loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Jinquan Zhang 1 ; 2 and Dinghao Wu 1

Affiliations: 1 College of Information Science and Technology, The Pennsylvania State University, University Park, U.S.A. ; 2 Individual Researcher, U.S.A.

Keyword(s): Model Extraction Attack, Neural Network Architecture, Deep Learning Compiler, Reverse Engineering.

Abstract: The need for Deep Learning (DL) based services has rapidly increased in the past years. As part of the trend, the privatization of Deep Neural Network (DNN) models has become increasingly popular. The authors give customers or service providers direct access to their created models and let them deploy models on devices or infrastructure out of the control of the authors. Meanwhile, the emergence of DL Compilers makes it possible to compile a DNN model into a lightweight binary for faster inference, which is attractive to many stakeholders. However, distilling the essence of a model into a binary that is free to be examined by untrusted parties creates a chance to leak essential information. With only DNN binary library, it is possible to extract neural network architecture using reverse engineering. In this paper, we present LibSteal. This framework can leak DNN architecture information by reversing the binary library generated from the DL Compiler, which is similar to or even equiva lent to the original. The evaluation shows that LibSteal can efficiently steal the architecture information of victim DNN models. After training the extracted models with the same hyper-parameter, we can achieve accuracy comparable to that of the original models. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.141.0.148

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Zhang, J.; Wang, P. and Wu, D. (2023). LibSteal: Model Extraction Attack Towards Deep Learning Compilers by Reversing DNN Binary Library. In Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE; ISBN 978-989-758-647-7; ISSN 2184-4895, SciTePress, pages 283-292. DOI: 10.5220/0011754900003464

@conference{enase23,
author={Jinquan Zhang. and Pei Wang. and Dinghao Wu.},
title={LibSteal: Model Extraction Attack Towards Deep Learning Compilers by Reversing DNN Binary Library},
booktitle={Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE},
year={2023},
pages={283-292},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011754900003464},
isbn={978-989-758-647-7},
issn={2184-4895},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE
TI - LibSteal: Model Extraction Attack Towards Deep Learning Compilers by Reversing DNN Binary Library
SN - 978-989-758-647-7
IS - 2184-4895
AU - Zhang, J.
AU - Wang, P.
AU - Wu, D.
PY - 2023
SP - 283
EP - 292
DO - 10.5220/0011754900003464
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic