MDV: Resolving the Auxiliary Data Dilemma in Model Extraction Defenses
Summary
Model extraction attacks (MEA, where attackers steal the functionality of AI models by creating a clone with similar behavior) are a security threat that defenders counter by using auxiliary data to make the victim model give misleading predictions. However, realistic auxiliary data is hard to obtain, gives inconsistent protection, and doesn't protect all data categories equally. The paper proposes MDV (Model Defense Variational Autoencoder, a machine learning technique that generates synthetic data rather than using real data) to create virtual auxiliary data that effectively addresses all three problems.
Solution / Mitigation
The proposed solution is to use Model Defense Variational Autoencoder (MDV) to generate virtual auxiliary data as a replacement for realistic auxiliary data. MDV combines a Variational Autoencoder (VAE, a machine learning model that generates new synthetic data similar to training data) and a classifier, forcing learned features to follow different statistical distributions by category, then samples synthetic data from low-likelihood regions of these distributions to use as auxiliary data in defense methods.
Classification
Related Issues
Original source: http://ieeexplore.ieee.org/document/11527392
First tracked: June 4, 2026 at 08:03 PM
Classified by LLM (prompt v3) · confidence: 85%