DNNobfus: a study on obfuscation-based edge-side model protection framework
The proliferation of artificial intelligence models has rendered them vulnerable to a myriad of security threats. The extensive integration of deep learning models into edge devices has introduced novel security challenges. Given the analogous structural characteristics of deep neural networks, adve...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024019 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529626811170816 |
|---|---|
| author | SONG Feiyang ZHAO Xinmiao YAN Fei CHENG Binlin ZHANG Liqiang YANG Xiaolin WANG Yang |
| author_facet | SONG Feiyang ZHAO Xinmiao YAN Fei CHENG Binlin ZHANG Liqiang YANG Xiaolin WANG Yang |
| author_sort | SONG Feiyang |
| collection | DOAJ |
| description | The proliferation of artificial intelligence models has rendered them vulnerable to a myriad of security threats. The extensive integration of deep learning models into edge devices has introduced novel security challenges. Given the analogous structural characteristics of deep neural networks, adversaries can employ decompilation tactics to extract model structural details and parameters, facilitating the reconstruction of these models. Such actions can compromise the intellectual property rights of the model and increase the risk of white-box attacks. To mitigate the capability of model decompilers to locate and identify model operators, acquire parameters, and parse network topologies, an obfuscation framework was proposed. This framework was embedded within the model compilation process to safeguard against model extraction attacks. During the frontend optimization phase of deep learning compilers, three obfuscation techniques were developed and integrated: operator obfuscation, parameter obfuscation, and network topology obfuscation. The framework introduced opaque predicates, incorporated fake control flows, and embedded redundant memory access to thwart the reverse engineering efforts of model decompilers. The experimental findings demonstrate that the obfuscation framework, named DNNobfus, significantly diminishes the accuracy of state-of-the-art model decompilation tools in identifying model operator types and network connections to 21.63% and 48.24%, respectively. Additionally, DNNobfus achieves an average time efficiency of 67.93% and an average space efficiency of 88.37%, surpassing the performance of the obfuscation tool Obfuscator-LLVM in both respects. |
| format | Article |
| id | doaj-art-93e9a1a5aa754e818bbec87c7ae25edb |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-93e9a1a5aa754e818bbec87c7ae25edb2025-01-15T03:17:04ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-04-011014315363897220DNNobfus: a study on obfuscation-based edge-side model protection frameworkSONG FeiyangZHAO XinmiaoYAN FeiCHENG BinlinZHANG LiqiangYANG XiaolinWANG YangThe proliferation of artificial intelligence models has rendered them vulnerable to a myriad of security threats. The extensive integration of deep learning models into edge devices has introduced novel security challenges. Given the analogous structural characteristics of deep neural networks, adversaries can employ decompilation tactics to extract model structural details and parameters, facilitating the reconstruction of these models. Such actions can compromise the intellectual property rights of the model and increase the risk of white-box attacks. To mitigate the capability of model decompilers to locate and identify model operators, acquire parameters, and parse network topologies, an obfuscation framework was proposed. This framework was embedded within the model compilation process to safeguard against model extraction attacks. During the frontend optimization phase of deep learning compilers, three obfuscation techniques were developed and integrated: operator obfuscation, parameter obfuscation, and network topology obfuscation. The framework introduced opaque predicates, incorporated fake control flows, and embedded redundant memory access to thwart the reverse engineering efforts of model decompilers. The experimental findings demonstrate that the obfuscation framework, named DNNobfus, significantly diminishes the accuracy of state-of-the-art model decompilation tools in identifying model operator types and network connections to 21.63% and 48.24%, respectively. Additionally, DNNobfus achieves an average time efficiency of 67.93% and an average space efficiency of 88.37%, surpassing the performance of the obfuscation tool Obfuscator-LLVM in both respects.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024019artificial intelligence safetycode obfuscationreverse engineeringmodel protection |
| spellingShingle | SONG Feiyang ZHAO Xinmiao YAN Fei CHENG Binlin ZHANG Liqiang YANG Xiaolin WANG Yang DNNobfus: a study on obfuscation-based edge-side model protection framework 网络与信息安全学报 artificial intelligence safety code obfuscation reverse engineering model protection |
| title | DNNobfus: a study on obfuscation-based edge-side model protection framework |
| title_full | DNNobfus: a study on obfuscation-based edge-side model protection framework |
| title_fullStr | DNNobfus: a study on obfuscation-based edge-side model protection framework |
| title_full_unstemmed | DNNobfus: a study on obfuscation-based edge-side model protection framework |
| title_short | DNNobfus: a study on obfuscation-based edge-side model protection framework |
| title_sort | dnnobfus a study on obfuscation based edge side model protection framework |
| topic | artificial intelligence safety code obfuscation reverse engineering model protection |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024019 |
| work_keys_str_mv | AT songfeiyang dnnobfusastudyonobfuscationbasededgesidemodelprotectionframework AT zhaoxinmiao dnnobfusastudyonobfuscationbasededgesidemodelprotectionframework AT yanfei dnnobfusastudyonobfuscationbasededgesidemodelprotectionframework AT chengbinlin dnnobfusastudyonobfuscationbasededgesidemodelprotectionframework AT zhangliqiang dnnobfusastudyonobfuscationbasededgesidemodelprotectionframework AT yangxiaolin dnnobfusastudyonobfuscationbasededgesidemodelprotectionframework AT wangyang dnnobfusastudyonobfuscationbasededgesidemodelprotectionframework |