{"id":"https://openalex.org/W7133321304","doi":"https://doi.org/10.1109/tps-isa67132.2025.00024","title":"Clone What You Can't Steal: Black-Box LLM Replication via Logit Leakage and Distillation","display_name":"Clone What You Can't Steal: Black-Box LLM Replication via Logit Leakage and Distillation","publication_year":2025,"publication_date":"2025-11-12","ids":{"openalex":"https://openalex.org/W7133321304","doi":"https://doi.org/10.1109/tps-isa67132.2025.00024"},"language":null,"primary_location":{"id":"doi:10.1109/tps-isa67132.2025.00024","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tps-isa67132.2025.00024","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 7th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5014702176","display_name":"Kanchon Gharami","orcid":"https://orcid.org/0000-0003-0032-8201"},"institutions":[{"id":"https://openalex.org/I84475105","display_name":"Embry\u2013Riddle Aeronautical University","ror":"https://ror.org/010jskt71","country_code":"US","type":"education","lineage":["https://openalex.org/I84475105"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kanchon Gharami","raw_affiliation_strings":["Embry-Riddle Aeronautical University,Department of Electrical Engineering and Computer Science,FL,USA"],"raw_orcid":"https://orcid.org/0000-0003-0032-8201","affiliations":[{"raw_affiliation_string":"Embry-Riddle Aeronautical University,Department of Electrical Engineering and Computer Science,FL,USA","institution_ids":["https://openalex.org/I84475105"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107474577","display_name":"Hansaka Aluvihare","orcid":"https://orcid.org/0009-0005-8748-761X"},"institutions":[{"id":"https://openalex.org/I84475105","display_name":"Embry\u2013Riddle Aeronautical University","ror":"https://ror.org/010jskt71","country_code":"US","type":"education","lineage":["https://openalex.org/I84475105"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hansaka Aluvihare","raw_affiliation_strings":["Embry-Riddle Aeronautical University,Department of Mathematics,FL,USA"],"raw_orcid":"https://orcid.org/0009-0005-8748-761X","affiliations":[{"raw_affiliation_string":"Embry-Riddle Aeronautical University,Department of Mathematics,FL,USA","institution_ids":["https://openalex.org/I84475105"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035634410","display_name":"Shafika Showkat Moni","orcid":"https://orcid.org/0000-0002-7710-4217"},"institutions":[{"id":"https://openalex.org/I84475105","display_name":"Embry\u2013Riddle Aeronautical University","ror":"https://ror.org/010jskt71","country_code":"US","type":"education","lineage":["https://openalex.org/I84475105"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shafika Showkat Moni","raw_affiliation_strings":["Embry-Riddle Aeronautical University,Department of Electrical Engineering and Computer Science,FL,USA"],"raw_orcid":"https://orcid.org/0000-0002-7710-4217","affiliations":[{"raw_affiliation_string":"Embry-Riddle Aeronautical University,Department of Electrical Engineering and Computer Science,FL,USA","institution_ids":["https://openalex.org/I84475105"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123688790","display_name":"Berker Pek\u00f6z","orcid":null},"institutions":[{"id":"https://openalex.org/I84475105","display_name":"Embry\u2013Riddle Aeronautical University","ror":"https://ror.org/010jskt71","country_code":"US","type":"education","lineage":["https://openalex.org/I84475105"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Berker Pek\u00f6z","raw_affiliation_strings":["Embry-Riddle Aeronautical University,Department of Electrical Engineering and Computer Science,FL,USA"],"raw_orcid":"https://orcid.org/0000-0002-7572-3663","affiliations":[{"raw_affiliation_string":"Embry-Riddle Aeronautical University,Department of Electrical Engineering and Computer