Neural Network Model Obfuscation through Adversarial Training
Author
Abstract

With the increased commercialization of deep learning (DL) models, there is also a growing need to protect them from illicit usage. For cost- and ease of deployment reasons it is becoming increasingly common to run DL models on the hardware of third parties. Although there are some hardware mechanisms, such as Trusted Execution Environments (TEE), to protect sensitive data, their availability is still limited and not well suited to resource demanding tasks, like DL models, that benefit from hardware accelerators. In this work, we make model stealing more difficult, presenting a novel way to divide up a DL model, with the main part on normal infrastructure and a small part in a remote TEE, and train it using adversarial techniques. In initial experiments on image classification models for the Fashion MNIST and CIFAR 10 datasets, we observed that this obfuscation protection makes it significantly more difficult for an adversary to leverage the exposed model components.

Year of Publication
2022
Date Published
may
Publisher
IEEE
Conference Location
Taormina, Italy
ISBN Number
978-1-66549-956-9
URL
https://ieeexplore.ieee.org/document/9826038/
DOI
10.1109/CCGrid54584.2022.00092
Google Scholar | BibTeX | DOI