The proliferation of Machine Learning as a Service (MLaaS) has heightened risks of Model Extraction Attacks (MEAs), threatening model intellectual property, data privacy, and system integrity. To address this, we present the first systematic survey that introduces a three-dimensional classification framework—spanning attack mechanisms, defense strategies, and computational environments—to rigorously characterize the fundamental utility–security trade-off in MLaaS. We curate an open, continuously updated literature repository, empirically evaluating over 100 MEA techniques and corresponding defenses across diverse threat models and deployment settings. Our analysis identifies critical security gaps across cloud–edge–end multi-paradigm infrastructures and examines their technical, ethical, and regulatory implications. This work establishes an authoritative benchmark and an extensible analytical framework for AI security research, directly informing the design of next-generation robust, trustworthy MLaaS systems.

Machine learning (ML) models have significantly grown in complexity and utility, driving advances across multiple domains. However, substantial computational resources and specialized expertise have historically restricted their wide adoption. Machine-Learning-as-a-Service (MLaaS) platforms have addressed these barriers by providing scalable, convenient, and affordable access to sophisticated ML models through user-friendly APIs. While this accessibility promotes widespread use of advanced ML capabilities, it also introduces vulnerabilities exploited through Model Extraction Attacks (MEAs). Recent studies have demonstrated that adversaries can systematically replicate a target model's functionality by interacting with publicly exposed interfaces, posing threats to intellectual property, privacy, and system security. In this paper, we offer a comprehensive survey of MEAs and corresponding defense strategies. We propose a novel taxonomy that classifies MEAs according to attack mechanisms, defense approaches, and computing environments. Our analysis covers various attack techniques, evaluates their effectiveness, and highlights challenges faced by existing defenses, particularly the critical trade-off between preserving model utility and ensuring security. We further assess MEAs within different computing paradigms and discuss their technical, ethical, legal, and societal implications, along with promising directions for future research. This systematic survey aims to serve as a valuable reference for researchers, practitioners, and policymakers engaged in AI security and privacy. Additionally, we maintain an online repository continuously updated with related literature at https://github.com/kzhao5/ModelExtractionPapers.