A Survey of Model Extraction Attacks and Defenses in Distributed Computing Environments Article Swipe
Kaixiang Zhao
,
Lincan Li
,
Kaize Ding
,
Neil Zhenqiang Gong
,
Yue Zhao
,
Yushun Dong
·
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2502.16065
YOU?
·
· 2025
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2502.16065
Model Extraction Attacks (MEAs) threaten modern machine learning systems by enabling adversaries to steal models, exposing intellectual property and training data. With the increasing deployment of machine learning models in distributed computing environments, including cloud, edge, and federated learning settings, each paradigm introduces distinct vulnerabilities and challenges. Without a unified perspective on MEAs across these distributed environments, organizations risk fragmented defenses, inadequate risk assessments, and substantial economic and privacy losses. This survey is motivated by the urgent need to understand how the unique characteristics of cloud, edge, and federated deployments shape attack vectors and defense requirements. We systematically examine the evolution of attack methodologies and defense mechanisms across these environments, demonstrating how environmental factors influence security strategies in critical sectors such as autonomous vehicles, healthcare, and financial services. By synthesizing recent advances in MEAs research and discussing the limitations of current evaluation practices, this survey provides essential insights for developing robust and adaptive defense strategies. Our comprehensive approach highlights the importance of integrating protective measures across the entire distributed computing landscape to ensure the secure deployment of machine learning models.
Related Topics
Concepts
No concepts available.
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2502.16065
- https://arxiv.org/pdf/2502.16065
- OA Status
- green
- OpenAlex ID
- https://openalex.org/W4414837768
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4414837768Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2502.16065Digital Object Identifier
- Title
-
A Survey of Model Extraction Attacks and Defenses in Distributed Computing EnvironmentsWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2025Year of publication
- Publication date
-
2025-02-22Full publication date if available
- Authors
-
Kaixiang Zhao, Lincan Li, Kaize Ding, Neil Zhenqiang Gong, Yue Zhao, Yushun DongList of authors in order
- Landing page
-
https://arxiv.org/abs/2502.16065Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2502.16065Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2502.16065Direct OA link when available
- Cited by
-
0Total citation count in OpenAlex
Full payload
| id | https://openalex.org/W4414837768 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2502.16065 |
| ids.doi | https://doi.org/10.48550/arxiv.2502.16065 |
| ids.openalex | https://openalex.org/W4414837768 |
| fwci | |
| type | preprint |
| title | A Survey of Model Extraction Attacks and Defenses in Distributed Computing Environments |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T10400 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.995199978351593 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1705 |
| topics[0].subfield.display_name | Computer Networks and Communications |
| topics[0].display_name | Network Security and Intrusion Detection |
| topics[1].id | https://openalex.org/T11424 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9947999715805054 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1702 |
| topics[1].subfield.display_name | Artificial Intelligence |
| topics[1].display_name | Security and Verification in Computing |
| topics[2].id | https://openalex.org/T11241 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9915000200271606 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1711 |
| topics[2].subfield.display_name | Signal Processing |
| topics[2].display_name | Advanced Malware Detection Techniques |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2502.16065 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2502.16065 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2502.16065 |
