![[2602.20419] CREDIT: Certified Ownership Verification of Deep Neural Networks Against Model Extraction Attacks](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.20419] CREDIT: Certified Ownership Verification of Deep Neural Networks Against Model Extraction Attacks
Summary
The paper introduces CREDIT, a method for certified ownership verification of deep neural networks to combat model extraction attacks, ensuring robust model security.
Why It Matters
As Machine Learning as a Service (MLaaS) grows, the risk of model extraction attacks increases. CREDIT addresses the critical need for ownership verification, providing a theoretical framework that enhances security for DNN models, which is vital for developers and organizations relying on ML services.
Key Takeaways
- CREDIT offers a certified method for verifying ownership of DNNs.
- It employs mutual information to assess model similarity effectively.
- The approach provides rigorous theoretical guarantees for ownership verification.
- Extensive evaluations demonstrate state-of-the-art performance across various datasets.
- Public implementation is available, promoting accessibility for further research.
Computer Science > Machine Learning arXiv:2602.20419 (cs) [Submitted on 23 Feb 2026] Title:CREDIT: Certified Ownership Verification of Deep Neural Networks Against Model Extraction Attacks Authors:Bolin Shen, Zhan Cheng, Neil Zhenqiang Gong, Fan Yao, Yushun Dong View a PDF of the paper titled CREDIT: Certified Ownership Verification of Deep Neural Networks Against Model Extraction Attacks, by Bolin Shen and 4 other authors View PDF HTML (experimental) Abstract:Machine Learning as a Service (MLaaS) has emerged as a widely adopted paradigm for providing access to deep neural network (DNN) models, enabling users to conveniently leverage these models through standardized APIs. However, such services are highly vulnerable to Model Extraction Attacks (MEAs), where an adversary repeatedly queries a target model to collect input-output pairs and uses them to train a surrogate model that closely replicates its functionality. While numerous defense strategies have been proposed, verifying the ownership of a suspicious model with strict theoretical guarantees remains a challenging task. To address this gap, we introduce CREDIT, a certified ownership verification against MEAs. Specifically, we employ mutual information to quantify the similarity between DNN models, propose a practical verification threshold, and provide rigorous theoretical guarantees for ownership verification based on this threshold. We extensively evaluate our approach on several mainstream datasets across differen...
