CISPA
Browse
cispa_all_3794.pdf (1.19 MB)

Teacher Model Fingerprinting Attacks Against Transfer Learning

Download (1.19 MB)
conference contribution
posted on 2023-11-29, 18:22 authored by Yufei Chen, Chao Shen, Cong Wang, Yang ZhangYang Zhang
Transfer learning has become a common solution to address training data scarcity in practice. It trains a specified student model by reusing or fine-tuning early layers of a well-trained teacher model that is usually publicly available. However, besides utility improvement, the transferred public knowledge also brings potential threats to model confidentiality, and even further raises other security and privacy issues. In this paper, we present the first comprehensive investigation of the teacher model exposure threat in the transfer learning context, aiming to gain a deeper insight into the tension between public knowledge and model confidentiality. To this end, we propose a teacher model fingerprinting attack to infer the origin of a student model, i.e., the teacher model it transfers from. Specifically, we propose a novel optimizationbased method to carefully generate queries to probe the student model to realize our attack. Unlike existing model reverse engineering approaches, our proposed fingerprinting method neither relies on fine-grained model outputs, e.g., posteriors, nor auxiliary information of the model architecture or training dataset. We systematically evaluate the effectiveness of our proposed attack. The empirical results demonstrate that our attack can accurately identify the model origin with few probing queries. Moreover, we show that the proposed attack can serve as a stepping stone to facilitating other attacks against machine learning models, such as model stealing.

History

Preferred Citation

Yufei Chen, Chao Shen, Cong Wang and Yang Zhang. Teacher Model Fingerprinting Attacks Against Transfer Learning. In: Usenix Security Symposium (USENIX-Security). 2022.

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

Usenix Security Symposium (USENIX-Security)

Legacy Posted Date

2022-10-12

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3794, title = "Teacher Model Fingerprinting Attacks Against Transfer Learning", author = "Chen, Yufei and Shen, Chao and Wang, Cong and Zhang, Yang", booktitle="{Usenix Security Symposium (USENIX-Security)}", year="2022", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC