YoVDO

Stealing Machine Learning Models via Prediction APIs

Offered By: USENIX via YouTube

Tags

USENIX Security Courses Cybersecurity Courses Machine Learning Courses Decision Trees Courses Data Privacy Courses

Course Description

Overview

Explore a 28-minute conference talk from USENIX Security '16 that delves into the vulnerabilities of machine learning models deployed with public query interfaces. Learn about model extraction attacks where adversaries aim to duplicate confidential ML models using only black-box access. Discover simple yet efficient techniques for extracting logistic regression, neural network, and decision tree models with near-perfect fidelity. Examine real-world demonstrations against BigML and Amazon Machine Learning services. Investigate potential countermeasures and their limitations, including the impact of omitting confidence values from model outputs. Gain insights into the broader implications for ML model deployment and the need for robust protection strategies in the growing field of ML-as-a-service.

Syllabus

Intro
Machine Learning (ML) Systems
Model Extraction Attacks (Prior Work)
Main Results
Model Extraction Example: Logistic Regression
Generic Equation Solving Attacks
Online Attack AWS Machine Learning
Application: Model-Inversion Attacks Infer training data from trained models Fredrikson et al.- 2015
Extracting a Decision Tree
Countermeasures
Brief Announcement
Conclusion
Generic Model Retraining Attacks


Taught by

USENIX

Related Courses

Never Been KIST - Tor’s Congestion Management Blossoms with Kernel-Informed Socket Transport
USENIX via YouTube
Eclipse Attacks on Bitcoin’s Peer-to-Peer Network
USENIX via YouTube
Control-Flow Bending - On the Effectiveness of Control-Flow Integrity
USENIX via YouTube
Protecting Privacy of BLE Device Users
USENIX via YouTube
K-Fingerprinting - A Robust Scalable Website Fingerprinting Technique
USENIX via YouTube