Model extraction via active learning by fusing prior and posterior knowledge from unlabeled data

Abstract

As machine learning models become increasingly integrated into practical applications and are made accessible via public APIs, the risk of model extraction attacks has gained prominence. This study presents an innovative and efficient approach to model extraction attacks, aimed at reducing query costs and enhancing attack effectiveness. The method begins by leveraging a pre-trained model to identify high-confidence samples from unlabeled datasets. It then employs unsupervised contrastive learning to thoroughly dissect the structural nuances of these samples, constructing a dataset of high quality that precisely mirrors a variety of features. A mixed information confidence strategy is employed to refine the query set, effectively probing the decision boundaries of the target model. By integrating consistency regularization and pseudo-labeling techniques, reliance on authentic labels is minimized, thus improving the feature extraction capabilities and predictive precision of the surrogate models. Evaluation on four major datasets reveals that the models crafted through this method bear a close functional resemblance to the original models, with a real-world API test success rate of 62.35%, which vouches for the method’s validity.