| locations[1].id | doi:10.48550/arxiv.2502.16065 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2502.16065 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5112128593 |
| authorships[0].author.orcid | |
| authorships[0].author.display_name | Kaixiang Zhao |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Zhao, Kaixiang |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5005362290 |
| authorships[1].author.orcid | https://orcid.org/0000-0003-3797-4055 |
| authorships[1].author.display_name | Lincan Li |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Li, Lincan |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5044455276 |
| authorships[2].author.orcid | https://orcid.org/0000-0001-6684-6752 |
| authorships[2].author.display_name | Kaize Ding |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Ding, Kaize |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5009102659 |
| authorships[3].author.orcid | https://orcid.org/0000-0002-9900-9309 |
| authorships[3].author.display_name | Neil Zhenqiang Gong |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Gong, Neil Zhenqiang |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5100458078 |
| authorships[4].author.orcid | https://orcid.org/0000-0001-9777-8617 |
| authorships[4].author.display_name | Yue Zhao |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Zhao, Yue |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5047581320 |
| authorships[5].author.orcid | https://orcid.org/0000-0001-7504-6159 |
| authorships[5].author.display_name | Yushun Dong |
| authorships[5].author_position | last |
| authorships[5].raw_author_name | Dong, Yushun |
| authorships[5].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2502.16065 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | A Survey of Model Extraction Attacks and Defenses in Distributed Computing Environments |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T10400 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.995199978351593 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1705 |
| primary_topic.subfield.display_name | Computer Networks and Communications |
| primary_topic.display_name | Network Security and Intrusion Detection |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2502.16065 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2502.16065 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2502.16065 |
| primary_location.id | pmh:oai:arXiv.org:2502.16065 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2502.16065 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2502.16065 |
| publication_date | 2025-02-22 |
| publication_year | 2025 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 48 |
| abstract_inverted_index.By | 128 |
| abstract_inverted_index.We | 96 |
| abstract_inverted_index.as | 121 |
| abstract_inverted_index.by | 9, 74 |
| abstract_inverted_index.in | 29, 117, 132 |
| abstract_inverted_index.is | 72 |
| abstract_inverted_index.of | 25, 84, 101, 139, 161, 176 |
| abstract_inverted_index.on | 51 |
| abstract_inverted_index.to | 12, 78, 171 |
| abstract_inverted_index.Our | 155 |
| abstract_inverted_index.and | 18, 36, 45, 64, 67, 87, 93, 104, 125, 135, 151 |
| abstract_inverted_index.for | 148 |
| abstract_inverted_index.how | 80, 111 |
| abstract_inverted_index.the | 22, 75, 81, 99, 137, 159, 166, 173 |
| abstract_inverted_index.MEAs | 52, 133 |
| abstract_inverted_index.This | 70 |
| abstract_inverted_index.With | 21 |
| abstract_inverted_index.each | 40 |
| abstract_inverted_index.need | 77 |
| abstract_inverted_index.risk | 58, 62 |
| abstract_inverted_index.such | 120 |
| abstract_inverted_index.this | 143 |
| abstract_inverted_index.Model | 0 |
| abstract_inverted_index.data. | 20 |
| abstract_inverted_index.edge, | 35, 86 |
| abstract_inverted_index.shape | 90 |
| abstract_inverted_index.steal | 13 |
| abstract_inverted_index.these | 54, 108 |
| abstract_inverted_index.(MEAs) | 3 |
| abstract_inverted_index.across | 53, 107, 165 |
| abstract_inverted_index.attack | 91, 102 |
| abstract_inverted_index.cloud, | 34, 85 |
| abstract_inverted_index.ensure | 172 |
| abstract_inverted_index.entire | 167 |
| abstract_inverted_index.models | 28 |
