Extracted BERT Model Leaks More Information than You Think!
Xuanli He, Chen Chen, Lingjuan Lyu, Qiongkai Xu
TL;DR
This paper demonstrates that extracting BERT models can lead to significant privacy leaks, revealing sensitive information despite existing defenses, highlighting the need for improved privacy-preserving techniques.
Contribution
It introduces an attribute inference attack on extracted BERT models and evaluates its effectiveness against models with defensive strategies.
Findings
Model extraction enables severe privacy leakage.
Existing defenses are insufficient against attribute inference attacks.
Privacy risks persist even with advanced model protections.
Abstract
The collection and availability of big data, combined with advances in pre-trained models (e.g. BERT), have revolutionized the predictive performance of natural language processing tasks. This allows corporations to provide machine learning as a service (MLaaS) by encapsulating fine-tuned BERT-based models as APIs. Due to significant commercial interest, there has been a surge of attempts to steal re mote services via model extraction. Although previous works have made progress in defending against model extraction attacks, there has been little discussion on their performance in preventing privacy leakage. This work bridges this gap by launching an attribute inference attack against the extracted BERT model. Our extensive experiments reveal that model extraction can cause severe privacy leakage even when victim models are facilitated with advanced defensive strategies.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Adversarial Robustness in Machine Learning · Digital and Cyber Forensics