Name
Abstract | ||
|---|---|---|
We argue that the machine learning problem of model extraction is actually a cryptanalytic problem in disguise, and should be studied as such. Given oracle access to a neural network, we introduce a differential attack that can efficiently steal the parameters of the remote model up to floating point precision. Our attack relies on the fact that ReLU neural networks are piecewise linear functions, and thus queries at the critical points reveal information about the model parameters. |
Year | DOI | Venue |
|---|---|---|
2020 | 10.1007/978-3-030-56877-1_7 | CRYPTO (3) |
DocType | Citations | PageRank |
Conference | 2 | 0.39 |
References | Authors | |
24 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Nicholas Carlini | 1 | 1599 | 63.23 |
| Matthew Jagielski | 2 | 47 | 5.62 |
| Ilya Mironov | 3 | 1680 | 128.98 |