基于混合模糊模型的模型窃取防御:尚在研究中

2020 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS) Pub Date : 2020-09-20 DOI:10.1109/CODESISSS51650.2020.9244031

Zicheng Gong, Wei Jiang, Jinyu Zhan, Ziwei Song

{"title":"基于混合模糊模型的模型窃取防御:尚在研究中","authors":"Zicheng Gong, Wei Jiang, Jinyu Zhan, Ziwei Song","doi":"10.1109/CODESISSS51650.2020.9244031","DOIUrl":null,"url":null,"abstract":"With increasing applications of Deep Neural Networks (DNNs) to edge computing systems, security issues have received more attentions. Particularly, model stealing attack is one of the biggest challenge to the privacy of models. To defend against model stealing attack, we propose a novel protection architecture with fuzzy models. Each fuzzy model is designed to generate wrong predictions corresponding to a particular category. In addition’ we design a special voting strategy to eliminate the systemic errors, which can destroy the dark knowledge in predictions at the same time. Preliminary experiments show that our method substantially decreases the clone model's accuracy (up to 20%) without loss of inference accuracy for benign users.","PeriodicalId":437802,"journal":{"name":"2020 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Model Stealing Defense with Hybrid Fuzzy Models: Work-in-Progress\",\"authors\":\"Zicheng Gong, Wei Jiang, Jinyu Zhan, Ziwei Song\",\"doi\":\"10.1109/CODESISSS51650.2020.9244031\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With increasing applications of Deep Neural Networks (DNNs) to edge computing systems, security issues have received more attentions. Particularly, model stealing attack is one of the biggest challenge to the privacy of models. To defend against model stealing attack, we propose a novel protection architecture with fuzzy models. Each fuzzy model is designed to generate wrong predictions corresponding to a particular category. In addition’ we design a special voting strategy to eliminate the systemic errors, which can destroy the dark knowledge in predictions at the same time. Preliminary experiments show that our method substantially decreases the clone model's accuracy (up to 20%) without loss of inference accuracy for benign users.\",\"PeriodicalId\":437802,\"journal\":{\"name\":\"2020 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)\",\"volume\":\"73 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CODESISSS51650.2020.9244031\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CODESISSS51650.2020.9244031","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

随着深度神经网络(dnn)在边缘计算系统中的应用越来越多，安全问题越来越受到人们的关注。其中，模型窃取攻击是对模型隐私的最大挑战之一。为了防御模型窃取攻击，我们提出了一种新的模糊模型保护体系结构。每个模糊模型都被设计成产生与特定类别相对应的错误预测。此外，我们设计了一种特殊的投票策略，以消除系统误差，同时破坏预测中的黑暗知识。初步实验表明，我们的方法大大降低了克隆模型的精度(高达20%)，而不会损失良性用户的推理精度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Model Stealing Defense with Hybrid Fuzzy Models: Work-in-Progress

With increasing applications of Deep Neural Networks (DNNs) to edge computing systems, security issues have received more attentions. Particularly, model stealing attack is one of the biggest challenge to the privacy of models. To defend against model stealing attack, we propose a novel protection architecture with fuzzy models. Each fuzzy model is designed to generate wrong predictions corresponding to a particular category. In addition’ we design a special voting strategy to eliminate the systemic errors, which can destroy the dark knowledge in predictions at the same time. Preliminary experiments show that our method substantially decreases the clone model's accuracy (up to 20%) without loss of inference accuracy for benign users.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)

自引率

0.00%

发文量