Back to Search
Start Over
TamperNN: Efficient Tampering Detection of Deployed Neural Nets
- Source :
- ISSRE 2019-IEEE 30th International Symposium on Software Reliability Engineering, ISSRE 2019-IEEE 30th International Symposium on Software Reliability Engineering, Oct 2019, Berlin, Germany. pp.1-11, ⟨10.1109/ISSRE.2019.00049⟩, ISSRE
- Publication Year :
- 2019
- Publisher :
- HAL CCSD, 2019.
-
Abstract
- Neural networks are powering the deployment of embedded devices and Internet of Things. Applications range from personal assistants to critical ones such as self-driving cars. It has been shown recently that models obtained from neural nets can be trojaned ; an attacker can then trigger an arbitrary model behavior facing crafted inputs. This has a critical impact on the security and reliability of those deployed devices. We introduce novel algorithms to detect the tampering with deployed models, classifiers in particular. In the remote interaction setup we consider, the proposed strategy is to identify markers of the model input space that are likely to change class if the model is attacked, allowing a user to detect a possible tampering. This setup makes our proposal compatible with a wide range of scenarios, such as embedded models, or models exposed through prediction APIs. We experiment those tampering detection algorithms on the canonical MNIST dataset, over three different types of neural nets, and facing five different attacks (trojaning, quantization, fine-tuning, compression and watermarking). We then validate over five large models (VGG16, VGG19, ResNet, MobileNet, DenseNet) with a state of the art dataset (VGGFace2), and report results demonstrating the possibility of an efficient detection of model tampering.<br />Comment: In the 30th International Symposium on Software Reliability Engineering (ISSRE 2019)
- Subjects :
- FOS: Computer and information sciences
021110 strategic, defence & security studies
Class (computer programming)
Computer Science - Machine Learning
Computer Science - Cryptography and Security
Artificial neural network
Computer science
Reliability (computer networking)
Computer Vision and Pattern Recognition (cs.CV)
Real-time computing
0211 other engineering and technologies
Computer Science - Computer Vision and Pattern Recognition
02 engineering and technology
[INFO.INFO-NE]Computer Science [cs]/Neural and Evolutionary Computing [cs.NE]
Machine Learning (cs.LG)
Range (mathematics)
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
0202 electrical engineering, electronic engineering, information engineering
020201 artificial intelligence & image processing
State (computer science)
Quantization (image processing)
Digital watermarking
Cryptography and Security (cs.CR)
MNIST database
ComputingMilieux_MISCELLANEOUS
Subjects
Details
- Language :
- English
- Database :
- OpenAIRE
- Journal :
- ISSRE 2019-IEEE 30th International Symposium on Software Reliability Engineering, ISSRE 2019-IEEE 30th International Symposium on Software Reliability Engineering, Oct 2019, Berlin, Germany. pp.1-11, ⟨10.1109/ISSRE.2019.00049⟩, ISSRE
- Accession number :
- edsair.doi.dedup.....588b2bfcd4c920ff8946d5992b53c39e