Self-supervised learning (SSL) speech models generate meaningful representations of given clips and achieve incredible performance across various downstream tasks. Model extraction attack (MEA) often refers to an adversary stealing the functionality of the victim model with only query access. In this work, we study the MEA problem against SSL speech model with a small number of queries. We propose a two-stage framework to extract the model. In the first stage, SSL is conducted on the large-scale unlabeled corpus to pre-train a small speech model. Secondly, we actively sample a small portion of clips from the unlabeled corpus and query the target model with these clips to acquire their representations as labels for the small model's second-stage training. Experiment results show that our sampling methods can effectively extract the target model without knowing any information about its model architecture.
翻译:自我监督的学习语言模型(SSL) 语言模型对给定的剪辑进行了有意义的描述,并在各种下游任务中取得了令人难以置信的成绩。 模型提取攻击(MEA) 通常指对手盗用受害者模型的功能,只有查询访问。 在这项工作中,我们用少量的查询来研究以SSL语言模型为对象的MEA问题。 我们提出一个用于提取模型的两阶段框架。 在第一阶段, SSL 是在大型无标签的文体上进行, 以预演一个小型演讲模型。 其次, 我们积极从无标签的文体中抽取一小部分剪辑, 用这些剪辑来查询目标模型, 以获取它们作为小型模型第二阶段培训的标签。 实验结果显示,我们的取样方法可以有效地提取目标模型, 却不知道任何关于模型结构的信息 。
相关内容
微信扫码咨询专知VIP会员