Data-Free Model Extraction Attacks in the Context of Object Detection
This addresses a security vulnerability for object detection models in scenarios where private datasets are inaccessible, representing an incremental advance by extending data-free attacks to regression tasks in object detection.
The paper tackles the problem of model extraction attacks on object detection models without access to training data, proposing a data-free method that uses a generator to create queries and achieves significant results in extracting target models for predicting bounding box coordinates.
A significant number of machine learning models are vulnerable to model extraction attacks, which focus on stealing the models by using specially curated queries against the target model. This task is well accomplished by using part of the training data or a surrogate dataset to train a new model that mimics a target model in a white-box environment. In pragmatic situations, however, the target models are trained on private datasets that are inaccessible to the adversary. The data-free model extraction technique replaces this problem when it comes to using queries artificially curated by a generator similar to that used in Generative Adversarial Nets. We propose for the first time, to the best of our knowledge, an adversary black box attack extending to a regression problem for predicting bounding box coordinates in object detection. As part of our study, we found that defining a loss function and using a novel generator setup is one of the key aspects in extracting the target model. We find that the proposed model extraction method achieves significant results by using reasonable queries. The discovery of this object detection vulnerability will support future prospects for securing such models.