CREDIT: Certified Defense of Deep Neural Networks against Model Extraction Attacks (Oct 21)

Abstract: Machine Learning as a Service (MLaaS) has become a widely adopted method for delivering deep neural network (DNN) models, allowing users to conveniently access models via APIs. However, such services have been shown to be highly vulnerable to Model Extraction Attacks (MEAs). While numerous defense strategies have been proposed, verifying the ownership of a suspicious model with strict theoretical guarantees remains a challenging task. To address this gap, we introduce CREDIT a certified defense against MEAS. Specifically, we employ mutual information to quantify the similarity between DNN models, propose a practical verification threshold, and provide rigorous theoretical guarantees for ownership verification based on this threshold. We extensively evaluate our approach on several mainstream datasets and achieve state-of-the-art performance. Our implementation is publicly available at: https://anonymous.4open.science/r/CREDIT.

Biographical Sketch: I am a first-year Ph.D. student in the Computer Science Department at Florida State University, fortunate to be advised by Prof. Yushun Dong. My research focuses on graph learning and data mining. Previously, I obtained my master’s degree in Electrical and Computer Engineering from the University of Michigan Ann Arbor and bachelor’s degree in Computer Science from North China Electric Power University.

Location: LOV 307 (In Person Only)