Student surpasses teacher: imitation attack for black-box NLP APIs

Qiongkai Xu; Xuanli He; Lingjuan Lyu; Lizhen Qu; Gholamreza Haffari

Student surpasses teacher: imitation attack for black-box NLP APIs

Qiongkai Xu^*, Xuanli He, Lingjuan Lyu, Lizhen Qu, Gholamreza Haffari

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

11 Citations (Scopus)

Abstract

Machine-learning-as-a-service (MLaaS) has attracted millions of users to their splendid large-scale models. Although published as black-box APIs, the valuable models behind these services are still vulnerable to imitation attacks. Recently, a series of works have demonstrated that attackers manage to steal or extract the victim models. Nonetheless, none of the previous stolen models can outperform the original black-box APIs. In this work, we conduct unsupervised domain adaptation and multi-victim ensemble to showing that attackers could potentially surpass victims, which is beyond previous understanding of model extraction. Extensive experiments on both benchmark datasets and real-world APIs validate that the imitators can succeed in outperforming the original black-box models on transferred domains. We consider our work as a milestone in the research of imitation attack, especially on NLP APIs, as the superior performance could influence the defense or even publishing strategy of API providers.

Original language	English
Title of host publication	Proceedings of the 29th International Conference on Computational Linguistics
Place of Publication	New York
Publisher	International Committee on Computational Linguistics
Pages	2849-2860
Number of pages	12
Publication status	Published - 2022
Externally published	Yes
Event	29th International Conference on Computational Linguistics, COLING 2022 - Gyeongju, Korea, Republic of Duration: 12 Oct 2022 → 17 Oct 2022

Publication series

Name
ISSN (Electronic)	2951-2093

Conference

Conference	29th International Conference on Computational Linguistics, COLING 2022
Country/Territory	Korea, Republic of
City	Gyeongju
Period	12/10/22 → 17/10/22

Access to Document

https://aclanthology.org/2022.coling-1.251Licence: Unspecified

Cite this

@inproceedings{74c8ed8e6025401fa4842504f1679c6c,

title = "Student surpasses teacher: imitation attack for black-box NLP APIs",

abstract = "Machine-learning-as-a-service (MLaaS) has attracted millions of users to their splendid large-scale models. Although published as black-box APIs, the valuable models behind these services are still vulnerable to imitation attacks. Recently, a series of works have demonstrated that attackers manage to steal or extract the victim models. Nonetheless, none of the previous stolen models can outperform the original black-box APIs. In this work, we conduct unsupervised domain adaptation and multi-victim ensemble to showing that attackers could potentially surpass victims, which is beyond previous understanding of model extraction. Extensive experiments on both benchmark datasets and real-world APIs validate that the imitators can succeed in outperforming the original black-box models on transferred domains. We consider our work as a milestone in the research of imitation attack, especially on NLP APIs, as the superior performance could influence the defense or even publishing strategy of API providers.",

author = "Qiongkai Xu and Xuanli He and Lingjuan Lyu and Lizhen Qu and Gholamreza Haffari",

year = "2022",

language = "English",

publisher = "International Committee on Computational Linguistics",

pages = "2849--2860",

booktitle = "Proceedings of the 29th International Conference on Computational Linguistics",

note = "29th International Conference on Computational Linguistics, COLING 2022 ; Conference date: 12-10-2022 Through 17-10-2022",

}

Xu, Q, He, X, Lyu, L, Qu, L & Haffari, G 2022, Student surpasses teacher: imitation attack for black-box NLP APIs. in Proceedings of the 29th International Conference on Computational Linguistics. International Committee on Computational Linguistics, New York, pp. 2849-2860, 29th International Conference on Computational Linguistics, COLING 2022, Gyeongju, Korea, Republic of, 12/10/22. <https://aclanthology.org/2022.coling-1.251>

Student surpasses teacher: imitation attack for black-box NLP APIs. / Xu, Qiongkai; He, Xuanli; Lyu, Lingjuan et al.
Proceedings of the 29th International Conference on Computational Linguistics. New York: International Committee on Computational Linguistics, 2022. p. 2849-2860.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Student surpasses teacher

T2 - 29th International Conference on Computational Linguistics, COLING 2022

AU - Xu, Qiongkai

AU - He, Xuanli

AU - Lyu, Lingjuan

AU - Qu, Lizhen

AU - Haffari, Gholamreza

PY - 2022

Y1 - 2022

N2 - Machine-learning-as-a-service (MLaaS) has attracted millions of users to their splendid large-scale models. Although published as black-box APIs, the valuable models behind these services are still vulnerable to imitation attacks. Recently, a series of works have demonstrated that attackers manage to steal or extract the victim models. Nonetheless, none of the previous stolen models can outperform the original black-box APIs. In this work, we conduct unsupervised domain adaptation and multi-victim ensemble to showing that attackers could potentially surpass victims, which is beyond previous understanding of model extraction. Extensive experiments on both benchmark datasets and real-world APIs validate that the imitators can succeed in outperforming the original black-box models on transferred domains. We consider our work as a milestone in the research of imitation attack, especially on NLP APIs, as the superior performance could influence the defense or even publishing strategy of API providers.

AB - Machine-learning-as-a-service (MLaaS) has attracted millions of users to their splendid large-scale models. Although published as black-box APIs, the valuable models behind these services are still vulnerable to imitation attacks. Recently, a series of works have demonstrated that attackers manage to steal or extract the victim models. Nonetheless, none of the previous stolen models can outperform the original black-box APIs. In this work, we conduct unsupervised domain adaptation and multi-victim ensemble to showing that attackers could potentially surpass victims, which is beyond previous understanding of model extraction. Extensive experiments on both benchmark datasets and real-world APIs validate that the imitators can succeed in outperforming the original black-box models on transferred domains. We consider our work as a milestone in the research of imitation attack, especially on NLP APIs, as the superior performance could influence the defense or even publishing strategy of API providers.

UR - http://www.scopus.com/inward/record.url?scp=85140791539&partnerID=8YFLogxK

M3 - Conference proceeding contribution

SP - 2849

EP - 2860

BT - Proceedings of the 29th International Conference on Computational Linguistics

PB - International Committee on Computational Linguistics

CY - New York

Y2 - 12 October 2022 through 17 October 2022

ER -

Student surpasses teacher: imitation attack for black-box NLP APIs

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this