Model extraction attack on Deep Neural Networks

Machine learning models based on Deep Neural Networks (DNN) have gained popularity due to their promising performance and recent advancements in hardware. Development of high-performing DNN models requires a mass amount of time and resources, therefore, information regarding such models is kept...

Full description

Saved in:
Bibliographic Details
Main Author: Lkhagvadorj, Dulguun
Other Authors: Chang Chip Hong
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2022
Subjects:
Online Access:https://hdl.handle.net/10356/158375
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Machine learning models based on Deep Neural Networks (DNN) have gained popularity due to their promising performance and recent advancements in hardware. Development of high-performing DNN models requires a mass amount of time and resources, therefore, information regarding such models is kept undisclosed in commercial settings. Hence, as an attacker, obtaining details of such hidden models at a low cost would be beneficial both financially and timewise. In this project, we studied different methods to attack black-box DNN models and experimented with two different methods. The first method aims at developing a substitute model with similar performances as the target model by using the target model’s outputs as training data for the substitute model. The second method focuses on obtaining structural information of the target through a timing side-channel attack. This report includes the theoretical basis of the methods, details of implementations, results of experiments, and discussions of the advantages and shortcomings of each method.