Using model optimization as countermeasure against model recovery attacks

Machine learning (ML) and Deep learning (DL) have been widely studied and adopted for different applications across various fields. There is a growing demand for ML implementations as well as ML accelerators for small devices for Internet-of-Things (IoT) applications. Often, these accelerators allow...

Full description

Saved in:
Bibliographic Details
Main Authors: Jap, Dirmanto, Bhasin, Shivam
Other Authors: Applied Cryptography and Network Security Workshops (ACNS 2023)
Format: Conference or Workshop Item
Language:English
Published: 2024
Subjects:
Online Access:https://hdl.handle.net/10356/173621
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-173621
record_format dspace
spelling sg-ntu-dr.10356-1736212024-02-22T15:31:33Z Using model optimization as countermeasure against model recovery attacks Jap, Dirmanto Bhasin, Shivam Applied Cryptography and Network Security Workshops (ACNS 2023) Temasek Laboratories Computer and Information Science Machine learning Model recovery attack Machine learning (ML) and Deep learning (DL) have been widely studied and adopted for different applications across various fields. There is a growing demand for ML implementations as well as ML accelerators for small devices for Internet-of-Things (IoT) applications. Often, these accelerators allow efficient edge-based inference based on pre-trained deep neural network models for IoT setting. First, the model will be trained separately on a more powerful machine and then deployed on the edge device for inference. However, there are several attacks reported that could recover and steal the pre-trained model. For example, recently an attack was reported on edge-based machine learning accelerator demonstrated recovery of target neural network models (architecture and weights) using cold-boot attack. Using this information, the adversary can reconstruct the model, albeit with certain errors due to the corruption of the data during the recovery process. Hence, this indicate potential vulnerability of implementation of ML/DL model on edge devices for IoT applications. In this work, we investigate generic countermeasures for model recovery attacks, based on neural network (NN) model optimization technique, such as quantization, binarization, pruning, etc. We first study and investigate the performance improvement offered and how these transformations could help in mitigating the model recovery process. Our experimental results show that model optimization methods, in addition to achieving better performance, can result in accuracy degradation which help to mitigate model recovery attacks. National Research Foundation (NRF) Submitted/Accepted version This research is supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme/Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (NRF2018NCR- NCR009-0001). 2024-02-20T01:56:26Z 2024-02-20T01:56:26Z 2023 Conference Paper Jap, D. & Bhasin, S. (2023). Using model optimization as countermeasure against model recovery attacks. Applied Cryptography and Network Security Workshops (ACNS 2023), LNCS 13907, 196-209. https://dx.doi.org/10.1007/978-3-031-41181-6_11 9783031411809 https://hdl.handle.net/10356/173621 10.1007/978-3-031-41181-6_11 2-s2.0-85174443200 LNCS 13907 196 209 en NRF2018NCR- NCR009-0001 © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG. All rights reserved. This article may be downloaded for personal use only. Any other use requires prior permission of the copyright holder. The Version of Record is available online at http://doi.org/10.1007/978-3-031-41181-6_11. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Computer and Information Science
Machine learning
Model recovery attack
spellingShingle Computer and Information Science
Machine learning
Model recovery attack
Jap, Dirmanto
Bhasin, Shivam
Using model optimization as countermeasure against model recovery attacks
description Machine learning (ML) and Deep learning (DL) have been widely studied and adopted for different applications across various fields. There is a growing demand for ML implementations as well as ML accelerators for small devices for Internet-of-Things (IoT) applications. Often, these accelerators allow efficient edge-based inference based on pre-trained deep neural network models for IoT setting. First, the model will be trained separately on a more powerful machine and then deployed on the edge device for inference. However, there are several attacks reported that could recover and steal the pre-trained model. For example, recently an attack was reported on edge-based machine learning accelerator demonstrated recovery of target neural network models (architecture and weights) using cold-boot attack. Using this information, the adversary can reconstruct the model, albeit with certain errors due to the corruption of the data during the recovery process. Hence, this indicate potential vulnerability of implementation of ML/DL model on edge devices for IoT applications. In this work, we investigate generic countermeasures for model recovery attacks, based on neural network (NN) model optimization technique, such as quantization, binarization, pruning, etc. We first study and investigate the performance improvement offered and how these transformations could help in mitigating the model recovery process. Our experimental results show that model optimization methods, in addition to achieving better performance, can result in accuracy degradation which help to mitigate model recovery attacks.
author2 Applied Cryptography and Network Security Workshops (ACNS 2023)
author_facet Applied Cryptography and Network Security Workshops (ACNS 2023)
Jap, Dirmanto
Bhasin, Shivam
format Conference or Workshop Item
author Jap, Dirmanto
Bhasin, Shivam
author_sort Jap, Dirmanto
title Using model optimization as countermeasure against model recovery attacks
title_short Using model optimization as countermeasure against model recovery attacks
title_full Using model optimization as countermeasure against model recovery attacks
title_fullStr Using model optimization as countermeasure against model recovery attacks
title_full_unstemmed Using model optimization as countermeasure against model recovery attacks
title_sort using model optimization as countermeasure against model recovery attacks
publishDate 2024
url https://hdl.handle.net/10356/173621
_version_ 1794549420547637248