Open Source Security Atlas

prada-protecting-against-dnn-model-stealing-attacks: An Open Source Tool for AI & Machine Learning Security | Open Source Security Atlas

Back to Browse

AI & Machine Learning Security

Tool

prada-protecting-against-dnn-model-stealing-attacks

PRADA is a defense tool that protects deep neural network models from model stealing attacks by monitoring and detecting suspicious query patterns.

View on GitHub

About This Tool

Reference implementation of the PRADA model stealing defense. IEEE Euro S&P 2019.

Primary Use Case

This tool is used to safeguard AI models deployed as services from unauthorized extraction attempts by adversaries. Security researchers and AI practitioners can integrate PRADA to detect and mitigate model stealing attacks, ensuring the intellectual property and integrity of their DNN models remain protected.

Key Features

Reference implementation of PRADA defense against DNN model stealing
Self-contained defense agent for monitoring model queries
Wrapper for querying models through the defense agent
Supports integration with PyTorch models
Interactive querying mode for testing and experimentation
Includes a simple POST client for sending image queries
Demonstrated in IEEE Euro S&P 2019 research

Insights & Recommendations

Ensure your PyTorch model is importable and compatible with the defense agent. The tool requires a running Flask server to serve model predictions and monitor queries. Use the interactive mode for experimentation and adapt the code comments for integrating your own models and datasets.

Installation

Install Python 3
Install PyTorch
Install torchvision
Install numpy
Install scipy
Install matplotlib
Install flask
Install requests

Usage

python main.py

Starts the interactive querying mode with the defense agent.

python client.py server_url image_file

Sends an image query to the model served through the defense agent; by default, the server URL is http://localhost:8080/predict.

py client.py http://localhost:8080/predict cat.ppm

Example command to query the model with the image file 'cat.ppm' using the included client.

Smart Usage Notes

Integrate PRADA with AI model deployment pipelines for real-time query monitoring and alerting.
Combine with anomaly detection systems to enhance detection of novel model extraction techniques.
Use in purple team exercises to simulate and detect model stealing attack scenarios.
Leverage PRADA's query pattern analysis to inform adaptive rate-limiting and access controls.
Extend PRADA to support additional ML frameworks beyond PyTorch for broader applicability.