DiMEx: Breaking the Cold Start Barrier in Data-Free Model Extraction via Latent Diffusion Priors

Model stealing attacks pose an existential threat to Machine Learning as a Service (MLaaS), allowing adversaries to replicate proprietary models for a fraction of their training cost. While Data-Free Model Extraction (DFME) has emerged as a stealthy vector, it remains fundamentally constrained by the "Cold Start" problem: GAN-based adversaries waste thousands of queries converging from random noise to meaningful data. We propose DiMEx, a framework that weaponizes the rich semantic priors of pre-trained Latent Diffusion Models to bypass this initialization barrier entirely. By employing Random Embedding Bayesian Optimization (REMBO) within the generator's latent space, DiMEx synthesizes high-fidelity queries immediately, achieving 52.1 percent agreement on SVHN with just 2,000 queries - outperforming state-of-the-art GAN baselines by over 16 percent. To counter this highly semantic threat, we introduce the Hybrid Stateful Ensemble (HSE) defense, which identifies the unique "optimization trajectory" of latent-space attacks. Our results demonstrate that while DiMEx evades static distribution detectors, HSE exploits this temporal signature to suppress attack success rates to 21.6 percent with negligible latency.

Key Contributions

• DiMEx attack framework that replaces GAN generators with frozen Latent Diffusion Model priors and REMBO optimization, eliminating the Cold Start problem and achieving 52.1% agreement on SVHN with only 2,000 queries — a 16%+ improvement over GAN baselines.
• Hybrid Stateful Ensemble (HSE) defense that monitors the temporal optimization trajectory of latent-space queries to detect extraction attacks, suppressing DiMEx success from 52.1% to 21.6% with negligible latency.
• Empirical demonstration that DiMEx evades static OOD distribution detectors (e.g., PRADA) while HSE exploits the sequential drift signature unique to generative optimization attacks.

🛡️ Threat Analysis

Details

Similar Papers