2 research outputs found
Model Extraction Warning in MLaaS Paradigm
Cloud vendors are increasingly offering machine learning services as part of
their platform and services portfolios. These services enable the deployment of
machine learning models on the cloud that are offered on a pay-per-query basis
to application developers and end users. However recent work has shown that the
hosted models are susceptible to extraction attacks. Adversaries may launch
queries to steal the model and compromise future query payments or privacy of
the training data. In this work, we present a cloud-based extraction monitor
that can quantify the extraction status of models by observing the query and
response streams of both individual and colluding adversarial users. We present
a novel technique that uses information gain to measure the model learning rate
by users with increasing number of queries. Additionally, we present an
alternate technique that maintains intelligent query summaries to measure the
learning rate relative to the coverage of the input feature space in the
presence of collusion. Both these approaches have low computational overhead
and can easily be offered as services to model owners to warn them of possible
extraction attacks from adversaries. We present performance results for these
approaches for decision tree models deployed on BigML MLaaS platform, using
open source datasets and different adversarial attack strategies
An investigation of TREPAN utilising a continuous oracle model
TREPAN is decision tree algorithm that utilises artificial neural networks (ANNs) in order to improve partitioning conditions when sample data is sparse. When sample sizes are limited during the tree-induction process, TREPAN relies on an ANN oracle in order to create artificial sample instances. The original TREPAN implementation was limited to ANNs that were designed to be classification models. In other words, TREPAN was incapable of building decision trees from ANN models that were continuous in nature. Thus, the objective of this research was to modify the original implementation of TREPAN in order to develop and test decision trees derived from continuous-based ANN models. Though the modification were minor, they are significant because it provides researchers and practitioners an additional strategy to extract knowledge from a trained ANN regardless of its design. This research also explores how TEPAN's adjustable settings influence predictive performances based on a dataset's complexity and size.multi-class classification; decision trees; artificial neural networks; ANNs; TREPAN; C4.5; multilayer perceptron; MLP; generalised feed-forward; GFF; modular networks; genetic algorithms; techniques; strategies; continuous oracle; data analysis.