NASPY: automated extraction of automated machine learning models
We present NASPY, an end-to-end adversarial framework to extract the networkarchitecture of deep learning models from Neural Architecture Search (NAS). Existing works about model extraction attacks mainly focus on conventional DNN models with very simple operations, or require heavy manual analysis...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/165393 https://openreview.net/group?id=ICLR.cc/2022/Conference#spotlight-submissions |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-165393 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1653932023-04-14T15:35:43Z NASPY: automated extraction of automated machine learning models Lou, Xiaoxuan Guo, Shangwei Li, Jiwei Wu, Yaoxin Zhang, Tianwei School of Computer Science and Engineering The Tenth International Conference on Learning Representations (ICLR 2022) Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Automated Machine Learning Deep Neural Networks We present NASPY, an end-to-end adversarial framework to extract the networkarchitecture of deep learning models from Neural Architecture Search (NAS). Existing works about model extraction attacks mainly focus on conventional DNN models with very simple operations, or require heavy manual analysis with lots of domain knowledge. In contrast, NASPY introduces seq2seq models to automatically identify novel and complicated operations (e.g., separable convolution,dilated convolution) from hardware side-channel sequences. We design two models (RNN-CTC and transformer), which can achieve only 3.2% and 11.3% error rates for operation prediction. We further present methods to recover the model hyper-parameters and topology from the operation sequence . With these techniques, NASPY is able to extract the complete NAS model architecture with high fidelity and automation, which are rarely analyzed before. Ministry of Education (MOE) Nanyang Technological University National Research Foundation (NRF) Submitted/Accepted version This project is in part supported by Singapore National Research Foundation under its National Cybersecurity R&D Programme (NCR Award NRF2018NCR-NCR009-0001), Singapore Ministry of Education (MOE) AcRF Tier 1 RS02/19, and NTU Start-up grant. Any opinions, findings and conclusions or recommendations expressed in this paper are those of the authors and do not reflect the views of National Research Foundation, Singapore. 2023-04-13T07:26:55Z 2023-04-13T07:26:55Z 2022 Conference Paper Lou, X., Guo, S., Li, J., Wu, Y. & Zhang, T. (2022). NASPY: automated extraction of automated machine learning models. The Tenth International Conference on Learning Representations (ICLR 2022). https://hdl.handle.net/10356/165393 https://openreview.net/group?id=ICLR.cc/2022/Conference#spotlight-submissions en NRF2018NCR-NCR009-0001 MOE-T1-RS02/19 NTU-SUG © 2022 The Author(s). All rights reserved. This paper was published in Proceedings of The Tenth International Conference on Learning Representations (ICLR 2022) and is made available with permission of The Author(s). application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Automated Machine Learning Deep Neural Networks |
| spellingShingle |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Automated Machine Learning Deep Neural Networks Lou, Xiaoxuan Guo, Shangwei Li, Jiwei Wu, Yaoxin Zhang, Tianwei NASPY: automated extraction of automated machine learning models |
| description |
We present NASPY, an end-to-end adversarial framework to extract the networkarchitecture of deep learning models from Neural Architecture Search (NAS). Existing works about model extraction attacks mainly focus on conventional DNN models with very simple operations, or require heavy manual analysis with lots of domain knowledge. In contrast, NASPY introduces seq2seq models to automatically identify novel and complicated operations (e.g., separable convolution,dilated convolution) from hardware side-channel sequences. We design two models (RNN-CTC and transformer), which can achieve only 3.2% and 11.3% error rates for operation prediction. We further present methods to recover the model hyper-parameters and topology from the operation sequence . With these techniques, NASPY is able to extract the complete NAS model architecture with high fidelity and automation, which are rarely analyzed before. |
| author2 |
School of Computer Science and Engineering |
| author_facet |
School of Computer Science and Engineering Lou, Xiaoxuan Guo, Shangwei Li, Jiwei Wu, Yaoxin Zhang, Tianwei |
| format |
Conference or Workshop Item |
| author |
Lou, Xiaoxuan Guo, Shangwei Li, Jiwei Wu, Yaoxin Zhang, Tianwei |
| author_sort |
Lou, Xiaoxuan |
| title |
NASPY: automated extraction of automated machine learning models |
| title_short |
NASPY: automated extraction of automated machine learning models |
| title_full |
NASPY: automated extraction of automated machine learning models |
| title_fullStr |
NASPY: automated extraction of automated machine learning models |
| title_full_unstemmed |
NASPY: automated extraction of automated machine learning models |
| title_sort |
naspy: automated extraction of automated machine learning models |
| publishDate |
2023 |
| url |
https://hdl.handle.net/10356/165393 https://openreview.net/group?id=ICLR.cc/2022/Conference#spotlight-submissions |
| _version_ |
1764208007365787648 |