{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2016:6RJAHTB4QLEOLFF7UXCVQ2XBTI","short_pith_number":"pith:6RJAHTB4","schema_version":"1.0","canonical_sha256":"f45203cc3c82c8e594bfa5c5586ae19a362e9b1b845c274032b7a0aa50a0dbbc","source":{"kind":"arxiv","id":"1609.02943","version":2},"attestation_state":"computed","paper":{"title":"Stealing Machine Learning Models via Prediction APIs","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG","stat.ML"],"primary_cat":"cs.CR","authors_text":"Ari Juels, Fan Zhang, Florian Tram\\`er, Michael K. Reiter, Thomas Ristenpart","submitted_at":"2016-09-09T20:39:20Z","abstract_excerpt":"Machine learning (ML) models may be deemed confidential due to their sensitive training data, commercial value, or use in security applications. Increasingly often, confidential ML models are being deployed with publicly accessible query interfaces. ML-as-a-service (\"predictive analytics\") systems are an example: Some allow users to train models on potentially sensitive data and charge others for access on a pay-per-query basis.\n  The tension between model confidentiality and public access motivates our investigation of model extraction attacks. In such attacks, an adversary with black-box acc"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1609.02943","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-09-09T20:39:20Z","cross_cats_sorted":["cs.LG","stat.ML"],"title_canon_sha256":"22e7fb22e559f9fac634821de77bbfb20fcb5482adc28d1b93b54aedc6fde20b","abstract_canon_sha256":"6f90debb2027f9b771b0d00bc3e77172bbeb7c4bc97691478f727bafa6864817"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T01:03:26.049446Z","signature_b64":"QnvTmphHnWGxtKca5vX37alBNgsMnI8liikroiLpyR0kHUOaXfGXB3Vak9uZJAcFfqar+pDSM1IwM0AIMknMDg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"f45203cc3c82c8e594bfa5c5586ae19a362e9b1b845c274032b7a0aa50a0dbbc","last_reissued_at":"2026-05-18T01:03:26.048902Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T01:03:26.048902Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Stealing Machine Learning Models via Prediction APIs","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG","stat.ML"],"primary_cat":"cs.CR","authors_text":"Ari Juels, Fan Zhang, Florian Tram\\`er, Michael K. Reiter, Thomas Ristenpart","submitted_at":"2016-09-09T20:39:20Z","abstract_excerpt":"Machine learning (ML) models may be deemed confidential due to their sensitive training data, commercial value, or use in security applications. Increasingly often, confidential ML models are being deployed with publicly accessible query interfaces. ML-as-a-service (\"predictive analytics\") systems are an example: Some allow users to train models on potentially sensitive data and charge others for access on a pay-per-query basis.\n  The tension between model confidentiality and public access motivates our investigation of model extraction attacks. In such attacks, an adversary with black-box acc"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1609.02943","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1609.02943","created_at":"2026-05-18T01:03:26.048983+00:00"},{"alias_kind":"arxiv_version","alias_value":"1609.02943v2","created_at":"2026-05-18T01:03:26.048983+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1609.02943","created_at":"2026-05-18T01:03:26.048983+00:00"},{"alias_kind":"pith_short_12","alias_value":"6RJAHTB4QLEO","created_at":"2026-05-18T12:30:01.593930+00:00"},{"alias_kind":"pith_short_16","alias_value":"6RJAHTB4QLEOLFF7","created_at":"2026-05-18T12:30:01.593930+00:00"},{"alias_kind":"pith_short_8","alias_value":"6RJAHTB4","created_at":"2026-05-18T12:30:01.593930+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":2,"internal_anchor_count":1,"sample":[{"citing_arxiv_id":"2603.15842","citing_title":"Informationally Compressive Anonymization: Non-Degrading Sensitive Input Protection for Privacy-Preserving Supervised Machine Learning","ref_index":4,"is_internal_anchor":true},{"citing_arxiv_id":"2604.23338","citing_title":"A Systematic Survey of Security Threats and Defenses in LLM-Based AI Agents: A Layered Attack Surface Framework","ref_index":63,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI","json":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI.json","graph_json":"https://pith.science/api/pith-number/6RJAHTB4QLEOLFF7UXCVQ2XBTI/graph.json","events_json":"https://pith.science/api/pith-number/6RJAHTB4QLEOLFF7UXCVQ2XBTI/events.json","paper":"https://pith.science/paper/6RJAHTB4"},"agent_actions":{"view_html":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI","download_json":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI.json","view_paper":"https://pith.science/paper/6RJAHTB4","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1609.02943&json=true","fetch_graph":"https://pith.science/api/pith-number/6RJAHTB4QLEOLFF7UXCVQ2XBTI/graph.json","fetch_events":"https://pith.science/api/pith-number/6RJAHTB4QLEOLFF7UXCVQ2XBTI/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI/action/timestamp_anchor","attest_storage":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI/action/storage_attestation","attest_author":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI/action/author_attestation","sign_citation":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI/action/citation_signature","submit_replication":"https://pith.science/pith/6RJAHTB4QLEOLFF7UXCVQ2XBTI/action/replication_record"}},"created_at":"2026-05-18T01:03:26.048983+00:00","updated_at":"2026-05-18T01:03:26.048983+00:00"}