Bident Structure for Neural Network Model Protection

Hsiao-Ying Lin; Chengfang Fang; Jie Shi

doi:10.5220/0008923403770384

Bident Structure for Neural Network Model Protection

Hsiao-Ying Lin, Chengfang Fang, Jie Shi

2020

Abstract

Deep neural networks are widely deployed in a variety of application areas to provide real-time inference services, such as mobile phones, autonomous vehicles and industrial automation. Deploying trained models in end-user devices rises high demands on protecting models against model stealing attacks. To tackle this concern, applying cryptography algorithms and using trusted execution environments have been proposed. However, both approaches cause significant overhead on inference time. With the support of trusted execution environment, we propose bident-structure networks to protect the neural networks while maintaining inference efficiency. Our main idea is inspired by the secret-sharing concept from cryptography community, where we treat the neural network as the secret to be protected. We prove the feasibility of bident-structure methods by empirical experiments on MNIST. Experimental results also demonstrate that efficiency overhead can be reduced by compressing sub-networks running in trusted execution environments.

Download

Paper Citation

in Harvard Style

Lin H., Fang C. and Shi J. (2020). Bident Structure for Neural Network Model Protection. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 377-384. DOI: 10.5220/0008923403770384

in Bibtex Style

@conference{icissp20,
author={Hsiao-Ying Lin and Chengfang Fang and Jie Shi},
title={Bident Structure for Neural Network Model Protection},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={377-384},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008923403770384},
isbn={978-989-758-399-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Bident Structure for Neural Network Model Protection
SN - 978-989-758-399-5
AU - Lin H.
AU - Fang C.
AU - Shi J.
PY - 2020
SP - 377
EP - 384
DO - 10.5220/0008923403770384