LibSteal: Model Extraction Attack Towards Deep Learning Compilers by Reversing DNN Binary Library

Jinquan Zhang, Pei Wang, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The need for Deep Learning (DL) based services has rapidly increased in the past years. As part of the trend, the privatization of Deep Neural Network (DNN) models has become increasingly popular. The authors give customers or service providers direct access to their created models and let them deploy models on devices or infrastructure out of the control of the authors. Meanwhile, the emergence of DL Compilers makes it possible to compile a DNN model into a lightweight binary for faster inference, which is attractive to many stakeholders. However, distilling the essence of a model into a binary that is free to be examined by untrusted parties creates a chance to leak essential information. With only DNN binary library, it is possible to extract neural network architecture using reverse engineering. In this paper, we present LibSteal. This framework can leak DNN architecture information by reversing the binary library generated from the DL Compiler, which is similar to or even equivalent to the original. The evaluation shows that LibSteal can efficiently steal the architecture information of victim DNN models. After training the extracted models with the same hyper-parameter, we can achieve accuracy comparable to that of the original models.

Original languageEnglish (US)
Title of host publicationProceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2023
EditorsHermann Kaindl, Hermann Kaindl, Hermann Kaindl, Mike Mannion, Leszek Maciaszek, Leszek Maciaszek
PublisherScience and Technology Publications, Lda
Pages283-292
Number of pages10
ISBN (Electronic)9789897586477
DOIs
StatePublished - 2023
Event18th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2023 - Prague, Czech Republic
Duration: Apr 24 2023Apr 25 2023

Publication series

NameInternational Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings
Volume2023-April
ISSN (Electronic)2184-4895

Conference

Conference18th International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE 2023
Country/TerritoryCzech Republic
CityPrague
Period4/24/234/25/23

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Software

Cite this