Using model optimization as countermeasure against model recovery attacks
Machine learning (ML) and Deep learning (DL) have been widely studied and adopted for different applications across various fields. There is a growing demand for ML implementations as well as ML accelerators for small devices for Internet-of-Things (IoT) applications. Often, these accelerators allow...
Saved in:
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2024
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/173621 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-173621 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1736212024-02-22T15:31:33Z Using model optimization as countermeasure against model recovery attacks Jap, Dirmanto Bhasin, Shivam Applied Cryptography and Network Security Workshops (ACNS 2023) Temasek Laboratories Computer and Information Science Machine learning Model recovery attack Machine learning (ML) and Deep learning (DL) have been widely studied and adopted for different applications across various fields. There is a growing demand for ML implementations as well as ML accelerators for small devices for Internet-of-Things (IoT) applications. Often, these accelerators allow efficient edge-based inference based on pre-trained deep neural network models for IoT setting. First, the model will be trained separately on a more powerful machine and then deployed on the edge device for inference. However, there are several attacks reported that could recover and steal the pre-trained model. For example, recently an attack was reported on edge-based machine learning accelerator demonstrated recovery of target neural network models (architecture and weights) using cold-boot attack. Using this information, the adversary can reconstruct the model, albeit with certain errors due to the corruption of the data during the recovery process. Hence, this indicate potential vulnerability of implementation of ML/DL model on edge devices for IoT applications. In this work, we investigate generic countermeasures for model recovery attacks, based on neural network (NN) model optimization technique, such as quantization, binarization, pruning, etc. We first study and investigate the performance improvement offered and how these transformations could help in mitigating the model recovery process. Our experimental results show that model optimization methods, in addition to achieving better performance, can result in accuracy degradation which help to mitigate model recovery attacks. National Research Foundation (NRF) Submitted/Accepted version This research is supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme/Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (NRF2018NCR- NCR009-0001). 2024-02-20T01:56:26Z 2024-02-20T01:56:26Z 2023 Conference Paper Jap, D. & Bhasin, S. (2023). Using model optimization as countermeasure against model recovery attacks. Applied Cryptography and Network Security Workshops (ACNS 2023), LNCS 13907, 196-209. https://dx.doi.org/10.1007/978-3-031-41181-6_11 9783031411809 https://hdl.handle.net/10356/173621 10.1007/978-3-031-41181-6_11 2-s2.0-85174443200 LNCS 13907 196 209 en NRF2018NCR- NCR009-0001 © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG. All rights reserved. This article may be downloaded for personal use only. Any other use requires prior permission of the copyright holder. The Version of Record is available online at http://doi.org/10.1007/978-3-031-41181-6_11. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Computer and Information Science Machine learning Model recovery attack |
spellingShingle |
Computer and Information Science Machine learning Model recovery attack Jap, Dirmanto Bhasin, Shivam Using model optimization as countermeasure against model recovery attacks |
description |
Machine learning (ML) and Deep learning (DL) have been widely studied and adopted for different applications across various fields. There is a growing demand for ML implementations as well as ML accelerators for small devices for Internet-of-Things (IoT) applications. Often, these accelerators allow efficient edge-based inference based on pre-trained deep neural network models for IoT setting. First, the model will be trained separately on a more powerful machine and then deployed on the edge device for inference. However, there are several attacks reported that could recover and steal the pre-trained model. For example, recently an attack was reported on edge-based machine learning accelerator demonstrated recovery of target neural network models (architecture and weights) using cold-boot attack. Using this information, the adversary can reconstruct the model, albeit with certain errors due to the corruption of the data during the recovery process. Hence, this indicate potential vulnerability of implementation of ML/DL model on edge devices for IoT applications. In this work, we investigate generic countermeasures for model recovery attacks, based on neural network (NN) model optimization technique, such as quantization, binarization, pruning, etc. We first study and investigate the performance improvement offered and how these transformations could help in mitigating the model recovery process. Our experimental results show that model optimization methods, in addition to achieving better performance, can result in accuracy degradation which help to mitigate model recovery attacks. |
author2 |
Applied Cryptography and Network Security Workshops (ACNS 2023) |
author_facet |
Applied Cryptography and Network Security Workshops (ACNS 2023) Jap, Dirmanto Bhasin, Shivam |
format |
Conference or Workshop Item |
author |
Jap, Dirmanto Bhasin, Shivam |
author_sort |
Jap, Dirmanto |
title |
Using model optimization as countermeasure against model recovery attacks |
title_short |
Using model optimization as countermeasure against model recovery attacks |
title_full |
Using model optimization as countermeasure against model recovery attacks |
title_fullStr |
Using model optimization as countermeasure against model recovery attacks |
title_full_unstemmed |
Using model optimization as countermeasure against model recovery attacks |
title_sort |
using model optimization as countermeasure against model recovery attacks |
publishDate |
2024 |
url |
https://hdl.handle.net/10356/173621 |
_version_ |
1794549420547637248 |