Providing the Status of Model Extraction in the Presence of Colluding Users

摘要

Methods, systems, and computer program products for providing the status of model extraction in the presence of colluding users are provided herein. A computer-implemented method includes generating, for each of multiple users, a summary of user input to a machine learning model; comparing the generated summaries to boundaries of multiple feature classes within an input space of the machine learning model; computing correspondence metrics based at least in part on the comparisons; identifying, based at least in part on the computed metrics, one or more of the multiple users as candidates for extracting portions of the machine learning model in an adversarial manner; and generating and outputting an alert, based on the identified users, to an entity related to the machine learning model.