Search for: All records

Machine learning is being increasingly used by individuals, research institutions, and corporations. This has resulted in the surge of Machine Learning-as-a-Service (MLaaS) - cloud services that provide (a) tools and resources to learn the model, and (b) a user-friendly query interface to access the model. However, such MLaaS systems raise privacy concerns such as model extraction. In model extraction attacks, adversaries mali- ciously exploit the query interface to steal the model. More precisely, in a model extraction attack, a good approximation of a sensitive or propri- etary model held by the server is extracted (i.e. learned) by a dishonest user who interacts with the server only via the query interface. This attack was introduced by Tramèr et al. at the 2016 USENIX Security Symposium, where practical attacks for various models were shown. We believe that better understanding the efficacy of model extraction attacks is paramount to designing secure MLaaS systems. To that end, we take the first step by (a) formalizing model extraction and discussing possible defense strategies, and (b) drawing parallels between model extraction and established area of active learning. In particular, we show that re- cent advancements in the active learning domain can be used to imple- ment powerful model extraction attacks, and investigate possible defense strategies. 

Machine learning is being increasingly used by individu- als, research institutions, and corporations. This has resulted in the surge of Machine Learning-as-a-Service (MLaaS) - cloud services that provide (a) tools and resources to learn the model, and (b) a user-friendly query interface to access the model. However, such MLaaS systems raise concerns such as model extraction. In model extraction attacks, adversaries maliciously exploit the query interface to steal the model. More precisely, in a model extraction attack, a good approxi- mation of a sensitive or proprietary model held by the server is extracted (i.e. learned) by a dishonest user who interacts with the server only via the query interface. This attack was introduced by Tramèr et al. at the 2016 USENIX Security Symposium, where practical attacks for various models were shown. We believe that better understanding the efficacy of model extraction attacks is paramount to designing secure MLaaS systems. To that end, we take the first step by (a) formalizing model extraction and discussing possible defense strategies, and (b) drawing parallels between model extraction and established area of active learning. In particular, we show that recent advancements in the active learning domain can be used to implement powerful model extraction attacks, and investigate possible defense strategies. 

We present photometric and spectroscopic data on three extragalactic luminous red novae (LRNe): AT 2018bwo , AT 2021afy , and AT 2021blu . AT 2018bwo was discovered in NGC 45 (at about 6.8 Mpc) a few weeks after the outburst onset. During the monitoring period, the transient reached a peak luminosity of 10 40 erg s −1 . AT 2021afy , hosted by UGC 10043 (∼49.2 Mpc), showed a double-peaked light curve, with the two peaks reaching a similar luminosity of 2.1(±0.6)×10 41 erg s −1 . Finally, for AT 2021blu in UGC 5829 (∼8.6 Mpc), the pre-outburst phase was well-monitored by several photometric surveys, and the object showed a slow luminosity rise before the outburst. The light curve of AT 2021blu was sampled with an unprecedented cadence until the object disappeared behind the Sun, and it was then recovered at late phases. The light curve of LRN AT 2021blu shows a double peak, with a prominent early maximum reaching a luminosity of 6.5 × 10 40 erg s −1 , which is half of that of AT 2021afy . The spectra of AT 2021afy and AT 2021blu display the expected evolution for LRNe: a blue continuum dominated by prominent Balmer lines in emission during the first peak, and a redder continuum consistent with that of a K-type star with narrow absorption metal lines during the second, broad maximum. The spectra of AT 2018bwo are markedly different, with a very red continuum dominated by broad molecular features in absorption. As these spectra closely resemble those of LRNe after the second peak, AT 2018bwo was probably discovered at the very late evolutionary stages. This would explain its fast evolution and the spectral properties compatible with that of an M-type star. From the analysis of deep frames of the LRN sites years before the outburst, and considerations of the light curves, the quiescent progenitor systems of the three LRNe were likely massive, with primaries ranging from about 13 M ⊙ for AT 2018bwo , to 14 −1 +4 M ⊙ for AT 2021blu , and over 40 M ⊙ for AT 2021afy . 

Counterfactual learning from observational data involves learning a classifier on an entire population based on data that is observed conditioned on a selection policy. This work considers this problem in an active setting, where the learner additionally has access to unlabeled examples and can choose to get a subset of these labeled by an oracle. Prior work on this problem uses disagreement-based active learning, along with an importance weighted loss estimator to account for counterfactuals, which leads to a high label complexity. We show how to instead incorporate a more efficient counterfactual risk minimizer into the active learning algorithm. This requires us to modify both the counterfactual risk to make it amenable to active learning, as well as the active learning process to make it amenable to the risk. We provably demonstrate that the result of this is an algorithm which is statistically consistent as well as more label-efficient than prior work.