Data-Free Model Extraction Attacks in the Context of Object Detection

TL;DR

This paper introduces a novel data-free black-box attack method for object detection models, demonstrating how adversaries can extract models without access to training data, highlighting a new security vulnerability.

Contribution

It extends data-free model extraction techniques to object detection, proposing a new loss function and generator setup for effective black-box attacks.

Findings

Achieves significant extraction results with reasonable queries.

Extends data-free attacks to regression tasks in object detection.

Highlights vulnerability of object detection models to data-free attacks.

Abstract

A significant number of machine learning models are vulnerable to model extraction attacks, which focus on stealing the models by using specially curated queries against the target model. This task is well accomplished by using part of the training data or a surrogate dataset to train a new model that mimics a target model in a white-box environment. In pragmatic situations, however, the target models are trained on private datasets that are inaccessible to the adversary. The data-free model extraction technique replaces this problem when it comes to using queries artificially curated by a generator similar to that used in Generative Adversarial Nets. We propose for the first time, to the best of our knowledge, an adversary black box attack extending to a regression problem for predicting bounding box coordinates in object detection. As part of our study, we found that defining a loss function and using a novel generator setup is one of the key aspects in extracting the target model. We find that the proposed model extraction method achieves significant results by using reasonable queries. The discovery of this object detection vulnerability will support future prospects for securing such models.