English
 
User Manual Privacy Policy Disclaimer Contact us
  Advanced SearchBrowse

Item

ITEM ACTIONSEXPORT

Released

Paper

Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks

MPS-Authors
/persons/resource/persons204096

Orekondy,  Tribhuvanesh
Computer Vision and Machine Learning, MPI for Informatics, Max Planck Society;

/persons/resource/persons45383

Schiele,  Bernt
Computer Vision and Machine Learning, MPI for Informatics, Max Planck Society;

Locator
There are no locators available
Fulltext (public)

arXiv:1906.10908.pdf
(Preprint), 6MB

Supplementary Material (public)
There is no public supplementary material available
Citation

Orekondy, T., Schiele, B., & Fritz, M. (2019). Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks. Retrieved from http://arxiv.org/abs/1906.10908.


Cite as: http://hdl.handle.net/21.11116/0000-0003-EC93-D
Abstract
With the advances of ML models in recent years, we are seeing an increasing number of real-world commercial applications and services e.g., autonomous vehicles, medical equipment, web APIs emerge. Recent advances in model functionality stealing attacks via black-box access (i.e., inputs in, predictions out) threaten the business model of such ML applications, which require a lot of time, money, and effort to develop. In this paper, we address the issue by studying defenses for model stealing attacks, largely motivated by a lack of effective defenses in literature. We work towards the first defense which introduces targeted perturbations to the model predictions under a utility constraint. Our approach introduces the perturbations targeted towards manipulating the training procedure of the attacker. We evaluate our approach on multiple datasets and attack scenarios across a range of utility constrains. Our results show that it is indeed possible to trade-off utility (e.g., deviation from original prediction, test accuracy) to significantly reduce effectiveness of model stealing attacks.