Model-Guardian: Protecting against Data-Free Model Stealing Using Gradient Representations and Deceptive Predictions
This addresses the threat of model confidentiality breaches for cloud-based AI services, representing an incremental improvement over prior defenses.
The paper tackles the problem of data-free model stealing attacks on cloud-deployed machine learning models by introducing Model-Guardian, a defense framework that uses gradient representations and deceptive predictions, achieving state-of-the-art performance by outperforming eleven existing defense methods in experiments on seven attack types.
Model stealing attack is increasingly threatening the confidentiality of machine learning models deployed in the cloud. Recent studies reveal that adversaries can exploit data synthesis techniques to steal machine learning models even in scenarios devoid of real data, leading to data-free model stealing attacks. Existing defenses against such attacks suffer from limitations, including poor effectiveness, insufficient generalization ability, and low comprehensiveness. In response, this paper introduces a novel defense framework named Model-Guardian. Comprising two components, Data-Free Model Stealing Detector (DFMS-Detector) and Deceptive Predictions (DPreds), Model-Guardian is designed to address the shortcomings of current defenses with the help of the artifact properties of synthetic samples and gradient representations of samples. Extensive experiments on seven prevalent data-free model stealing attacks showcase the effectiveness and superior generalization ability of Model-Guardian, outperforming eleven defense methods and establishing a new state-of-the-art performance. Notably, this work pioneers the utilization of various GANs and diffusion models for generating highly realistic query samples in attacks, with Model-Guardian demonstrating accurate detection capabilities.