Portrait of Eliott Baltz is unavailable

Eliott Baltz

Master's Research - École de technologie suprérieure
Supervisor
Ulrich Aivodji
Research Topics
Deep Learning
GitHub

Publications

Model Stealing Through the Lens of Model Multiplicity
Eliott Baltz
Satoshi Hara
Ulrich Aivodji
Model stealing attacks, where adversaries create high-fidelity surrogate models, are a significant threat to the intellectual property of ma… (see more)chine learning services. Conventional wisdom suggests these surrogates could provide adversaries with economic leverage comparable to the original service providers. This paper challenges this assumption by evaluating model stealing attacks beyond mere fidelity to the target model. Because query-based extraction provides only partial supervision of the target's input-output behavior, the surrogate is not uniquely identified: many near-optimal surrogates can achieve comparable fidelity while differing in deployment-relevant properties. Instead of performing a classic learning-based model stealing attack, we compute the Rashomon Set (i.e., the set of almost-equally-accurate models) of surrogate models, and evaluate its diversity using multiplicity metrics (ambiguity, discrepancy and rashomon capcity) and group fairness metrics. Our experiments on real-world datasets reveal that despite exhibiting similar fidelity to the target model, surrogate models can display significant variances in other critical performance metrics. These findings cast doubt on the presumed equivalence between high-fidelity surrogates and the target model in practical deployment scenarios.
2026-05-19
DMP @ Canadian Conference on Artificial Intelligence and Conference on Robots and Vision (oral)
openreview.net
openreview.net