MEAOD: Model Extraction Attack against Object Detectors

TL;DR

This paper introduces MEAOD, a novel query-based model extraction attack targeting object detection models, demonstrating over 70% effectiveness within a 10,000 query limit, highlighting security risks for MLaaS platforms.

Contribution

The paper presents MEAOD, a new attack method that improves extraction efficiency for object detectors using active learning and annotation updates, addressing a less-studied area.

Findings

Achieves over 70% extraction performance with 10k queries.

Effective in both gray-box and black-box scenarios.

Enhances attack success by dataset sample selection and annotation updates.

Abstract

The widespread use of deep learning technology across various industries has made deep neural network models highly valuable and, as a result, attractive targets for potential attackers. Model extraction attacks, particularly query-based model extraction attacks, allow attackers to replicate a substitute model with comparable functionality to the victim model and present a significant threat to the confidentiality and security of MLaaS platforms. While many studies have explored threats of model extraction attacks against classification models in recent years, object detection models, which are more frequently used in real-world scenarios, have received less attention. In this paper, we investigate the challenges and feasibility of query-based model extraction attacks against object detection models and propose an effective attack method called MEAOD. It selects samples from the attacker-possessed dataset to construct an efficient query dataset using active learning and enhances the categories with insufficient objects. We additionally improve the extraction effectiveness by updating the annotations of the query dataset. According to our gray-box and black-box scenarios experiments, we achieve an extraction performance of over 70% under the given condition of a 10k query budget.