Neural Network Model Extraction Based on Adversarial Examples

Abstract

The neural network model has been applied to all walks of life. By detecting the internal information of a black-box model, the attacker can obtain potential commercial value of the model. At the same time, understanding the model structure helps the attacker customize the strategy to attack the model. We have improved a model detection method based on input and output pairs to detect the internal information of the trained neural network black-box model. On the one hand, our work proved that adversarial examples are very likely to carry architecture information of the neural network model. On the other hand, we added adversarial examples to the model pre-detection module, and verified the positive effects of adversarial examples on model detection through experiments, which improved the accuracy of the meta-model and reduced the cost of model detection.