Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Survey of Model Extraction Attacks and Defenses in Distributed Computing Environments

Kaixiang Zhao, Lincan Li, Kaize Ding, Neil Zhenqiang Gong, Yue Zhao, Yushun Dong

TL;DR

The paper addresses the threat of model extraction attacks (MEAs) in distributed ML when deployed in cloud, edge, and federated learning environments. It offers a cross-environment taxonomy that links attack surfaces, threat models, and defense mechanisms, and discusses unified evaluation measures to compare defenses. Concrete considerations are provided for cloud MLaaS (API-based exposure), edge devices (physical access and side channels), and federated learning (gradient leakage and secure aggregation). The authors outline future directions toward adaptive, cross-paradigm defenses, standardized evaluation protocols, and regulatory/ethical governance, aiming to safeguard intellectual property and privacy across diverse deployment contexts.

Abstract

Model Extraction Attacks (MEAs) threaten modern machine learning systems by enabling adversaries to steal models, exposing intellectual property and training data. With the increasing deployment of machine learning models in distributed computing environments, including cloud, edge, and federated learning settings, each paradigm introduces distinct vulnerabilities and challenges. Without a unified perspective on MEAs across these distributed environments, organizations risk fragmented defenses, inadequate risk assessments, and substantial economic and privacy losses. This survey is motivated by the urgent need to understand how the unique characteristics of cloud, edge, and federated deployments shape attack vectors and defense requirements. We systematically examine the evolution of attack methodologies and defense mechanisms across these environments, demonstrating how environmental factors influence security strategies in critical sectors such as autonomous vehicles, healthcare, and financial services. By synthesizing recent advances in MEAs research and discussing the limitations of current evaluation practices, this survey provides essential insights for developing robust and adaptive defense strategies. Our comprehensive approach highlights the importance of integrating protective measures across the entire distributed computing landscape to ensure the secure deployment of machine learning models.

A Survey of Model Extraction Attacks and Defenses in Distributed Computing Environments

TL;DR

The paper addresses the threat of model extraction attacks (MEAs) in distributed ML when deployed in cloud, edge, and federated learning environments. It offers a cross-environment taxonomy that links attack surfaces, threat models, and defense mechanisms, and discusses unified evaluation measures to compare defenses. Concrete considerations are provided for cloud MLaaS (API-based exposure), edge devices (physical access and side channels), and federated learning (gradient leakage and secure aggregation). The authors outline future directions toward adaptive, cross-paradigm defenses, standardized evaluation protocols, and regulatory/ethical governance, aiming to safeguard intellectual property and privacy across diverse deployment contexts.

Abstract

Model Extraction Attacks (MEAs) threaten modern machine learning systems by enabling adversaries to steal models, exposing intellectual property and training data. With the increasing deployment of machine learning models in distributed computing environments, including cloud, edge, and federated learning settings, each paradigm introduces distinct vulnerabilities and challenges. Without a unified perspective on MEAs across these distributed environments, organizations risk fragmented defenses, inadequate risk assessments, and substantial economic and privacy losses. This survey is motivated by the urgent need to understand how the unique characteristics of cloud, edge, and federated deployments shape attack vectors and defense requirements. We systematically examine the evolution of attack methodologies and defense mechanisms across these environments, demonstrating how environmental factors influence security strategies in critical sectors such as autonomous vehicles, healthcare, and financial services. By synthesizing recent advances in MEAs research and discussing the limitations of current evaluation practices, this survey provides essential insights for developing robust and adaptive defense strategies. Our comprehensive approach highlights the importance of integrating protective measures across the entire distributed computing landscape to ensure the secure deployment of machine learning models.

Paper Structure

This paper contains 10 sections, 10 equations, 1 figure, 1 table.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Model Extraction Basics
  4. Computing Environment Overview
  5. Model Extraction in Cloud Computing
  6. Model Extraction in Edge Computing
  7. Model Extraction in Federated Learning
  8. Evaluation Measures
  9. Challenges and Future Directions
  10. Conclusion

Figures (1)

  • Figure 1: Illustration of model extraction under different distributed computing environments.