A Protection against the Extraction of Neural Network Models

Hervé Chabanne; Hervé Chabanne; Vincent Despiegel; Linda Guiga; Linda Guiga

Research.Publish.Connect.

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

A Protection against the Extraction of Neural Network Models

Topics: AI and Machine Learning for Security

In Proceedings of the 7th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 258-269, 2021

Authors: Hervé Chabanne ^{1

;

2} ; Vincent Despiegel ¹ and Linda Guiga ^{1

;

2}

Affiliations: ¹ Idemia, France ; ² Télécom Paris, Institut Polytechnique de Paris, France

Keyword(s): CNN Model Protection, Oracle Query Access, Reverse-engineering, Adversarial Attacks, Layers Injection.

Abstract: Given oracle access to a Neural Network (NN), it is possible to extract its underlying model. We here introduce a protection by adding parasitic layers which keep the underlying NN’s predictions mostly unchanged while complexifying the task of reverse-engineering. Our countermeasure relies on approximating a noisy identity mapping with a Convolutional NN. We explain why the introduction of new parasitic layers complexifies the attacks. We report experiments regarding the performance and the accuracy of the protected NN.

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.16.130.155

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Chabanne, H.; Despiegel, V. and Guiga, L. (2021). A Protection against the Extraction of Neural Network Models. In Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-491-6; ISSN 2184-4356, SciTePress, pages 258-269. DOI: 10.5220/0010373302580269

@conference{icissp21,
author={Hervé Chabanne. and Vincent Despiegel. and Linda Guiga.},
title={A Protection against the Extraction of Neural Network Models},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP},
year={2021},
pages={258-269},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010373302580269},
isbn={978-989-758-491-6},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - ICISSP
TI - A Protection against the Extraction of Neural Network Models
SN - 978-989-758-491-6
IS - 2184-4356
AU - Chabanne, H.
AU - Despiegel, V.
AU - Guiga, L.
PY - 2021
SP - 258
EP - 269
DO - 10.5220/0010373302580269
PB - SciTePress