Model extraction increasingly attracts research attentions as keeping commercial AI models
private can retain a competitive advantage. In some scenarios, AI models are trained
proprietarily, where neither pre-trained models nor sufficient in-distribution data is publicly
available. Model extraction attacks against these models are typically more devastating.
Therefore, in this paper, we empirically investigate the behaviors of model extraction under
such scenarios. We find the effectiveness of existing techniques significantly affected by the …