Enjoy Without Payment: Model Parasitic Attacks Against Transfer Learning Models
Document Type
Article
Publication Date
1-1-2026
Abstract
Transfer learning (TL) by fine-tuning (FT) has become a popular paradigm to address the challenges of limited training data and computing resources encountered in model training. This study reveals that this paradigm is susceptible to a new threat called model parasitic (MP) attack. By poisoning the dataset used for fine-tuning, MP attacks enable the finetuned model to execute an additional task (e.g., a specific classification task) designated by the attacker while still being able to execute the original task that the victim's fine-tuned model aims to offer. In addition, through MP attacks, the attacker can free-ride the victim's machine learning (ML) services at the cost of the victim. To design MP attacks, we innovatively propose multiple strategies including the dual-cluster strategy, the benign-to-poisoned example generation strategy, and the feature assignment loss (FAL)-guided controllable perturbation search strategy. Through intensive experiments, we precisely identify the factors that influence the MP attack performance. Finally, we investigate three possible defenses, shedding light on more effective defense design. Our code is available at GitHub
Publication Title
IEEE Transactions on Dependable and Secure Computing
Recommended Citation
Zhao, J.,
Lei, X.,
Huang, H.,
Mu, N.,
Chen, C.,
&
Zhang, X.
(2026).
Enjoy Without Payment: Model Parasitic Attacks Against Transfer Learning Models.
IEEE Transactions on Dependable and Secure Computing.
http://doi.org/10.1109/TDSC.2026.3652488
Retrieved from: https://digitalcommons.mtu.edu/michigantech-p2/2340