Recently, machine learning (ML) has introduced advanced solutions to many
domains. Since ML models provide business advantage to model owners, protecting
intellectual property of ML models has emerged as an important consideration.
Confidentiality of ML models can be protected by expos
以查询访问方式为前提设计的模型提取攻击旨在通过机器学习即服务提供商所提供的 API 获取已训练模型,该攻击的主要动机在于以比重新训练模型更低的成本获取模型。然而,我们的研究显示,攻击者常常无法节约数据采集和标注成本,并且攻击成功与攻击者的先验知识密切相关。因此,对于预算有限但仍想要开发具有相同能力的模型的攻击者而言,模型提取攻击的实际意义值得商榷。最终,我们提出了一种评估攻击策略的基准方案,明确将先验知识的影响与攻击策略分离。