Automatically Lock Your Neural Networks When You're Away

TL;DR

This paper introduces M-LOCK, an end-to-end neural network system that dynamically restricts access based on user legitimacy, enhancing security by preventing unauthorized use when the owner is away.

Contribution

It proposes a novel local dynamic access control mechanism for neural networks, enabling active user legitimacy verification before prediction.

Findings

Effective in distinguishing between certified and suspect inputs

Significant performance divergence achieved between authorized and unauthorized users

Validated on multiple datasets including MNIST and CIFAR

Abstract

The smartphone and laptop can be unlocked by face or fingerprint recognition, while neural networks which confront numerous requests every day have little capability to distinguish between untrustworthy and credible users. It makes model risky to be traded as a commodity. Existed research either focuses on the intellectual property rights ownership of the commercialized model, or traces the source of the leak after pirated models appear. Nevertheless, active identifying users legitimacy before predicting output has not been considered yet. In this paper, we propose Model-Lock (M-LOCK) to realize an end-to-end neural network with local dynamic access control, which is similar to the automatic locking function of the smartphone to prevent malicious attackers from obtaining available performance actively when you are away. Three kinds of model training strategy are essential to achieve the tremendous performance divergence between certified and suspect input in one neural network. Extensive experiments based on MNIST, FashionMNIST, CIFAR10, CIFAR100, SVHN and GTSRB datasets demonstrated the feasibility and effectiveness of the proposed scheme.