1. Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction apis. In: 25th Security Symposium (USENIX Security 16), pp. 601–618 (2016)

2. Juuti, M., Szyller, S., Marchal, S., Asokan, N.: Prada: protecting against dnn model stealing attacks. In: IEEE European Symposium on Security and Privacy (EuroS &P). IEEE 2019, pp. 512–527 (2019)

3. Zhang, Z., Chen, Y., Wagner, D.: Seat: similarity encoder by adversarial training for detecting model extraction attack queries. In: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, AISec 2021, pp. 37–48. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3474369.3486863

4. Pal, S., Gupta, Y., Kanade, A., Shevade, S.: Stateful detection of model extraction attacks. arXiv preprint arXiv:2107.05166 (2021)

5. Kesarwani, M., Mukhoty, B., Arya, V., Mehta, S.: Model extraction warning in mlaas paradigm. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 371–380 (2018)