TL;DR
NeurObfuscator is a comprehensive tool that obfuscates neural network architectures to prevent theft, significantly altering architecture details with minimal performance impact using genetic algorithms and multiple obfuscation techniques.
Contribution
The paper introduces NeurObfuscator, a novel full-stack obfuscation framework that effectively conceals neural architecture details with limited latency overhead, employing a set of obfuscating techniques and optimization algorithms.
Findings
Successfully obfuscated ResNet-18 architecture with 44 layer difference.
Achieved only 2% latency overhead in obfuscating layer dimensions.
Effectively prevents architecture extraction through obfuscation techniques.
Abstract
Neural network stealing attacks have posed grave threats to neural network model deployment. Such attacks can be launched by extracting neural architecture information, such as layer sequence and dimension parameters, through leaky side-channels. To mitigate such attacks, we propose NeurObfuscator, a full-stack obfuscation tool to obfuscate the neural network architecture while preserving its functionality with very limited performance overhead. At the heart of this tool is a set of obfuscating knobs, including layer branching, layer widening, selective fusion and schedule pruning, that increase the number of operators, reduce/increase the latency, and number of cache and DRAM accesses. A genetic algorithm-based approach is adopted to orchestrate the combination of obfuscating knobs to achieve the best obfuscating effect on the layer sequence and dimension parameters so that the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
