MimosaNet: An Unrobust Neural Network Preventing Model Stealing
K\'alm\'an Szentannai, Jalal Al-Afandi, Andr\'as Horv\'ath
TL;DR
MimosaNet is a neural network designed to produce identical outputs to a trained model but is highly sensitive to weight modifications, thereby preventing model stealing and protecting intellectual property.
Contribution
The paper introduces MimosaNet, a novel neural network architecture that maintains performance while being extremely sensitive to weight changes, thwarting model theft.
Findings
MimosaNet produces identical responses to trained models.
It is highly sensitive to weight modifications.
It effectively prevents model stealing.
Abstract
Deep Neural Networks are robust to minor perturbations of the learned network parameters and their minor modifications do not change the overall network response significantly. This allows space for model stealing, where a malevolent attacker can steal an already trained network, modify the weights and claim the new network his own intellectual property. In certain cases this can prevent the free distribution and application of networks in the embedded domain. In this paper, we propose a method for creating an equivalent version of an already trained fully connected deep neural network that can prevent network stealing: namely, it produces the same responses and classification accuracy, but it is extremely sensitive to weight changes.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Domain Adaptation and Few-Shot Learning