model extraction

Extraction of Complex DNN Models: Real Threat or Boogeyman? - Graduate Seminar

Prof.N.Asokan, Computer Science, University of Waterloo

May 8, 12:00 - 13:00

B9 L2 H2 H2

complex models Deep learning model extraction

The success of deep learning in many application domains has been nothing short of dramatic. The success has brought the spotlight onto security and privacy concerns with deep learning. One of them is the threat of "model extraction": when a machine learning model is made available to customers via an inference interface, a malicious customer can use repeated queries to this interface and use the information gained to construct a surrogate model. In this talk, I will describe our work in exploring whether model extraction constitutes a realistic threat. I will also discuss possible countermeasures, focussing on deterrence mechanisms that allow for the verification of ownership of ML models.