Smoothing the Black-Box: Signed-Distance Supervision for Black-Box Model Copying
This addresses the practical need for refactoring deployed machine learning systems without access to original data or model internals, though it is an incremental improvement over existing copying methods.
The paper tackled the problem of black-box model copying with only hard-label outputs, which leads to inefficient boundary geometry recovery, by proposing a signed-distance supervision framework that converts copying into a smooth regression problem. The result showed consistent improvements in fidelity and generalization accuracy over baselines on synthetic and UCI benchmarks.
Deployed machine learning systems must continuously evolve as data, architectures, and regulations change, often without access to original training data or model internals. In such settings, black-box copying provides a practical refactoring mechanism, i.e. upgrading legacy models by learning replicas from input-output queries alone. When restricted to hard-label outputs, copying turns into a discontinuous surface reconstruction problem from pointwise queries, severely limiting the ability to recover boundary geometry efficiently. We propose a distance-based copying (distillation) framework that replaces hard-label supervision with signed distances to the teacher's decision boundary, converting copying into a smooth regression problem that exploits local geometry. We develop an $α$-governed smoothing and regularization scheme with Hölder/Lipschitz control over the induced target surface, and introduce two model-agnostic algorithms to estimate signed distances under label-only access. Experiments on synthetic problems and UCI benchmarks show consistent improvements in fidelity and generalization accuracy over hard-label baselines, while enabling distance outputs as uncertainty-related signals for black-box replicas.