MExMI: Pool-based Active Model Extraction Crossover Membership Inference
Dec 6, 2022
Speakers
Yaxin Xiao
Speaker · 0 followers
Qingqing Ye
Speaker · 0 followers
Huadi Zheng
Speaker · 0 followers
Chengfang Fang
Speaker · 0 followers
About
With increasing popularity of Machine Learning as a Service (MLaaS), ML models trained from public and proprietary data are deployed in the cloud and deliver prediction services to users. However, as the prediction API becomes a new attack surface, growing concerns have arisen on the confidentiality of ML models. Existing literatures show their vulnerability under model extraction (ME) attacks, while their private training data is vulnerable to another type of attacks, namely, membership inference (MI). In this paper, we show that ME and MI can reinforce each other through a chained and iterative reaction, which can significantly boost ME attack accuracy and improve MI by saving the query cost. As such, we build a framework MExMI for pool-based active model extraction (PAME) to exploit MI through three modules: “MI Pre-Filter”, “MI Post-Filter”, and “semi-supervised boosting”. Experimental results show that MExMI can improve up to 11.14With increasing popularity of Machine Learning as a Service (MLaaS), ML models trained from public and proprietary data are deployed in the cloud and deliver prediction services to users. However, as the prediction API becomes a new attack surface, growing concerns have arisen on the confidentiality of ML models. Existing literatures show their vulnerability under model extraction (ME) attacks, while their private training data is vulnerable to another type of attacks, namely, membership inferen…
Organizer
NeurIPS 2022
Account · 952 followers
Like the format? Trust SlidesLive to capture your next event!
Professional recording and live streaming, delivered globally.
Sharing
Recommended Videos
Presentations on similar topic, category or speaker
Generative Neural Articulated Radiance Fields
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Adaptively Exploiting d-Separators with Causal Bandits
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Deep Hierarchical Planning from Pixels
Watch later
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
AutoST: Towards the Universal Modeling of Spatio-temporal Sequences
Watch later
Jianxin Li, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Beyond Not-Forgetting: Continual Learning with Backward Knowledge Transfer
Watch later
Sen Lin, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%
Efficient identification of informative features in simulation-based inference
Watch later
Jonas Beck, …
Total of 0 viewers voted for saving the presentation to eternal vault which is 0.0%