SeminarsView all Seminars | Download ICal for this event
Model Extraction and Active Learning
Series: M.Tech (Research) Colloquium
Speaker: Mr. Aditya Shukla M.Tech (Research) Student Dept. of CSA
Date/Time: Jan 22 10:00:00
Location: CSA Seminar Hall (Room No. 254, First Floor)
Faculty Advisor: Prof. Vinod Ganapathy
Machine learning models trained on a confidential dataset are increasingly being deployed for profit. Machine Learning as a Service (MLaaS) has made such models easily accessible to end-users. They can use it directly as a back-box module to query an input sample and get its corresponding prediction. Prior work has shown that it is possible to extract these models. They developed model extraction attacks that extract an approximation of the MLaaS model by making black-box queries to it. However, none of them satisfy all the four criteria essential for practical model extraction: (i) the ability to extract deep learning models, (ii) non-requirement of domain knowledge, (iii) the ability to work with a limited query budget and (iv) non-requirement of annotations. In this work, we propose a novel model extraction framework that makes use of existing active learning techniques and unannotated public data to satisfy all of them. By using only 30% (30,000 samples) of the unannotated public data, our model extraction framework on an average achieves a performance of 4.70x over uniform noise baseline. We further introduce an ensemble active learning technique by combining two existing state-of-the-art active learning techniques, i.e., DeepFool based Active Learning (DFAL) and Coreset active learning. We empirically show that the ensemble active learning technique, in general, performs better than DFAL and it turns out to be a winner in the majority of our experiments. Finally, we show that our proposed model extraction attack cannot be detected by a state-of-the-art detection method, PRADA, that monitors the distribution of distances between queries for deviation from the normal distribution.