CISPA
Browse

File(s) not publicly available

Knockoff Nets: Stealing Functionality of Black-Box Models

conference contribution
posted on 2023-11-29, 18:10 authored by Tribhuvanesh Orekondy, Bernt Schiele, Mario FritzMario Fritz
Machine Learning (ML) models are increasingly deployed in the wild to perform a wide range of tasks. In this work, we ask to what extent can an adversary steal functionality of such "victim" models based solely on blackbox interactions: image in, predictions out. In contrast to prior work, we present an adversary lacking knowledge of train/test data used by the model, its internals, and semantics over model outputs. We formulate model functionality stealing as a two-step approach: (i) querying a set of input images to the blackbox model to obtain predictions; and (ii) training a "knockoff" with queried image-prediction pairs. We make multiple remarkable observations: (a) querying random images from a different distribution than that of the blackbox training data results in a well-performing knockoff; (b) this is possible even when the knockoff is represented using a different architecture; and (c) our reinforcement learning approach additionally improves query sample efficiency in certain settings and provides performance gains. We validate model functionality stealing on a range of datasets and tasks, as well as on a popular image analysis API where we create a reasonable knockoff for as little as $30.

History

Preferred Citation

Tribhuvanesh Orekondy, Bernt Schiele and Mario Fritz. Knockoff Nets: Stealing Functionality of Black-Box Models. In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2019.

Primary Research Area

  • Trustworthy Information Processing

Secondary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

IEEE Conference on Computer Vision and Pattern Recognition (CVPR)

Legacy Posted Date

2019-03-13

Open Access Type

  • Gold

BibTeX

@inproceedings{cispa_all_2812, title = "Knockoff Nets: Stealing Functionality of Black-Box Models", author = "Orekondy, Tribhuvanesh and Schiele, Bernt and Fritz, Mario", booktitle="{IEEE Conference on Computer Vision and Pattern Recognition (CVPR)}", year="2019", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC