While deep learning models have shown significant performance across various domains, their deployment needs extensive resources and advanced computing infrastructure. As a solution, Machine Learning as a Service (MLaaS) has emerged, lowering the barriers for users to release or productize their deep learning models. However, previous studies have highlighted potential privacy and security concerns associated with MLaaS, and one primary threat is model extraction attacks. To address this, there are many defense solutions but they suffer from unrealistic assumptions and generalization issues, making them less practical for reliable protection. Driven by these limitations, we introduce a novel defense mechanism, SAME, based on the concept of sample reconstruction. This strategy imposes minimal prerequisites on the defender's capabilities, eliminating the need for auxiliary Out-of-Distribution (OOD) datasets, user query history, white-box model access, and additional intervention during model training. It is compatible with existing active defense methods. Our extensive experiments corroborate the superior efficacy of SAME over state-of-the-art solutions. Our code is available at https://github.com/xythink/SAME.

翻译：尽管深度学习模型在多个领域展现出卓越性能，但其部署需要大量资源和先进计算基础设施。作为解决方案，机器学习即服务（MLaaS）应运而生，降低了用户发布或产品化深度学习模型的门槛。然而，已有研究指出MLaaS存在隐私与安全风险，其中主要威胁之一是模型提取攻击。为应对该问题，现有防御方案虽多，却受限于不切实际的假设和泛化能力不足，导致难以提供可靠的实用保护。针对这些局限，我们提出基于样本重建概念的新型防御机制SAME。该策略对防御方能力要求极低，无需依赖辅助分布外（OOD）数据集、用户查询历史、白盒模型访问权限，也无需在模型训练阶段进行额外干预，且兼容现有主动防御方法。大量实验证明，SAME在性能上显著优于现有最优方案。代码开源地址：https://github.com/xythink/SAME。