Question 1

What is Model Extraction Attack?

Accepted Answer

An attack where an adversary creates a functionally equivalent copy of an ML model through systematic API queries. The attacker sends crafted inputs to the API and uses outputs to train a surrogate model. Decision-based and score-based attacks exist. Countermeasures: rate limiting, output perturbation, watermarking.

Question 2

How does Model Extraction Attack work?

Accepted Answer

The attacker sends crafted inputs to the API and uses outputs to train a surrogate model. Decision-based and score-based attacks exist. Countermeasures: rate limiting, output perturbation, watermarking.

Question 3

Why is Model Extraction Attack important for marketing?

Accepted Answer

For API-based AI products (chatbots, classifiers), model extraction is an IP risk – competitors can copy models cost-effectively.

Question 4

How is Model Extraction Attack used in practice?

Accepted Answer

A competitor uses 100,000 API calls to your sentiment classifier to train a local model with 95% agreement – without their own training data.

Question 5

What are common mistakes with Model Extraction Attack?

Accepted Answer

Complete protection is impossible with public APIs. Rate limiting alone isn't enough. Watermarking can be removed through fine-tuning.

Question 6

Where does Model Extraction Attack come from?

Accepted Answer

Tramèr et al. (2016) demonstrated model extraction against BigML and Amazon ML. Orekondy et al. (2019) demonstrated Knockoff Nets. Krishna et al. (2020) extracted BERT models. The topic grows with LLM APIs.

Model Extraction Attack

Explanation

Marketing Relevance

Example

Common Pitfalls

Origin & History

Comparisons & Differences

Model Extraction Attack vs. Membership Inference

Further Resources

Related Services

Related Terms