Title
Monitoring-Based Differential Privacy Mechanism Against Query Flooding-Based Model Extraction Attack
Abstract
Public intelligent services enabled by machine learning algorithms are vulnerable to model extraction attacks that can steal confidential information of the learning models through public queries. Though there are some protection options such as differential privacy (DP) and monitoring, which are considered promising techniques to mitigate this attack, we still find that the vulnerability persists. In this article, we propose an adaptive <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">query-flooding parameter duplication</i> (QPD) attack. The adversary can infer the model information with black-box access and no prior knowledge of any model parameters or training data via QPD. We also develop a defense strategy using DP called monitoring-based DP (MDP) against this new attack. In MDP, we first propose a novel real-time <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">model extraction status assessment</i> scheme called <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Monitor</i> to evaluate the situation of the model. Then, we design a method to guide the differential privacy budget allocation called APBA adaptively. Finally, all DP-based defenses with MDP could dynamically adjust the amount of noise added in the model response according to the result from <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Monitor</i> and effectively defends the QPD attack. Furthermore, we thoroughly evaluate and compare the QPD attack and MDP defense performance on real-world models with DP and monitoring protection.
Year
DOI
Venue
2022
10.1109/TDSC.2021.3069258
IEEE Transactions on Dependable and Secure Computing
Keywords
DocType
Volume
Machine learning,model extraction attack,extraction status assessment,differential privacy,privacy budget allocation
Journal
19
Issue
ISSN
Citations 
4
1545-5971
0
PageRank 
References 
Authors
0.34
10
6
Name
Order
Citations
PageRank
Haonan Yan100.34
Xiaoguang Li200.34
Hui Li381492.33
Jiamin Li400.34
Wenhai Sun500.68
Fenghua Li626334.70