Science,FL,USA","institution_ids":["https://openalex.org/I84475105"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5014702176"],"corresponding_institution_ids":["https://openalex.org/I84475105"],"apc_list":null,"apc_paid":null,"fwci":2.1733,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.92895504,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"140","last_page":"147"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.0885000005364418,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.0885000005364418,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.08380000293254852,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.08290000259876251,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5322999954223633},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.4336000084877014},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.40230000019073486},{"id":"https://openalex.org/keywords/backup","display_name":"Backup","score":0.40059998631477356},{"id":"https://openalex.org/keywords/singular-value-decomposition","display_name":"Singular value decomposition","score":0.38499999046325684},{"id":"https://openalex.org/keywords/replication","display_name":"Replication (statistics)","score":0.3544999957084656},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.35280001163482666},{"id":"https://openalex.org/keywords/bridging","display_name":"Bridging (networking)","score":0.3515999913215637},{"id":"https://openalex.org/keywords/projection","display_name":"Projection (relational algebra)","score":0.34880000352859497}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7218000292778015},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5322999954223633},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.4336000084877014},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.40230000019073486},{"id":"https://openalex.org/C2780945871","wikidata":"https://www.wikidata.org/wiki/Q194274","display_name":"Backup","level":2,"score":0.40059998631477356},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3862999975681305},{"id":"https://openalex.org/C22789450","wikidata":"https://www.wikidata.org/wiki/Q420904","display_name":"Singular value decomposition","level":2,"score":0.38499999046325684},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3743000030517578},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3732999861240387},{"id":"https://openalex.org/C12590798","wikidata":"https://www.wikidata.org/wiki/Q3933199","display_name":"Replication (statistics)","level":2,"score":0.3544999957084656},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.35280001163482666},{"id":"https://openalex.org/C174348530","wikidata":"https://www.wikidata.org/wiki/Q188635","display_name":"Bridging (networking)","level":2,"score":0.3515999913215637},{"id":"https://openalex.org/C57493831","wikidata":"https://www.wikidata.org/wiki/Q3134666","display_name":"Projection (relational algebra)","level":2,"score":0.34880000352859497},{"id":"https://openalex.org/C46743427","wikidata":"https://www.wikidata.org/wiki/Q1341685","display_name":"Inference engine","level":3,"score":0.30979999899864197},{"id":"https://openalex.org/C136643341","wikidata":"https://www.wikidata.org/wiki/Q1361526","display_name":"Reachability","level":2,"score":0.30169999599456787},{"id":"https://openalex.org/C2777042071","wikidata":"https://www.wikidata.org/wiki/Q6509304","display_name":"Leakage (economics)","level":2,"score":0.30000001192092896},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.29019999504089355},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.28780001401901245},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2831999957561493},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.2768000066280365},{"id":"https://openalex.org/C52146309","wikidata":"https://www.wikidata.org/wiki/Q7431116","display_name":"Schema (genetic algorithms)","level":2,"score":0.2741999924182892},{"id":"https://openalex.org/C21442007","wikidata":"https://www.wikidata.org/wiki/Q1027879","display_name":"Graphics","level":2,"score":0.27300000190734863},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2720000147819519},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.2703999876976013},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.26989999413490295},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.2669000029563904},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.26660001277923584},{"id":"https://openalex.org/C42355184","wikidata":"https://www.wikidata.org/wiki/Q1361088","display_name":"Matrix