	US 11,921,861 B2
	Providing the status of model extraction in the presence of colluding users
Manish Kesarwani, Bangalore (IN); Vijay Arya, Bangalore (IN); and Sameep Mehta, New Delhi (IN)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on May 21, 2018, as Appl. No. 15/984,660.
Prior Publication US 2019/0354687 A1, Nov. 21, 2019
Int. Cl. G06N 3/08 (2023.01); G06F 16/245 (2019.01); G06F 21/57 (2013.01); G06N 3/042 (2023.01)

CPC G06F 21/577 (2013.01) [G06F 16/245 (2019.01); G06N 3/042 (2023.01); G06N 3/08 (2013.01); G06F 2221/033 (2013.01)]

7 Claims

1. A computer-implemented method, the method comprising:

generating, for each of multiple users, a summary of user input to a machine learning model, wherein each of the generated summaries is represented as a polyhedron in an n-dimensional space, wherein the polyhedra comprise minimum bounding polyhedra and are designed to reduce storage space needs and time complexity by representing user-submitted query and query-response pairs using the polyhedra, wherein faces of the polyhedral are minimized to match, in number, query feature dimensions in the n-dimensional space, wherein the n-dimensional space comprises three or more dimensions and is defined based at least in part on a number of query features related to the user input, and wherein generating the summary is carried out in connection with processing the user input using the machine learning model and generating one or more machine learning model outputs in response to the user input, wherein generating the one or more machine learning model outputs comprises determining one of multiple query feature classes into which the user input is classified, and wherein the multiple query feature classes are represented using the polyhedra;

generating one or more combinations of two or more summaries via combining two or more of the corresponding polyhedra;

comparing the one or more combinations of the polyhedra, to multiple feature class boundaries of the machine learning model, wherein the multiple feature class boundaries are represented as polyhedra formed by partitioning an input space of the machine learning model;

computing, in polynomial time, one or more polyhedral correspondence metrics based at least in part on said comparing, wherein computing the one or more polyhedral correspondence metrics comprises at least one of calculating aggregate overlap of the polyhedra associated with the multiple users and the polyhedra associated with the machine learning model, and calculating distance of boundaries of the polyhedra associated with the multiple users from one or more decision boundaries of the machine learning model;

identifying, based at least in part on the one or more computed polyhedral correspondence metrics, two or more of the multiple users as candidates for extracting, together in collaboration, one or more portions of the machine learning model in an adversarial manner;

generating and outputting an alert, based on the two or more identified users, to at least one entity related to the machine learning model, wherein the alert comprises an amount of the machine learning model that can be extracted by the two or more identified users in collaboration; and

automatically modifying at least one pricing function associated with the machine learning model in response to the identification of the two or more users as candidates for extracting one or more portions of the machine learning model in an adversarial manner;

wherein the method is carried out by at least one computing device comprising a processor coupled to a memory; and

wherein the machine learning model is implemented by the processor and the memory of the at least computing device.