Increasing the Cost of Model Extraction with Calibrated Proof of Work

Dziedzic, Adam; Kaleem, Muhammad Ahmad; Lu, Yu Shen; Papernot, Nicolas

doi:10.48550/arxiv.2201.09243

Cited by 1 publication

(1 citation statement)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Proactive defense is a technique that increases the attacker's burden by imposing some form of cost on the users who query the model. For example, there are techniques that use Proof of Work [11,12], which requires computation, to demand costs in terms of electricity or time from attackers. This technique makes it difficult for attackers to acquire many input-output relationships at a low cost and is a method that does not affect output accuracy for non-attackers.…”

Section: Introductionmentioning

confidence: 99%

Proof of Spacetime as a Defensive Technique Against Model Extraction Attacks

Fukuda¹

2023

IJACSA

View full text Add to dashboard Cite

When providing a service that utilizes a machine learning model, the countermeasures against cyber-attacks are required. The model extraction attack is one of the attacks, in which an attacker attempts to replicate the model by obtaining a large number of input-output pairs. While a defense using Proof of Work has already been proposed, an attacker can still conduct model extraction attacks by increasing their computational power. Moreover, this approach leads to unnecessary energy consumption and might not be environmentally friendly. In this paper, the defense method using Proof of Spacetime instead of Proof of Work is proposed to reduce the energy consumption. The Proof of Spacetime is a method to impose spatial and temporal costs on the users of the service. While the Proof of Work makes a user to calculate until permission is granted, the Proof of Spacetime makes a user to keep a result of calculation, so the energy consumption is reduced. Through computer simulations, it was found that systems with Proof of Spacetime, compared to those with Proof of Work, impose 0.79 times the power consumption and 1.07 times the temporal cost on the attackers, while 0.73 times and 0.64 times on the non-attackers. Therefore, the system with Proof of Spacetime can prevent model extraction attacks with lower energy consumption.

show abstract

Section: Introductionmentioning

confidence: 99%

Proof of Spacetime as a Defensive Technique Against Model Extraction Attacks

Fukuda¹

2023

IJACSA

View full text Add to dashboard Cite

show abstract

Increasing the Cost of Model Extraction with Calibrated Proof of Work

Cited by 1 publication

References 19 publications

Proof of Spacetime as a Defensive Technique Against Model Extraction Attacks

Proof of Spacetime as a Defensive Technique Against Model Extraction Attacks

Contact Info

Product

Resources

About