SwiftTheft: A Time-Efficient Model Extraction Attack Framework Against Cloud-Based Deep Neural Networks

With the rise of artificial intelligence and cloud computing, machine-learning-as-a-service platforms, such as Google, Amazon, and IBM, have emerged to provide sophisticated tasks for cloud applications. These proprietary models are vulnerable to model extraction attacks due to their commercial value. In this paper, we propose a time-efficient model extraction attack framework called SwiftTheft that aims to steal the functionality of cloud-based deep neural network models. We distinguish SwiftTheft from the existing works with a novel distribution estimation algorithm and reference model settings, finding the most informative query samples without querying the victim model. The selected query samples can be applied to various cloud models with a one-time selection. We evaluate our proposed method through extensive experiments on three victim models and six datasets, with up to 16 models for each dataset. Compared to the existing attacks, SwiftTheft increases agreement (i.e., similarity) by 8% while consuming 98% less selecting time.