Increasing the Cost of Model Extraction with Calibrated Proof of Work. (arXiv:2201.09243v2 [cs.CR] UPDATED)

In model extraction attacks, adversaries can steal a machine learning model
exposed via a public API by repeatedly querying it and adjusting their own
model based on obtained predictions. To prevent model stealing, existing
defenses focus on detecting malicious queries, truncating, or distorting
outputs, thus necessarily introducing a tradeoff between robustness and model
utility for legitimate users. Instead, we propose to impede model extraction by
requiring users to complete a proof-of-work before they can read the model's
predictions. This deters …

cost work