网络与信息安全学报2024,Vol.10Issue(2):143-153,11.DOI:10.11959/j.issn.2096-109x.2024019
DNNobfus:一种基于混淆的端侧模型保护框架技术研究
DNNobfus:a study on obfuscation-based edge-side model protection framework
摘要
Abstract
The proliferation of artificial intelligence models has rendered them vulnerable to a myriad of security threats.The extensive integration of deep learning models into edge devices has introduced novel security challenges.Given the analogous structural characteristics of deep neural networks,adversaries can employ decompilation tactics to extract model structural details and parameters,facilitating the reconstruction of these models.Such actions can compromise the intellectual property rights of the model and increase the risk of white-box attacks.To mitigate the capability of model decompilers to locate and identify model operators,acquire parameters,and parse network topologies,an obfuscation framework was proposed.This framework was embedded within the model compilation process to safeguard against model extraction attacks.During the frontend optimization phase of deep learning compilers,three obfuscation techniques were developed and integrated:operator obfuscation,parameter obfuscation,and network topology obfuscation.The framework introduced opaque predicates,incorporated fake control flows,and embedded redundant memory access to thwart the reverse engineering efforts of model decompilers.The experimental findings demonstrate that the obfuscation framework,named DNNobfus,significantly diminishes the accuracy of state-of-the-art model decompilation tools in identifying model operator types and network connections to 21.63%and 48.24%,respectively.Additionally,DNNobfus achieves an average time efficiency of 67.93%and an average space efficiency of 88.37%,surpassing the performance of the obfuscation tool Obfuscator-LLVM in both respects.关键词
人工智能安全/代码混淆/逆向工程/模型保护Key words
artificial intelligence safety/code obfuscation/reverse engineering/model protection分类
信息技术与安全科学引用本文复制引用
宋飞扬,赵鑫淼,严飞,程斌林,张立强,杨小林,王洋..DNNobfus:一种基于混淆的端侧模型保护框架技术研究[J].网络与信息安全学报,2024,10(2):143-153,11.基金项目
湖北省重大研究计划项目(No.2023BAA027) (No.2023BAA027)
国家自然科学基金(No.62172144) (No.62172144)
国家重点研发计划项目(No.2022YFB3103804)The Major Research Plan of Hubei Province(No.2023BAA027),The National Natural Science Foundation of China(No.62172144),The National Key Research and Development Program of China(No.2022YFB3103804) (No.2022YFB3103804)
