Abstract
Recently, deep neural networks (DNN) are increasingly deployed on mobile computing devices. Compared to the traditional cloud-based DNN services, the on-device DNN provides immediate responses without relying on network availability or bandwidth and can boost security and privacy by preventing users’ data from transferring over the untrusted communication channels or cloud servers. However, deploying DNN models on the mobile devices introduces new attack vectors on the models. Previous studies have shown that the DNN models are prone to model stealing attacks in the cloud setting, by which the attackers can steal the DNN models accurately. In this work, for the first time, we study the model stealing attacks on the deep neural networks running in the mobile devices, by interacting with mobile applications. Our experimental results on various datasets confirm the feasibility of stealing DNN models in mobile devices with high accuracy and small overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Correia-Silva, J.R., Berriel, R.F., Badue, C., de Souza, A.F., Oliveira-Santos, T.: Copycat CNN: model stealing knowledge by persuading confession with random non-labeled data. In: 2018 International Joint Conference on Neural Networks (IJCNN) (2018)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and Harnessing Adversarial Examples (2015). arXiv:1412.6572 [stat.ML]
Guo, S., Zhao, J., Li, X., Duan, J., Mu, D., Xiao, J.: A black-box attack method against machine-learning-based anomaly network flow detection models. Secur. Commun. Netw. 2021 (2021)
Kariyappa, S., Prakash, A., Qureshi, M.: MAZE: data-free model model stealing attack using zeroth-order gradient estimation (2020). arXiv:2005.03161
Kariyappa, S., Qureshi, M.K.: Defending against model stealing attacks with adaptive misinformation (2019). arXiv:1911.07100
Nicolae, M.I., et al.: Adversarial Robustness Toolbox v0.2.2. CoRRabs/1807.01069 (2018)
Shi, Y., Sagduyu, Y., Grushin, A.: How to steal a machine learning classifier with deep learning. In: 2017 IEEE International symposium on technologies for homeland security (HST). IEEE (2017)
Szegedy, C., et al.: Intriguing properties of neural networks (2014). arXiv:1312.6199
Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Model stealing machine learning models via prediction APIs. In: 25th USENIX Security Symposium (USENIX Security), pp. 601–618. USENIX Association, Austin (2016)
Yuan, X., Ding, L., Zhang, L., Li, X., Wu, D.: ESAttack: model stealing against deep neural networks without data hurdles (2020). arXiv:2009.09560
Model Stealing. Accessed 15 May 2021, https://www.mlsecurity.ai/post/what-is-model-modelstealing-and-why-it-matters
Wang, B., Gong, N.Z.: Stealing hyperparameters in machine learning. In: IEEE Symposium on Security and Privacy (SP) (2018)
Orekondy, T., Schiele, B., Fritz, M.: Knockoff nets: stealing functionality of black-box models. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (2019)
Jagielski, M., Carlini, N., Berthelot, D., Kurakin, A., Papernot, N.: High accuracy and high fidelity extraction of neural networks, PP. 1345–1362 (2020)
Yu, H., Yang, K., Zhang, T., Tsai, Y.Y., Ho, T.Y., Jin, Y.: CloudLeak: large-scale deep learning models stealing through adversarial examples. In: Network and Distributed System Security Symposium (2020)
Acknowledgment
Bo Chen was supported by US National Science Foundation under grant number 1938130-CNS, 1928349-CNS, and 2043022-DGE. The work of Xiaoyong Yuan was supported in part by US National Science Foundation under SHF-2106754.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Danda, S.R., Yuan, X., Chen, B. (2021). Towards Stealing Deep Neural Networks on Mobile Devices. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 399. Springer, Cham. https://doi.org/10.1007/978-3-030-90022-9_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-90022-9_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90021-2
Online ISBN: 978-3-030-90022-9
eBook Packages: Computer ScienceComputer Science (R0)