![[2506.17047] Navigating the Deep: End-to-End Extraction on Deep Neural Networks](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2506.17047] Navigating the Deep: End-to-End Extraction on Deep Neural Networks
Summary
This article presents a novel end-to-end model extraction method for deep neural networks, addressing limitations in existing techniques and enabling deeper network extraction with improved efficiency.
Why It Matters
As neural network model extraction poses significant security risks, this research advances the field by providing a polynomial-time solution that enhances the ability to extract deeper networks. This is crucial for understanding vulnerabilities in AI systems and improving their security.
Key Takeaways
- Introduces a refined signature extraction process overcoming previous limitations.
- Presents a polynomial-time method for sign extraction, improving efficiency.
- Enables extraction of deeper networks, achieving at least eight layers compared to previous methods.
- Addresses critical issues like rank deficiency and noise propagation.
- Validates the approach through extensive experiments on standard datasets.
Computer Science > Machine Learning arXiv:2506.17047 (cs) [Submitted on 20 Jun 2025 (v1), last revised 18 Feb 2026 (this version, v2)] Title:Navigating the Deep: End-to-End Extraction on Deep Neural Networks Authors:Haolin Liu, Adrien Siproudhis, Samuel Experton, Peter Lorenz, Christina Boura, Thomas Peyrin View a PDF of the paper titled Navigating the Deep: End-to-End Extraction on Deep Neural Networks, by Haolin Liu and 5 other authors View PDF HTML (experimental) Abstract:Neural network model extraction has recently emerged as an important security concern, as adversaries attempt to recover a network's parameters via black-box queries. Carlini et al. proposed in CRYPTO'20 a model extraction approach, consisting of two steps: signature extraction and sign extraction. However, in practice this signature-extraction method is limited to very shallow networks only, and the proposed sign-extraction method is exponential in time. Recently, Canales-Martinez et al. (Eurocrypt'24) proposed a polynomial-time sign-extraction method, but it assumes the corresponding signatures have already been successfully extracted and can fail on so-called low-confidence neurons. In this work, we first revisit and refine the signature extraction process by systematically identifying and addressing for the first time critical limitations of Carlini et al.'s signature-extraction method. These limitations include rank deficiency and noise propagation from deeper layers. To overcome these challenges,...
