Deep learning models are usually black boxes when deployed on machine learning platforms. Prior works have shown that the attributes ($e.g.$, the number of convolutional layers) of a target black-box neural network can be exposed through a sequence of queries. There is a crucial limitation: these works assume the dataset used for training the target model to be known beforehand and leverage this dataset for model attribute attack. However, it is difficult to access the training dataset of the target black-box model in reality. Therefore, whether the attributes of a target black-box model could be still revealed in this case is doubtful. In this paper, we investigate a new problem of Domain-agnostic Reverse Engineering the Attributes of a black-box target Model, called DREAM, without requiring the availability of the target model's training dataset, and put forward a general and principled framework by casting this problem as an out of distribution (OOD) generalization problem. In this way, we can learn a domain-agnostic model to inversely infer the attributes of a target black-box model with unknown training data. This makes our method one of the kinds that can gracefully apply to an arbitrary domain for model attribute reverse engineering with strong generalization ability. Extensive experimental studies are conducted and the results validate the superiority of our proposed method over the baselines.

翻译：深度学习模型在部署到机器学习平台时通常是黑盒的。已有研究表明，通过一系列查询可以揭示目标黑盒神经网络的属性（例如卷积层数量）。但这些工作存在一个关键局限：它们假设目标模型训练所用的数据集是已知的，并利用该数据集进行模型属性攻击。然而，现实中难以获取目标黑盒模型的训练数据集。因此，在这种情况下目标黑盒模型的属性是否仍能被揭示是存疑的。本文研究了一个新问题：无需目标模型训练数据集即可对黑盒目标模型进行领域无关的逆向工程属性分析，即DREAM方法。我们通过将该问题建模为分布外（OOD）泛化问题，提出了一种通用且原则性的框架。通过这种方式，我们能够学习一个领域无关的模型，在未知训练数据的情况下逆向推断目标黑盒模型的属性。这使得我们的方法成为唯一一类能够优雅适用于任意领域进行模型属性逆向工程并具有强泛化能力的方法。大量实验研究验证了我们方法相对于基线的优越性。