Machine learning as a Service (MLaaS) allows users to query the machine learning model in an API manner, which provides an opportunity for users to enjoy the benefits brought by the high-performance model trained on valuable data. This interface boosts the proliferation of machine learning based applications, while on the other hand, it introduces the attack surface for model stealing attacks. Existing model stealing attacks have relaxed their attack assumptions to the data-free setting, while keeping the effectiveness. However, these methods are complex and consist of several components, which obscure the core on which the attack really depends. In this paper, we revisit the model stealing problem from a diversity perspective and demonstrate that keeping the generated data samples more diverse across all the classes is the critical point for improving the attack performance. Based on this conjecture, we provide a simplified attack framework. We empirically signify our conjecture by evaluating the effectiveness of our attack, and experimental results show that our approach is able to achieve comparable or even better performance compared with the state-of-the-art method. Furthermore, benefiting from the absence of redundant components, our method demonstrates its advantages in attack efficiency and query budget.

翻译：机器学习即服务（MLaaS）允许用户通过API方式查询机器学习模型，这为用户享受基于有价值数据训练的高性能模型带来的益处提供了机会。这种接口在促进基于机器学习的应用程序蓬勃发展之际，同时也引入了模型窃取攻击的攻击面。现有模型窃取攻击已将攻击假设放宽至无数据场景，同时保持了攻击有效性。然而，这些方法结构复杂且包含多个组件，掩盖了攻击真正依赖的核心要素。本文从多样性视角重新审视模型窃取问题，论证了在所有类别间保持生成数据样本的多样性是提升攻击性能的关键。基于这一假设，我们提出了一种简化的攻击框架。通过评估攻击效果，我们以实验验证了这一假设：实验结果表明，与当前最先进方法相比，我们的方法能够达到相当甚至更优的攻击性能。此外，由于去除了冗余组件，我们的方法在攻击效率和查询预算方面展现出显著优势。