Stealing Hyperparameters in Machine Learning

TL;DR

This paper introduces hyperparameter stealing attacks that can accurately extract hyperparameters from various machine learning models, highlighting the need for new defenses to protect model confidentiality.

Contribution

It presents novel attack methods for stealing hyperparameters across multiple algorithms, both theoretically and empirically evaluated.

Findings

Attacks successfully steal hyperparameters from models like SVMs and neural networks.

Empirical evaluation on Amazon ML demonstrates high accuracy of attacks.

Countermeasures are studied, revealing vulnerabilities in current defenses.

Abstract

Hyperparameters are critical in machine learning, as different hyperparameters often result in models with significantly different performance. Hyperparameters may be deemed confidential because of their commercial value and the confidentiality of the proprietary algorithms that the learner uses to learn them. In this work, we propose attacks on stealing the hyperparameters that are learned by a learner. We call our attacks hyperparameter stealing attacks. Our attacks are applicable to a variety of popular machine learning algorithms such as ridge regression, logistic regression, support vector machine, and neural network. We evaluate the effectiveness of our attacks both theoretically and empirically. For instance, we evaluate our attacks on Amazon Machine Learning. Our results demonstrate that our attacks can accurately steal hyperparameters. We also study countermeasures. Our results highlight the need for new defenses against our hyperparameter stealing attacks for certain machine learning algorithms.