Imitation Attacks Can Steal More Than You Think from Machine Translation Systems.

Attackers can easily steal the capabilities of a machine translation (MT) system by imitation attack without too much cost. However, few works pay attention to this topic. In this paper, we explore when and why the MT model can be stolen. We first empirically analyze imitation attacks and model stealing on MT tasks, finding that imitation attacks can steal the victim model from noisy query data, noisy models, and noisy translations, which are the typical methods for model defense. What’s more, the performance of the imitation model may even exceed the victim. By defining a KL distance of different corpora and using it to measure the similarity between the original data and stolen translations, we show that the imitation model steals MT systems relying on indirectly learning the distribution of the original data.