Explain model stealing attacks and a countermeasure.

Model stealing attacks happen when an adversary probes a deployed model through an API to gather enough input–output examples to train a substitute model that mimics the original’s behavior. A strong countermeasure is query auditing, which involves logging, monitoring, and analyzing every API call to spot patterns indicative of extraction activity. By examining factors like unusually high request rates, bursts of traffic from a single source, a high volume of similar inputs, or a sequence of queries aimed at revealing decision boundaries, you can detect attempts to copy the model. When suspicious activity is found, you can respond with measures such as rate limiting, stronger authentication, or restricting the amount of information returned per query, making it harder for an attacker to assemble an effective surrogate. Data normalization, hyperparameter tuning, and model distillation don’t directly address the issue of automated extraction from API usage, so they aren’t suitable defenses in this context.