to modify the original implementation of TREPAN in order to develop and test decision trees derived from continuous-based ANN models. Though the modification were minor, they are significant because it provides researchers and practitioners an additional strategy to extract knowledge from a trained ANN regardless of its design. This research also explores how TEPAN's adjustable settings influence predictive performances based on a dataset's complexity and size.multi-class classification; decision trees; artificial neural networks; ANNs; TREPAN; C4.5; multilayer perceptron; MLP; generalised feed-forward; GFF; modular networks; genetic algorithms; techniques; strategies; continuous oracle; data analysis.