FIG.03
Model Extraction
Adversarial querying of an API to replicate a proprietary model. Analysis of query strategies, telemetry checkpoints, and defensive countermeasures.
Threat Model Scope
Black-Box API
Query Synthesis
Query Budget
Query Strategy
Random Sampling
Querying with randomly generated inputs from the domain.
Efficiency: LOW
Stealth: HIGH
Adaptive Probing
Using previous responses to guide the next query generation.
Efficiency: MED
Stealth: MED
Boundary Search
Targeting queries near the decision boundary for maximum information.
Efficiency: HIGH
Stealth: LOW
Distillation
Using a proxy dataset to query and train a student model.
Efficiency: HIGH
Stealth: MED
API INTERACTION TIMELINE
Attacker
Batch Query Q_0
N=1000 samples
Telemetry
Log: Source IP, Timestamp
Rate Limiter
Check: Q/sec < Threshold
PASS
Adaptive Query Q_i
High variance inputs
Anomaly Detection
Warning: OOD Distribution
Defense Triggered
Action: Throttling / Block
Impact Matrix
IP Loss
Proprietary model weights or architecture effectively cloned.
Security Risk
Surrogate model enables white-box adversarial attacks.
Replication Fidelity
High task accuracy achieved with minimal query budget.
Countermeasures
Surrogate Model Convergence
Loss vs Query Count for different extraction strategies
Random
Boundary
Distillation