CISPA
Browse
19_on_the_limitations_of_model_st.pdf (342.95 kB)

On the Limitations of Model Stealing with Uncertainty Quantification Models

Download (342.95 kB)
conference contribution
posted on 2024-02-19, 09:35 authored by David Pape, Sina Däubener, Thosten Eisenhofer, Antonio Emanuele Cinà, Lea Schönherr
Model stealing aims at inferring a victim model's functionality at a fraction of the original training cost. While the goal is clear, in practice the model's architecture, weight dimension, and original training data can not be determined exactly, leading to mutual uncertainty during stealing. In this work, we explicitly tackle this uncertainty by generating multiple possible networks and combining their predictions to improve the quality of the stolen model. For this, we compare five popular uncertainty quantification models in a model stealing task. Surprisingly, our results indicate that the considered models only lead to marginal improvements in terms of label agreement (i.e., fidelity) to the stolen model. To find the cause of this, we inspect the diversity of the model's prediction by looking at the prediction variance as a function of training iterations. We realize that during training, the models tend to have similar predictions, indicating that the network diversity we wanted to leverage using uncertainty quantification models is not (high) enough for improvements on the model stealing task.

History

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

European Symposium on Artificial Neural Networks Computational Intelligence and Machine Learning (ESANN)

Journal

CoRR

Volume

abs/2305.05293

Page Range

133-138

Publisher

Universite Catholique de Louvain

Open Access Type

  • Unknown

BibTeX

@conference{Pape:Däubener:Eisenhofer:Cinà:Schönherr:2023, title = "On the Limitations of Model Stealing with Uncertainty Quantification Models", author = "Pape, David" AND "Däubener, Sina" AND "Eisenhofer, Thosten" AND "Cinà, Antonio Emanuele" AND "Schönherr, Lea", year = 2023, month = 10, journal = "CoRR", pages = "133--138", publisher = "Universite Catholique de Louvain", doi = "10.14428/esann/2023.es2023-125" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC