Model Extraction Warning in MLaaS Paradigm

TL;DR

This paper introduces a cloud-based monitoring system that detects potential model extraction attacks in MLaaS platforms by analyzing query-response patterns, using information gain and query summaries to assess model learning.

Contribution

It proposes novel, low-overhead techniques for real-time detection of model extraction attacks, enhancing security for MLaaS providers.

Findings

Effective detection of extraction attacks on decision trees

Low computational overhead of proposed monitoring techniques

Successful application on BigML platform with various attack strategies

Abstract

Cloud vendors are increasingly offering machine learning services as part of their platform and services portfolios. These services enable the deployment of machine learning models on the cloud that are offered on a pay-per-query basis to application developers and end users. However recent work has shown that the hosted models are susceptible to extraction attacks. Adversaries may launch queries to steal the model and compromise future query payments or privacy of the training data. In this work, we present a cloud-based extraction monitor that can quantify the extraction status of models by observing the query and response streams of both individual and colluding adversarial users. We present a novel technique that uses information gain to measure the model learning rate by users with increasing number of queries. Additionally, we present an alternate technique that maintains intelligent query summaries to measure the learning rate relative to the coverage of the input feature space in the presence of collusion. Both these approaches have low computational overhead and can easily be offered as services to model owners to warn them of possible extraction attacks from adversaries. We present performance results for these approaches for decision tree models deployed on BigML MLaaS platform, using open source datasets and different adversarial attack strategies.