References & Citations
Computer Science > Cryptography and Security
Title: ObfuNAS: A Neural Architecture Search-based DNN Obfuscation Approach
(Submitted on 17 Aug 2022 (v1), last revised 23 Aug 2022 (this version, v2))
Abstract: Malicious architecture extraction has been emerging as a crucial concern for deep neural network (DNN) security. As a defense, architecture obfuscation is proposed to remap the victim DNN to a different architecture. Nonetheless, we observe that, with only extracting an obfuscated DNN architecture, the adversary can still retrain a substitute model with high performance (e.g., accuracy), rendering the obfuscation techniques ineffective. To mitigate this under-explored vulnerability, we propose ObfuNAS, which converts the DNN architecture obfuscation into a neural architecture search (NAS) problem. Using a combination of function-preserving obfuscation strategies, ObfuNAS ensures that the obfuscated DNN architecture can only achieve lower accuracy than the victim. We validate the performance of ObfuNAS with open-source architecture datasets like NAS-Bench-101 and NAS-Bench-301. The experimental results demonstrate that ObfuNAS can successfully find the optimal mask for a victim model within a given FLOPs constraint, leading up to 2.6% inference accuracy degradation for attackers with only 0.14x FLOPs overhead. The code is available at: this https URL
Submission history
From: Tong Zhou [view email][v1] Wed, 17 Aug 2022 23:25:42 GMT (1051kb,D)
[v2] Tue, 23 Aug 2022 21:53:58 GMT (1053kb,D)
Link back to: arXiv, form interface, contact.