| abstract_inverted_index.modern | 5 |
| abstract_inverted_index.recent | 130 |
| abstract_inverted_index.robust | 150 |
| abstract_inverted_index.secure | 174 |
| abstract_inverted_index.survey | 71, 144 |
| abstract_inverted_index.unique | 82 |
| abstract_inverted_index.urgent | 76 |
| abstract_inverted_index.Attacks | 2 |
| abstract_inverted_index.Without | 47 |
| abstract_inverted_index.current | 140 |
| abstract_inverted_index.defense | 94, 105, 153 |
| abstract_inverted_index.examine | 98 |
| abstract_inverted_index.factors | 113 |
| abstract_inverted_index.losses. | 69 |
| abstract_inverted_index.machine | 6, 26, 177 |
| abstract_inverted_index.models, | 14 |
| abstract_inverted_index.models. | 179 |
| abstract_inverted_index.privacy | 68 |
| abstract_inverted_index.sectors | 119 |
| abstract_inverted_index.systems | 8 |
| abstract_inverted_index.unified | 49 |
| abstract_inverted_index.vectors | 92 |
| abstract_inverted_index.adaptive | 152 |
| abstract_inverted_index.advances | 131 |
| abstract_inverted_index.approach | 157 |
| abstract_inverted_index.critical | 118 |
| abstract_inverted_index.distinct | 43 |
| abstract_inverted_index.economic | 66 |
| abstract_inverted_index.enabling | 10 |
| abstract_inverted_index.exposing | 15 |
| abstract_inverted_index.insights | 147 |
| abstract_inverted_index.learning | 7, 27, 38, 178 |
| abstract_inverted_index.measures | 164 |
| abstract_inverted_index.paradigm | 41 |
| abstract_inverted_index.property | 17 |
| abstract_inverted_index.provides | 145 |
| abstract_inverted_index.research | 134 |
| abstract_inverted_index.security | 115 |
| abstract_inverted_index.threaten | 4 |
| abstract_inverted_index.training | 19 |
| abstract_inverted_index.computing | 31, 169 |
| abstract_inverted_index.defenses, | 60 |
| abstract_inverted_index.essential | 146 |
| abstract_inverted_index.evolution | 100 |
| abstract_inverted_index.federated | 37, 88 |
| abstract_inverted_index.financial | 126 |
| abstract_inverted_index.including | 33 |
| abstract_inverted_index.influence | 114 |
| abstract_inverted_index.landscape | 170 |
| abstract_inverted_index.motivated | 73 |
| abstract_inverted_index.services. | 127 |
| abstract_inverted_index.settings, | 39 |
| abstract_inverted_index.vehicles, | 123 |
| abstract_inverted_index.Extraction | 1 |
| abstract_inverted_index.autonomous | 122 |
| abstract_inverted_index.deployment | 24, 175 |
| abstract_inverted_index.developing | 149 |
| abstract_inverted_index.discussing | 136 |
| abstract_inverted_index.evaluation | 141 |
| abstract_inverted_index.fragmented | 59 |
| abstract_inverted_index.highlights | 158 |
| abstract_inverted_index.importance | 160 |
| abstract_inverted_index.inadequate | 61 |
| abstract_inverted_index.increasing | 23 |
| abstract_inverted_index.introduces | 42 |
| abstract_inverted_index.mechanisms | 106 |
| abstract_inverted_index.practices, | 142 |
| abstract_inverted_index.protective | 163 |
| abstract_inverted_index.strategies | 116 |
| abstract_inverted_index.understand | 79 |
| abstract_inverted_index.adversaries | 11 |
| abstract_inverted_index.challenges. | 46 |
| abstract_inverted_index.deployments | 89 |
| abstract_inverted_index.distributed | 30, 55, 168 |
| abstract_inverted_index.healthcare, | 124 |
| abstract_inverted_index.integrating | 162 |
| abstract_inverted_index.limitations | 138 |
| abstract_inverted_index.perspective | 50 |
| abstract_inverted_index.strategies. | 154 |
| abstract_inverted_index.substantial | 65 |
| abstract_inverted_index.assessments, | 63 |
| abstract_inverted_index.intellectual | 16 |
| abstract_inverted_index.synthesizing | 129 |
| abstract_inverted_index.comprehensive | 156 |
| abstract_inverted_index.demonstrating | 110 |
| abstract_inverted_index.environmental | 112 |
| abstract_inverted_index.environments, | 32, 56, 109 |
| abstract_inverted_index.methodologies | 103 |
| abstract_inverted_index.organizations | 57 |
| abstract_inverted_index.requirements. | 95 |
| abstract_inverted_index.systematically | 97 |
| abstract_inverted_index.characteristics | 83 |
| abstract_inverted_index.vulnerabilities | 44 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 6 |
| citation_normalized_percentile |