Tushar Nayan, Qiming Guo, and Mohammed Al Duniawi, Florida International University; Marcus Botacin, Texas A&M University; Selcuk Uluagac and Ruimin Sun, Florida International University
On-device ML is increasingly used in different applications. It brings convenience to offline tasks and avoids sending user-private data through the network. On-device ML models are valuable and may suffer from model extraction attacks from different categories. Existing studies lack a deep understanding of on-device ML model security, which creates a gap between research and practice. This paper provides a systematization approach to classify existing model extraction attacks and defenses based on different threat models. We evaluated well known research projects from existing work with real-world ML models, and discussed their reproducibility, computation complexity, and power consumption. We identified the challenges for research projects in wide adoption in practice. We also provided directions for future research in ML model extraction security.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Tushar Nayan and Qiming Guo and Mohammed Al Duniawi and Marcus Botacin and Selcuk Uluagac and Ruimin Sun},
title = {{SoK}: All You Need to Know About {On-Device} {ML} Model Extraction - The Gap Between Research and Practice},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {5233--5250},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/nayan},
publisher = {USENIX Association},
month = aug
}