MeaeQ: Mount Model Extraction Attacks with Efficient Queries
Submission Type: Regular Long Paper
Submission Track: Ethics in NLP
Submission Track 2: Efficient Methods for NLP
Keywords: Model Extraction Attack; Efficient Query Sampling Strategy; Limited Query Budgets
TL;DR: We propose a effective and low-cost method for model extraction attacks in NLP where attackers can steal victim models by repeatedly querying the open APIs.
Abstract: We study model extraction attacks in natural language processing (NLP) where attackers aim to steal victim models by repeatedly querying the open Application Programming Interfaces (APIs). Recent works focus on limited-query budget settings and adopt random sampling or active learning-based sampling strategies on publicly available, unannotated data sources. However, these methods often result in selected queries that lack task relevance and data diversity, leading to limited success in achieving satisfactory results with low query costs. In this paper, we propose MeaeQ (Model extraction attack with efficient Queries), a straightforward yet effective method to address these issues. Specifically, we initially utilize a zero-shot sequence inference classifier, combined with API service information, to filter task-relevant data from a public text corpus instead of a problem domain-specific dataset. Furthermore, we employ a clustering-based data reduction technique to obtain representative data as queries for the attack. Extensive experiments conducted on four benchmark datasets demonstrate that MeaeQ achieves higher functional similarity to the victim model than baselines while requiring fewer queries.
Submission Number: 556
Loading