decomposition","level":3,"score":0.263700008392334},{"id":"https://openalex.org/C100279451","wikidata":"https://www.wikidata.org/wiki/Q372193","display_name":"Perplexity","level":3,"score":0.26080000400543213},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.25920000672340393},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.25450000166893005},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.250900000333786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tps-isa67132.2025.00024","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tps-isa67132.2025.00024","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE 7th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W2407386500","https://openalex.org/W4367368092","https://openalex.org/W4386072376","https://openalex.org/W4396855375","https://openalex.org/W4400806526","https://openalex.org/W4402446610","https://openalex.org/W4404125323","https://openalex.org/W4405784845","https://openalex.org/W4406460287","https://openalex.org/W4406460462","https://openalex.org/W4411319972","https://openalex.org/W4415798566"],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"are":[4,27],"increasingly":[5],"deployed":[6],"in":[7,198],"mission-critical":[8],"systems,":[9],"facilitating":[10],"tasks":[11],"such":[12,35],"as":[13],"satellite":[14],"operations,":[15],"command-and-control,":[16],"military":[17],"decision":[18],"support,":[19],"and":[20,54,174,187,206,232],"cyber":[21],"defense.":[22],"Many":[23],"of":[24,160],"these":[25],"systems":[26],"accessed":[28],"through":[29],"application":[30],"programming":[31],"interfaces":[32],"(APIs).":[33],"When":[34],"APIs":[36,231],"lack":[37],"robust":[38],"access":[39],"controls,":[40],"they":[41],"can":[42,220],"expose":[43],"full":[44],"or":[45,70],"top":[46],"<tex":[47],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[48,119],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$k$</tex>":[49,120],"logits,":[50,134],"creating":[51],"a":[52,76,91,101,169,175,217],"significant":[53],"often":[55],"overlooked":[56],"attack":[57,196],"surface.":[58],"Prior":[59],"art":[60],"has":[61],"mainly":[62],"focused":[63],"on":[64,150],"reconstructing":[65],"the":[66,112,133,138,161,225],"output":[67,113],"projection":[68,114],"layer":[69],"distilling":[71],"surface-level":[72],"behaviors.":[73],"However,":[74],"regenerating":[75],"black-box":[77,125],"model":[78,105],"under":[79,123,199],"tight":[80],"query":[81],"constraints":[82],"remains":[83],"underexplored.":[84],"We":[85],"address":[86],"that":[87,95],"gap":[88],"by":[89,116],"introducing":[90],"constrained":[92],"replication":[93],"pipeline":[94],"transforms":[96],"partial":[97],"logit":[98],"leakage":[99],"into":[100,141],"functional":[102],"deployable":[103],"substitute":[104],"clone.":[106],"Our":[107],"two-stage":[108],"approach":[109],"(i)":[110],"reconstructs":[111],"matrix":[115],"collecting":[117],"top-<tex":[118],"logits":[121],"from":[122],"10k":[124],"queries":[126],"via":[127],"singular":[128],"value":[129],"decomposition":[130],"(SVD)":[131],"over":[132],"then":[135],"(ii)":[136],"distills":[137],"remaining":[139],"architecture":[140],"compact":[142],"student":[143,157],"models":[144],"with":[145,167,191],"varying":[146],"transformer":[147],"depths,":[148],"trained":[149],"an":[151,222],"open":[152],"source":[153],"dataset.":[154],"A":[155,180],"6-layer":[156],"recreates":[158],"97.6%":[159],"6layer":[162],"teacher":[163],"model's":[164],"hidden-state":[165],"geometry,":[166],"only":[168],"7.31":[170],"%":[171],"perplexity":[172],"increase,":[173],"7.58":[176],"Negative":[177],"Log-Likelihood":[178],"(NLL).":[179],"4-layer":[181],"variant":[182],"achieves":[183],"17.1%":[184],"faster":[185],"inference":[186,230],"18.1%":[188],"parameter":[189],"reduction":[190],"comparable":[192],"performance.":[193],"The":[194],"entire":[195],"completes":[197],"24":[200],"graphics":[201],"processing":[202],"unit":[203],"(GPU)":[204],"hours":[205],"avoids":[207],"triggering":[208],"API":[209],"rate-limit":[210],"defenses.":[211],"These":[212],"results":[213],"demonstrate":[214],"how":[215],"quickly":[216],"cost-limited":[218],"adversary":[219],"clone":[221],"LLM,":[223],"underscoring":[224],"urgent":[226],"need":[227],"for":[228],"hardened":[229],"secure":[233],"on-premise":[234],"defense":[235],"deployments.":[236]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2026-03-04T00:00:00"}